Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the bundler group across 16 directories with 2 updates #159

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 18, 2024

Bumps the bundler group with 2 updates in the /0.89 directory: activesupport and nokogiri.
Bumps the bundler group with 2 updates in the /v0.1 directory: activesupport and nokogiri.
Bumps the bundler group with 2 updates in the /v0.100 directory: activesupport and nokogiri.
Bumps the bundler group with 2 updates in the /v0.87 directory: activesupport and nokogiri.
Bumps the bundler group with 2 updates in the /v0.88 directory: activesupport and nokogiri.
Bumps the bundler group with 2 updates in the /v0.89 directory: activesupport and nokogiri.
Bumps the bundler group with 2 updates in the /v0.90 directory: activesupport and nokogiri.
Bumps the bundler group with 2 updates in the /v0.91 directory: activesupport and nokogiri.
Bumps the bundler group with 2 updates in the /v0.92 directory: activesupport and nokogiri.
Bumps the bundler group with 2 updates in the /v0.93 directory: activesupport and nokogiri.
Bumps the bundler group with 2 updates in the /v0.94 directory: activesupport and nokogiri.
Bumps the bundler group with 2 updates in the /v0.95 directory: activesupport and nokogiri.
Bumps the bundler group with 2 updates in the /v0.96 directory: activesupport and nokogiri.
Bumps the bundler group with 2 updates in the /v0.97 directory: activesupport and nokogiri.
Bumps the bundler group with 2 updates in the /v0.98 directory: activesupport and nokogiri.
Bumps the bundler group with 2 updates in the /v0.99 directory: activesupport and nokogiri.

Updates activesupport from 6.0.3.6 to 6.0.6.1

Release notes

Sourced from activesupport's releases.

v6.0.6.1

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • Make sanitize_as_sql_comment more strict

    Though this method was likely never meant to take user input, it was attempting sanitization. That sanitization could be bypassed with carefully crafted input.

    This commit makes the sanitization more robust by replacing any occurrances of "/" or "/" with "/ " or " /". It also performs a first pass to remove one surrounding comment to avoid compatibility issues for users relying on the existing removal.

    This also clarifies in the documentation of annotate that it should not be provided user input.

    [CVE-2023-22794]

Action View

  • No changes.

Action Pack

  • No changes.

Active Job

  • No changes.

... (truncated)

Commits
  • 28bb76d Version 6.0.6.1
  • 91cf62e Version 6.0.6
  • c7d64e9 Preparing for 6.0.5.1 release
  • c177e45 updating version and changelog
  • 4331155 Preparing for 6.0.5 release
  • 1b5df89 Merge pull request #45027 from rails/fix-tag-helper-regression
  • 23f8485 Merge branch '6-0-sec' into 6-0-stable
  • 27a5ec7 Preparing for 6.0.4.8 release
  • 636ee65 updating changelog for release
  • 36a6dad Fix and add protections for XSS in names.
  • Additional commits viewable in compare view

Updates nokogiri from 1.13.10 to 1.16.3

Release notes

Sourced from nokogiri's releases.

v1.16.3 / 2024-03-15

Dependencies

Changed

  • [CRuby] XML::Reader sets the @encoding instance variable during reading if it is not passed into the initializer. Previously, it would remain nil. The behavior of Reader#encoding has not changed. This works around changes to how libxml2 reports the encoding used in v2.12.6.

sha256 checksums:

3d806263a0548e5163ff256655d78a87998fa83a5ae256b83c14a1a97731e824  nokogiri-1.16.3-aarch64-linux.gem
cfb923c02bde065005e2521f0a6883c63cf305cb899a9dd4c74897731bb2af1d  nokogiri-1.16.3-arm-linux.gem
5d3268558c002fa493e33076798cfda1df8effbd5363060dc41595cfebb1cf90  nokogiri-1.16.3-arm64-darwin.gem
6bf0918233959c7d5e703061ada0f436544612397475a866aa314071f02bfabb  nokogiri-1.16.3-java.gem
656f163dd287671c3a28157a2e853ee1a36afeb3f4185a78af863f3980efc58d  nokogiri-1.16.3-x64-mingw-ucrt.gem
7330f65cf2f8fa442327112b6515b4988f396d23010d33571714fd2ac0648fb9  nokogiri-1.16.3-x64-mingw32.gem
08d8a369940fa2309379cd8af1e7b3cc702b0115d3ddd197cfa7b33daedfd541  nokogiri-1.16.3-x86-linux.gem
cd26e99fa6388cd73c8892bb99ac98af162fe83c8f71c6473dfeba7aac76bcb9  nokogiri-1.16.3-x86-mingw32.gem
bc22786f4db4c32a5587e3b77a106408148d3bb1602dd0b52c0f5c968c42d17d  nokogiri-1.16.3-x86_64-darwin.gem
47a3330e41b49a100225b6fab490b2dc43410931e01e791886e0c2998412e8cb  nokogiri-1.16.3-x86_64-linux.gem
498aa253ccd5b89a0fa5c4c82b346d22176fc865f4a12ef8da642064d1d3e248  nokogiri-1.16.3.gem

v1.16.2 / 2024-02-04

Security

Dependencies


sha256 checksums:

