Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the bundler group across 1 directory with 5 updates #4346

Closed
wants to merge 1 commit into from
Closed

Bump the bundler group across 1 directory with 5 updates #4346

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 11, 2024

Bumps the bundler group with 5 updates in the / directory:

Package From To
puma 6.4.2 6.4.3
dotenv-rails 3.1.2 3.1.4
sidekiq 6.5.5 7.3.5
rexml 3.3.3 3.3.9
fugit 1.11.0 1.11.1

Updates puma from 6.4.2 to 6.4.3

Release notes

Sourced from puma's releases.

6.4.3

  • Security
    • Discards any headers using underscores if the non-underscore version also exists. Without this, an attacker could overwrite values set by intermediate proxies (e.g. X-Forwarded-For). (CVE-2024-45614/GHSA-9hf4-67fc-4vf4)
Changelog

Sourced from puma's changelog.

6.4.3 / 2024-09-19

  • Security
    • Discards any headers using underscores if the non-underscore version also exists. Without this, an attacker could overwrite values set by intermediate proxies (e.g. X-Forwarded-For). (CVE-2024-45614/GHSA-9hf4-67fc-4vf4)
Commits

Updates dotenv-rails from 3.1.2 to 3.1.4

Release notes

Sourced from dotenv-rails's releases.

3.1.4

What's Changed

New Contributors

Full Changelog: bkeepers/dotenv@v3.1.3...v3.1.4

3.1.3

What's Changed

New Contributors

Full Changelog: bkeepers/dotenv@v3.1.2...v3.1.3

Changelog

Sourced from dotenv-rails's changelog.

3.1.4

New Contributors

Full Changelog: bkeepers/dotenv@v3.1.3...v3.1.4

3.1.3

New Contributors

Full Changelog: bkeepers/dotenv@v3.1.2...v3.1.3

Commits

Updates sidekiq from 6.5.5 to 7.3.5

Changelog

Sourced from sidekiq's changelog.

7.3.5

  • Reimplement retry_all and kill_all API methods to use ZPOPMIN, approximately 30-60% faster. #6481
  • Add preload testing binary at examples/testing/sidekiq_boot to verify your Rails app boots correctly with Sidekiq Enterprise's app preloading.
  • Fix circular require with ActiveJob adapter #6477
  • Fix potential race condition leading to incorrect serialized values for CurrentAttributes #6475
  • Restore missing elapsed time when default job logging is disabled

7.3.4

  • Fix FrozenError when starting Sidekiq #6470

7.3.3

  • Freeze global configuration once boot is complete, to avoid configuration race conditions [#6466, #6465]
  • Sidekiq now warns if a job iteration takes longer than the