69ba15d2a2498324489ed63850997f0b8f684260114ea81116d3082f16551d2d  nokogiri-1.16.2-aarch64-linux.gem
6a05ce42e3587a40cf8936ece0beaa5d32922254215d2e8cf9ad40588bb42e57  nokogiri-1.16.2-arm-linux.gem
c957226c8e36b31be6a3afb8602e2128282bf8b40ea51016c4cd21aa2608d3f8  nokogiri-1.16.2-arm64-darwin.gem
122652bfc338cd8a54a692ac035e245e41fd3b8283299202ca26e7a7d50db310  nokogiri-1.16.2-java.gem
</tr></table> 

... (truncated)

Changelog

Sourced from nokogiri's changelog.

v1.16.3 / 2024-03-15

Dependencies

Changed

  • [CRuby] XML::Reader sets the @encoding instance variable during reading if it is not passed into the initializer. Previously, it would remain nil. The behavior of Reader#encoding has not changed. This works around changes to how libxml2 reports the encoding used in v2.12.6.

v1.16.2 / 2024-02-04

Security

Dependencies

v1.16.1 / 2024-02-03

Dependencies

Fixed

  • [CRuby] XML::Reader defaults the encoding to UTF-8 if it's not specified in either the document or as a method parameter. Previously non-ASCII characters were serialized as NCRs in this case. #2891 (@​flavorjones)
  • [CRuby] Restored support for compilation by GCC versions earlier than 4.6, which was broken in v1.15.0 (540e9aee). #3090 (@​adfoster-r7)
  • [CRuby] Patched upstream libxml2 to allow parsing HTML5 in the context of a namespaced node (e.g., foreign content like MathML). [#3112, #3116] (@​flavorjones)
  • [CRuby] Fixed a small memory leak in libgumbo (HTML5 parser) when the maximum tree depth limit is hit. [#3098, #3100] (@​stevecheckoway)

v1.16.0 / 2023-12-27

Notable Changes

Ruby

This release introduces native gem support for Ruby 3.3.

This release ends support for Ruby 2.7, for which upstream support ended 2023-03-31.

... (truncated)

Commits

Updates activesupport from 6.0.3.6 to 6.0.6.1

Release notes

Sourced from activesupport's releases.

v6.0.6.1

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • Make sanitize_as_sql_comment more strict

    Though this method was likely never meant to take user input, it was attempting sanitization. That sanitization could be bypassed with carefully crafted input.

    This commit makes the sanitization more robust by replacing any occurrances of "/" or "/" with "/ " or " /". It also performs a first pass to remove one surrounding comment to avoid compatibility issues for users relying on the existing removal.

    This also clarifies in the documentation of annotate that it should not be provided user input.

    [CVE-2023-22794]

Action View

  • No changes.

Action Pack

  • No changes.

Active Job

  • No changes.

... (truncated)

Commits
  • 28bb76d Version 6.0.6.1
  • 91cf62e Version 6.0.6
  • c7d64e9 Preparing for 6.0.5.1 release
  • c177e45 updating version and changelog
  • 4331155 Preparing for 6.0.5 release
  • 1b5df89 Merge pull request #45027 from rails/fix-tag-helper-regression
  • 23f8485 Merge branch '6-0-sec' into 6-0-stable
  • 27a5ec7 Preparing for 6.0.4.8 release
  • 636ee65 updating changelog for release
  • 36a6dad Fix and add protections for XSS in names.
  • Additional commits viewable in compare view

Updates nokogiri from 1.13.10 to 1.16.3

Release notes

Sourced from nokogiri's releases.

v1.16.3 / 2024-03-15

Dependencies

Changed

  • [CRuby] XML::Reader sets the @encoding instance variable during reading if it is not passed into the initializer. Previously, it would remain nil. The behavior of Reader#encoding has not changed. This works around changes to how libxml2 reports the encoding used in v2.12.6.

sha256 checksums:

3d806263a0548e5163ff256655d78a87998fa83a5ae256b83c14a1a97731e824  nokogiri-1.16.3-aarch64-linux.gem
cfb923c02bde065005e2521f0a6883c63cf305cb899a9dd4c74897731bb2af1d  nokogiri-1.16.3-arm-linux.gem
5d3268558c002fa493e33076798cfda1df8effbd5363060dc41595cfebb1cf90  nokogiri-1.16.3-arm64-darwin.gem
6bf0918233959c7d5e703061ada0f436544612397475a866aa314071f02bfabb  nokogiri-1.16.3-java.gem
656f163dd287671c3a28157a2e853ee1a36afeb3f4185a78af863f3980efc58d  nokogiri-1.16.3-x64-mingw-ucrt.gem
7330f65cf2f8fa442327112b6515b4988f396d23010d33571714fd2ac0648fb9  nokogiri-1.16.3-x64-mingw32.gem
08d8a369940fa2309379cd8af1e7b3cc702b0115d3ddd197cfa7b33daedfd541  nokogiri-1.16.3-x86-linux.gem
cd26e99fa6388cd73c8892bb99ac98af162fe83c8f71c6473dfeba7aac76bcb9  nokogiri-1.16.3-x86-mingw32.gem
bc22786f4db4c32a5587e3b77a106408148d3bb1602dd0b52c0f5c968c42d17d  nokogiri-1.16.3-x86_64-darwin.gem
47a3330e41b49a100225b6fab490b2dc43410931e01e791886e0c2998412e8cb  nokogiri-1.16.3-x86_64-linux.gem
498aa253ccd5b89a0fa5c4c82b346d22176fc865f4a12ef8da642064d1d3e248  nokogiri-1.16.3.gem

v1.16.2 / 2024-02-04

Security

Dependencies


sha256 checksums:

69ba15d2a2498324489ed63850997f0b8f684260114ea81116d3082f16551d2d  nokogiri-1.16.2-aarch64-linux.gem
6a05ce42e3587a40cf8936ece0beaa5d32922254215d2e8cf9ad40588bb42e57  nokogiri-1.16.2-arm-linux.gem
c957226c8e36b31be6a3afb8602e2128282bf8b40ea51016c4cd21aa2608d3f8  nokogiri-1.16.2-arm64-darwin.gem
122652bfc338cd8a54a692ac035e245e41fd3b8283299202ca26e7a7d50db310  nokogiri-1.16.2-java.gem
</tr></table> 

... (truncated)

Changelog

Sourced from nokogiri's changelog.

v1.16.3 / 2024-03-15

Dependencies

Changed

  • [CRuby] XML::Reader sets the @encoding instance variable during reading if it is not passed into the initializer. Previously, it would remain nil. The behavior of Reader#encoding has not changed. This works around changes to how libxml2 reports the encoding used in v2.12.6.

v1.16.2 / 2024-02-04

Security

Dependencies

v1.16.1 / 2024-02-03

Dependencies

Fixed

  • [CRuby] XML::Reader defaults the encoding to UTF-8 if it's not specified in either the document or as a method parameter. Previously non-ASCII characters were serialized as NCRs in this case. #2891 (@​flavorjones)
  • [CRuby] Restored support for compilation by GCC versions earlier than 4.6, which was broken in v1.15.0 (540e9aee). #3090 (@​adfoster-r7)
  • [CRuby] Patched upstream libxml2 to allow parsing HTML5 in the context of a namespaced node (e.g., foreign content like MathML). [#3112, #3116] (@​flavorjones)
  • [CRuby] Fixed a small memory leak in libgumbo (HTML5 parser) when the maximum tree depth limit is hit. [#3098, #3100] (@​stevecheckoway)

v1.16.0 / 2023-12-27

Notable Changes

Ruby

This release introduces native gem support for Ruby 3.3.

This release ends support for Ruby 2.7, for which upstream support ended 2023-03-31.

... (truncated)

Commits

Updates activesupport from 6.0.3.6 to 6.0.6.1

Release notes

Sourced from activesupport's releases.

v6.0.6.1

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • Make sanitize_as_sql_comment more strict

    Though this method was likely never meant to take user input, it was attempting sanitization. That sanitization could be bypassed with carefully crafted input.

    This commit makes the sanitization more robust by replacing any occurrances of "/" or "/" with "/ " or " /". It also performs a first pass to remove one surrounding comment to avoid compatibility issues for users relying on the existing removal.

    This also clarifies in the documentation of annotate that it should not be provided user input.

    [CVE-2023-22794]

Action View

  • No changes.

Action Pack

  • No changes.

Active Job

  • No changes.

... (truncated)

Commits
  • 28bb76d Version 6.0.6.1
  • 91cf62e Version 6.0.6
  • c7d64e9 Preparing for 6.0.5.1 release
  • c177e45 updating version and changelog
  • 4331155 Preparing for 6.0.5 release
  • 1b5df89 Merge pull request #45027 from rails/fix-tag-helper-regression
  • 23f8485 Merge branch '6-0-sec' into 6-0-stable
  • 27a5ec7 Preparing for 6.0.4.8 release
  • 636ee65 updating changelog for release
  • 36a6dad Fix and add protections for XSS in names.
  • Additional commits viewable in compare view

Updates nokogiri from 1.13.10 to 1.16.3

Release notes

Sourced from nokogiri's releases.

v1.16.3 / 2024-03-15

Dependencies

Changed

  • [CRuby] XML::Reader sets the @encoding instance variable during reading if it is not passed into the initializer. Previously, it would remain nil. The behavior of Reader#encoding has not changed. This works around changes to how libxml2 reports the encoding used in v2.12.6.

sha256 checksums:

3d806263a0548e5163ff256655d78a87998fa83a5ae256b83c14a1a97731e824  nokogiri-1.16.3-aarch64-linux.gem
cfb923c02bde065005e2521f0a6883c63cf305cb899a9dd4c74897731bb2af1d  nokogiri-1.16.3-arm-linux.gem
5d3268558c002fa493e33076798cfda1df8effbd5363060dc41595cfebb1cf90  nokogiri-1.16.3-arm64-darwin.gem
6bf0918233959c7d5e703061ada0f436544612397475a866aa314071f02bfabb  nokogiri-1.16.3-java.gem
656f163dd287671c3a28157a2e853ee1a36afeb3f4185a78af863f3980efc58d  nokogiri-1.16.3-x64-mingw-ucrt.gem
7330f65cf2f8fa442327112b6515b4988f396d23010d33571714fd2ac0648fb9  nokogiri-1.16.3-x64-mingw32.gem
08d8a369940fa2309379cd8af1e7b3cc702b0115d3ddd197cfa7b33daedfd541  nokogiri-1.16.3-x86-linux.gem
cd26e99fa6388cd73c8892bb99ac98af162fe83c8f71c6473dfeba7aac76bcb9  nokogiri-1.16.3-x86-mingw32.gem
bc22786f4db4c32a5587e3b77a106408148d3bb1602dd0b52c0f5c968c42d17d  nokogiri-1.16.3-x86_64-darwin.gem
47a3330e41b49a100225b6fab490b2dc43410931e01e791886e0c2998412e8cb  nokogiri-1.16.3-x86_64-linux.gem
498aa253ccd5b89a0fa5c4c82b346d22176fc865f4a12ef8da642064d1d3e248  nokogiri-1.16.3.gem

v1.16.2 / 2024-02-04

Security

Dependencies


sha256 checksums:

69ba15d2a2498324489ed63850997f0b8f684260114ea81116d3082f16551d2d  nokogiri-1.16.2-aarch64-linux.gem
6a05ce42e3587a40cf8936ece0beaa5d32922254215d2e8cf9ad40588bb42e57  nokogiri-1.16.2-arm-linux.gem
c957226c8e36b31be6a3afb8602e2128282bf8b40ea51016c4cd21aa2608d3f8  nokogiri-1.16.2-arm64-darwin.gem
122652bfc338cd8a54a692ac035e245e41fd3b8283299202ca26e7a7d50db310  nokogiri-1.16.2-java.gem
</tr></table> 

... (truncated)

Changelog

Sourced from nokogiri's changelog.

v1.16.3 / 2024-03-15

Dependencies

Changed

  • [CRuby] XML::Reader sets the @encoding instance variable during reading if it is not passed into the initializer. Previously, it would remain nil. The behavior of Reader#encoding has not changed. This works around changes to how libxml2 reports the encoding used in v2.12.6.

v1.16.2 / 2024-02-04

Security

Dependencies

v1.16.1 / 2024-02-03

Dependencies

Fixed

  • [CRuby] XML::Reader defaults the encoding to UTF-8 if it's not specified in either the document or as a method parameter. Previously non-ASCII characters were serialized as NCRs in this case. #2891 (@​flavorjones)
  • [CRuby] Restored support for compilation by GCC versions earlier than 4.6, which was broken in v1.15.0 (540e9aee). #3090 (@​adfoster-r7)
  • [CRuby] Patched upstream libxml2 to allow parsing HTML5 in the context of a namespaced node (e.g., foreign content like MathML). [#3112, #3116] (@​flavorjones)
  • [CRuby] Fixed a small memory leak in libgumbo (HTML5 parser) when the maximum tree depth limit is hit. [#3098, #3100] (@​stevecheckoway)

v1.16.0 / 2023-12-27

Notable Changes

Ruby

This release introduces native gem support for Ruby 3.3.

This release ends support for Ruby 2.7, for which upstream support ended 2023-03-31.

... (truncated)

Commits

Updates activesupport from 6.0.3.6 to 6.0.6.1

Release notes

Sourced from activesupport's releases.

v6.0.6.1

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • Make sanitize_as_sql_comment more strict

    Though this method was likely never meant to take user input, it was attempting sanitization. That sanitization could be bypassed with carefully crafted input.

    This commit makes the sanitization more robust by replacing any occurrances of "/" or "/" with "/ " or " /". It also performs a first pass to remove one surrounding comment to avoid compatibility issues for users relying on the existing removal.

    This also clarifies in the documentation of annotate that it should not be provided user input.

    [CVE-2023-22794]

Action View

  • No changes.

Action Pack

  • No changes.

Active Job

  • No changes.

... (truncated)

Commits
  • 28bb76d Version 6.0.6.1
  • 91cf62e Version 6.0.6
  • c7d64e9 Preparing for 6.0.5.1 release
  • c177e45 updating version and changelog
  • 4331155 Preparing for 6.0.5 release
  • 1b5df89 Merge pull request #45027 from rails/fix-tag-helper-regression
  • 23f8485 Merge branch '6-0-sec' into 6-0-stable
  • 27a5ec7 Preparing for 6.0.4.8 release
  • 636ee65 updating changelog for release
  • 36a6dad Fix and add protections for XSS in names.
  • Additional commits viewable in compare view

Updates nokogiri from 1.13.10 to 1.16.3

Release notes

Sourced from nokogiri's releases.

v1.16.3 / 2024-03-15

Dependencies

Changed

  • [CRuby] XML::Reader sets the @encoding instance variable during reading if it is not passed into the initializer. Previously, it would remain nil. The behavior of Reader#encoding has not changed. This works around changes to how libxml2 reports the encoding used in v2.12.6.

sha256 checksums:

3d806263a0548e5163ff256655d78a87998fa83a5ae256b83c14a1a97731e824  nokogiri-1.16.3-aarch64-linux.gem
cfb923c02bde065005e2521f0a6883c63cf305cb899a9dd4c74897731bb2af1d  nokogiri-1.16.3-arm-linux.gem
5d3268558c002fa493e33076798cfda1df8effbd5363060dc41595cfebb1cf90  nokogiri-1.16.3-arm64-darwin.gem
6bf0918233959c7d5e703061ada0f436544612397475a866aa314071f02bfabb  nokogiri-1.16.3-java.gem
656f163dd287671c3a28157a2e853ee1a36afeb3f4185a78af863f3980efc58d  nokogiri-1.16.3-x64-mingw-ucrt.gem
7330f65cf2f8fa442327112b6515b4988f396d23010d33571714fd2ac0648fb9  nokogiri-1.16.3-x64-mingw32.gem
08d8a369940fa2309379cd8af1e7b3cc702b0115d3ddd197cfa7b33daedfd541  nokogiri-1.16.3-x86-linux.gem
cd26e99fa6388cd73c8892bb99ac98af162fe83c8f71c6473dfeba7aac76bcb9  nokogiri-1.16.3-x86-mingw32.gem
bc22786f4db4c32a5587e3b77a106408148d3bb1602dd0b52c0f5c968c42d17d  nokogiri-1.16.3-x86_64-darwin.gem
47a3330e41b49a100225b6fab490b2dc43410931e01e791886e0c2998412e8cb  nokogiri-1.16.3-x86_64-linux.gem
498aa253ccd5b89a0fa5c4c82b346d22176fc865f4a12ef8da642064d1d3e248  nokogiri-1.16.3.gem

v1.16.2 / 2024-02-04

Security

Dependencies


sha256 checksums:

69ba15d2a2498324489ed63850997f0b8f684260114ea81116d3082f16551d2d  nokogiri-1.16.2-aarch64-linux.gem
6a05ce42e3587a40cf8936ece0beaa5d32922254215d2e8cf9ad40588bb42e57  nokogiri-1.16.2-arm-linux.gem
c957226c8e36b31be6a3afb8602e2128282bf8b40ea51016c4cd21aa2608d3f8  nokogiri-1.16.2-arm64-darwin.gem
122652bfc338cd8a54a692ac035e245e41fd3b8283299202ca26e7a7d50db310  nokogiri-1.16.2-java.gem
</tr></table> 

... (truncated)

Changelog

Sourced from nokogiri's changelog.

v1.16.3 / 2024-03-15

Dependencies

Changed

  • [CRuby] XML::Reader sets the @encoding instance variable during reading if it is not passed into the initializer. Previously, it would remain nil. The behavior of Reader#encoding has not changed. This works around changes to how libxml2 reports the encoding used in v2.12.6.

v1.16.2 / 2024-02-04

Security

Dependencies

v1.16.1 / 2024-02-03

Dependencies

Fixed

  • [CRuby] XML::Reader defaults the encoding to UTF-8 if it's not specified in either the document or as a method parameter. Previously non-ASCII characters were serialized as NCRs in this case. #2891 (@​flavorjones)
  • [CRuby] Restored support for compilation by GCC versions earlier than 4.6, which was broken in v1.15.0 (540e9aee). #3090 (@​adfoster-r7)
  • [CRuby] Patched upstream libxml2 to allow parsing HTML5 in the context of a namespaced node (e.g., foreign content like MathML). [#3112, #3116] (@​flavorjones)
  • [CRuby] Fixed a small memory leak in libgumbo (HTML5 parser) when the maximum tree depth limit is hit. [#3098, #3100] (@​stevecheckoway)

v1.16.0 / 2023-12-27

Notable Changes

Ruby

This release introduces native gem support for Ruby 3.3.

This release ends support for Ruby 2.7, for which upstream support ended 2023-03-31.

... (truncated)

Commits

Updates activesupport from 6.0.3.6 to 6.0.6.1

Release notes

Sourced from activesupport's releases.

v6.0.6.1

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • Make sanitize_as_sql_comment more strict

    Though this method was likely never meant to take user input, it was attempting sanitization. That sanitization could be bypassed with carefully crafted input.

    This commit makes the sanitization more robust by replacing any occurrances of "/" or "/" with "/ " or " /". It also performs a first pass to remove one surrounding comment to avoid compatibility issues for users relying on the existing removal.

    This also clarifies in the documentation of annotate that it should not be provided user input.

    [CVE-2023-22794]

Action View

  • No changes.

Action Pack

  • No changes.

Active Job

  • No changes.

... (truncated)

Commits
  • 28bb76d Version 6.0.6.1
  • 91cf62e Version 6.0.6
  • c7d64e9 Preparing for 6.0.5.1 release
  • c177e45 updating version and changelog
  • 4331155 Preparing for 6.0.5 release
  • 1b5df89 Merge pull request #45027 from rails/fix-tag-helper-regression
  • 23f8485 Merge branch '6-0-sec' into 6-0-stable
  • 27a5ec7 Preparing for 6.0.4.8 release
  • 636ee65 updating changelog for release
  • 36a6dad Fix and add protections for XSS in names.
  • Additional commits viewable in compare view

Updates nokogiri from 1.13.10 to 1.16.3

Release notes

Sourced from nokogiri's releases.

v1.16.3 / 2024-03-15

Dependencies

Changed

  • [CRuby] XML::Reader sets the @encoding instance variable during reading if it is not passed into the initializer. Previously, it would remain nil. The behavior of Reader#encoding has not changed. This works around changes to how libxml2 reports the encoding used in v2.12.6.

sha256 checksums:

3d806263a0548e5163ff256655d78a87998fa83a5ae256b83c14a1a97731e824  nokogiri-1.16.3-aarch64-linux.gem
cfb923c02bde065005e2521f0a6883c63cf305cb899a9dd4c74897731bb2af1d  nokogiri-1.16.3-arm-linux.gem
5d3268558c002fa493e33076798cfda1df8effbd5363060dc41595cfebb1cf90  nokogiri-1.16.3-arm64-darwin.gem
6bf0918233959c7d5e703061ada0f436544612397475a866aa314071f02bfabb  nokogiri-1.16.3-java.gem
656f163dd287671c3a28157a2e853ee1a36afeb3f4185a78af863f3980efc58d  nokogiri-1.16.3-x64-mingw-ucrt.gem
7330f65cf2f8fa442327112b6515b4988f396d23010d33571714fd2ac0648fb9  nokogiri-1.16.3-x64-mingw32.gem
08d8a369940fa2309379cd8af1e7b3cc702b0115d3ddd197cfa7b33daedfd541  nokogiri-1.16.3-x86-linux.gem
cd26e99fa6388cd73c8892bb99ac98af162fe83c8f71c6473dfeba7aac76bcb9  nokogiri-1.16.3-x86-mingw32.gem
bc22786f4db4c32a5587e3b77a106408148d3bb1602dd0b52c0f5c968c42d17d  nokogiri-1.16.3-x86_64-darwin.gem
47a3330e41b49a100225b6fab490b2dc43410931e01e791886e0c2998412e8cb  nokogiri-1.16.3-x86_64-linux.gem
498aa253ccd5b89a0fa5c4c82b346d22176fc865f4a12ef8da642064d1d3e248  nokogiri-1.16.3.gem

v1.16.2 / 2024-02-04

Security

Dependencies


sha256 checksums:

69ba15d2a2498324489ed63850997f0b8f684260114ea81116d3082f16551d2d  nokogiri-1.16.2-aarch64-linux.gem
6a05ce42e3587a40cf8936ece0beaa5d32922254215d2e8cf9ad40588bb42e57  nokogiri-1.16.2-arm-linux.gem
c957226c8e36b31be6a3afb8602e2128282bf8b40ea51016c4cd21aa2608d3f8  nokogiri-1.16.2-arm64-darwin.gem
122652bfc338cd8a54a692ac035e245e41fd3b8283299202ca26e7a7d50db310  nokogiri-1.16.2-java.gem
</tr></table> 

... (truncated)

Changelog

Sourced from nokogiri's changelog.

v1.16.3 / 2024-03-15

Dependencies

Changed

  • [CRuby] XML::Reader sets the @encoding instance variable during reading if it is not passed into the initializer. Previously, it would remain nil. The behavior of Reader#encoding has not changed. This works around changes to how libxml2 reports the encoding used in v2.12.6.

v1.16.2 / 2024-02-04

Security

Dependencies

v1.16.1 / 2024-02-03

Dependencies

Fixed

  • [CRuby] XML::Reader defaults the encoding to UTF-8 if it's not specified in either the document or as a method parameter. Previously non-ASCII characters were serialized as NCRs in this case. #2891 (@​flavorjones)
  • [CRuby] Restored support for compilation by GCC versions earlier than 4.6, which was broken in v1.15.0 (540e9aee). #3090 (@​adfoster-r7)
  • [CRuby] Patched upstream libxml2 to allow parsing HTML5 in the context of a namespaced node (e.g., foreign content like MathML). [#3112, #3116] (@​flavorjones)
  • [CRuby] Fixed a small memory leak in libgumbo (HTML5 parser) when the maximum tree depth limit is hit. [#3098, #3100] (@​stevecheckoway)

v1.16.0 / 2023-12-27

Notable Changes

Ruby

This release introduces native gem support for Ruby 3.3.

This release ends support for Ruby 2.7, for which upstream support ended 2023-03-31.

... (truncated)

Commits

Updates activesupport from 6.0.3.6 to 6.0.6.1

Release notes

Sourced from activesupport's releases.

v6.0.6.1

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • Make sanitize_as_sql_comment more strict

    Though this method was likely never meant to take user input, it was attempting sanitization. That sanitization could be bypassed with carefully crafted input.

    This commit makes the sanitization more robust by replacing any occurrances of "/" or "/" with "/ " or " /". It also performs a first pass to remove one surrounding comment to avoid compatibility issues for users relying on the existing removal.

    This also clarifies in the documentation of annotate that it should not be provided user input.

    [CVE-2023-22794]

Action View

  • No changes.

Action Pack

  • No changes.

Active Job

  • No changes.

... (truncated)

Commits
  • 28bb76d Version 6.0.6.1
  • 91cf62e Version 6.0.6
  • c7d64e9 Preparing for 6.0.5.1 release
  • c177e45 updating version and changelog
  • 4331155 Preparing for 6.0.5 release
  • 1b5df89 Merge pull request #45027 from rails/fix-tag-helper-regression
  • 23f8485 Merge branch '6-0-sec' into 6-0-stable
  • 27a5ec7 Preparing for 6.0.4.8 release
  • 636ee65 updating changelog for release
  • 36a6dad Fix and add protections for XSS in names.
  • Additional commits viewable in compare view

Updates nokogiri from 1.13.10 to 1.16.3

Release notes

Sourced from nokogiri's releases.

v1.16.3 / 2024-03-15

Dependencies

Changed

  • [CRuby] XML::Reader sets the @encoding instance variable during reading if it is not passed into the initializer. Previously, it would remain nil. The behavior of Reader#encoding has not changed. This works around changes to how libxml2 reports the encoding used in v2.12.6.

sha256 checksums:

3d806263a0548e5163ff256655d78a87998fa83a5ae256b83c14a1a97731e824  nokogiri-1.16.3-aarch64-linux.gem
cfb923c02bde065005e2521f0a6883c63cf305cb899a9dd4c74897731bb2af1d  nokogiri-1.16.3-arm-linux.gem
5d3268558c002fa493e33076798cfda1df8effbd5363060dc41595cfebb1cf90  nokogiri-1.16.3-arm64-darwin.gem
6bf0918233959c7d5e703061ada0f436544612397475a866aa314071f02bfabb  nokogiri-1.16.3-java.gem
656f163dd287671c3a28157a2e853ee1a36afeb3f4185a78af863f3980efc58d  nokogiri-1.16.3-x64-mingw-ucrt.gem
7330f65cf2f8fa442327112b6515b4988f396d23010d33571714fd2ac0648fb9  nokogiri-1.16.3-x64-mingw32.gem
08d8a369940fa2309379cd8af1e7b3cc702b0115d3ddd197cfa7b33daedfd541  nokogiri-1.16.3-x86-linux.gem
cd26e99fa6388cd73c8892bb99ac98af162fe83c8f71c6473dfeba7aac76bcb9  nokogiri-1.16.3-x86-mingw32.gem
bc22786f4db4c32a5587e3b77a106408148d3bb1602dd0b52c0f5c96...

Description has been truncated

Bumps the bundler group with 2 updates in the /0.89 directory: [activesupport](https://github.com/rails/rails) and [nokogiri](https://github.com/sparklemotion/nokogiri).
Bumps the bundler group with 2 updates in the /v0.1 directory: [activesupport](https://github.com/rails/rails) and [nokogiri](https://github.com/sparklemotion/nokogiri).
Bumps the bundler group with 2 updates in the /v0.100 directory: [activesupport](https://github.com/rails/rails) and [nokogiri](https://github.com/sparklemotion/nokogiri).
Bumps the bundler group with 2 updates in the /v0.87 directory: [activesupport](https://github.com/rails/rails) and [nokogiri](https://github.com/sparklemotion/nokogiri).
Bumps the bundler group with 2 updates in the /v0.88 directory: [activesupport](https://github.com/rails/rails) and [nokogiri](https://github.com/sparklemotion/nokogiri).
Bumps the bundler group with 2 updates in the /v0.89 directory: [activesupport](https://github.com/rails/rails) and [nokogiri](https://github.com/sparklemotion/nokogiri).
Bumps the bundler group with 2 updates in the /v0.90 directory: [activesupport](https://github.com/rails/rails) and [nokogiri](https://github.com/sparklemotion/nokogiri).
Bumps the bundler group with 2 updates in the /v0.91 directory: [activesupport](https://github.com/rails/rails) and [nokogiri](https://github.com/sparklemotion/nokogiri).
Bumps the bundler group with 2 updates in the /v0.92 directory: [activesupport](https://github.com/rails/rails) and [nokogiri](https://github.com/sparklemotion/nokogiri).
Bumps the bundler group with 2 updates in the /v0.93 directory: [activesupport](https://github.com/rails/rails) and [nokogiri](https://github.com/sparklemotion/nokogiri).
Bumps the bundler group with 2 updates in the /v0.94 directory: [activesupport](https://github.com/rails/rails) and [nokogiri](https://github.com/sparklemotion/nokogiri).
Bumps the bundler group with 2 updates in the /v0.95 directory: [activesupport](https://github.com/rails/rails) and [nokogiri](https://github.com/sparklemotion/nokogiri).
Bumps the bundler group with 2 updates in the /v0.96 directory: [activesupport](https://github.com/rails/rails) and [nokogiri](https://github.com/sparklemotion/nokogiri).
Bumps the bundler group with 2 updates in the /v0.97 directory: [activesupport](https://github.com/rails/rails) and [nokogiri](https://github.com/sparklemotion/nokogiri).
Bumps the bundler group with 2 updates in the /v0.98 directory: [activesupport](https://github.com/rails/rails) and [nokogiri](https://github.com/sparklemotion/nokogiri).
Bumps the bundler group with 2 updates in the /v0.99 directory: [activesupport](https://github.com/rails/rails) and [nokogiri](https://github.com/sparklemotion/nokogiri).


Updates `activesupport` from 6.0.3.6 to 6.0.6.1
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.1.3.2/activesupport/CHANGELOG.md)
- [Commits](rails/rails@v6.0.3.6...v6.0.6.1)

Updates `nokogiri` from 1.13.10 to 1.16.3
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.13.10...v1.16.3)

Updates `activesupport` from 6.0.3.6 to 6.0.6.1
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.1.3.2/activesupport/CHANGELOG.md)
- [Commits](rails/rails@v6.0.3.6...v6.0.6.1)

Updates `nokogiri` from 1.13.10 to 1.16.3
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.13.10...v1.16.3)

Updates `activesupport` from 6.0.3.6 to 6.0.6.1
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.1.3.2/activesupport/CHANGELOG.md)
- [Commits](rails/rails@v6.0.3.6...v6.0.6.1)

Updates `nokogiri` from 1.13.10 to 1.16.3
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.13.10...v1.16.3)

Updates `activesupport` from 6.0.3.6 to 6.0.6.1
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.1.3.2/activesupport/CHANGELOG.md)
- [Commits](rails/rails@v6.0.3.6...v6.0.6.1)

Updates `nokogiri` from 1.13.10 to 1.16.3
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.13.10...v1.16.3)

Updates `activesupport` from 6.0.3.6 to 6.0.6.1
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.1.3.2/activesupport/CHANGELOG.md)
- [Commits](rails/rails@v6.0.3.6...v6.0.6.1)

Updates `nokogiri` from 1.13.10 to 1.16.3
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.13.10...v1.16.3)

Updates `activesupport` from 6.0.3.6 to 6.0.6.1
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.1.3.2/activesupport/CHANGELOG.md)
- [Commits](rails/rails@v6.0.3.6...v6.0.6.1)

Updates `nokogiri` from 1.13.10 to 1.16.3
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.13.10...v1.16.3)

Updates `activesupport` from 6.0.3.6 to 6.0.6.1
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.1.3.2/activesupport/CHANGELOG.md)
- [Commits](rails/rails@v6.0.3.6...v6.0.6.1)

Updates `nokogiri` from 1.13.10 to 1.16.3
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.13.10...v1.16.3)

Updates `activesupport` from 6.0.3.6 to 6.0.6.1
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.1.3.2/activesupport/CHANGELOG.md)
- [Commits](rails/rails@v6.0.3.6...v6.0.6.1)

Updates `nokogiri` from 1.13.10 to 1.16.3
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.13.10...v1.16.3)

Updates `activesupport` from 6.0.3.6 to 6.0.6.1
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.1.3.2/activesupport/CHANGELOG.md)
- [Commits](rails/rails@v6.0.3.6...v6.0.6.1)

Updates `nokogiri` from 1.13.10 to 1.16.3
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.13.10...v1.16.3)

Updates `activesupport` from 6.0.3.6 to 6.0.6.1
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.1.3.2/activesupport/CHANGELOG.md)
- [Commits](rails/rails@v6.0.3.6...v6.0.6.1)

Updates `nokogiri` from 1.13.10 to 1.16.3
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.13.10...v1.16.3)

Updates `activesupport` from 6.0.3.6 to 6.0.6.1
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.1.3.2/activesupport/CHANGELOG.md)
- [Commits](rails/rails@v6.0.3.6...v6.0.6.1)

Updates `nokogiri` from 1.13.10 to 1.16.3
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.13.10...v1.16.3)

Updates `activesupport` from 6.0.3.6 to 6.0.6.1
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.1.3.2/activesupport/CHANGELOG.md)
- [Commits](rails/rails@v6.0.3.6...v6.0.6.1)

Updates `nokogiri` from 1.13.10 to 1.16.3
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.13.10...v1.16.3)

Updates `activesupport` from 6.0.3.6 to 6.0.6.1
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.1.3.2/activesupport/CHANGELOG.md)
- [Commits](rails/rails@v6.0.3.6...v6.0.6.1)

Updates `nokogiri` from 1.13.10 to 1.16.3
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.13.10...v1.16.3)

Updates `activesupport` from 6.0.3.6 to 6.0.6.1
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.1.3.2/activesupport/CHANGELOG.md)
- [Commits](rails/rails@v6.0.3.6...v6.0.6.1)

Updates `nokogiri` from 1.13.10 to 1.16.3
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.13.10...v1.16.3)

Updates `activesupport` from 6.0.3.6 to 6.0.6.1
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.1.3.2/activesupport/CHANGELOG.md)
- [Commits](rails/rails@v6.0.3.6...v6.0.6.1)

Updates `nokogiri` from 1.13.10 to 1.16.3
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.13.10...v1.16.3)

Updates `activesupport` from 6.0.3.6 to 6.0.6.1
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.1.3.2/activesupport/CHANGELOG.md)
- [Commits](rails/rails@v6.0.3.6...v6.0.6.1)

Updates `nokogiri` from 1.13.10 to 1.16.3
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.13.10...v1.16.3)

---
updated-dependencies:
- dependency-name: activesupport
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: nokogiri
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: activesupport
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: nokogiri
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: activesupport
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: nokogiri
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: activesupport
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: nokogiri
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: activesupport
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: nokogiri
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: activesupport
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: nokogiri
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: activesupport
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: nokogiri
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: activesupport
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: nokogiri
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: activesupport
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: nokogiri
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: activesupport
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: nokogiri
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: activesupport
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: nokogiri
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: activesupport
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: nokogiri
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: activesupport
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: nokogiri
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: activesupport
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: nokogiri
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: activesupport
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: nokogiri
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: activesupport
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: nokogiri
  dependency-type: indirect
  dependency-group: bundler-security-group
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants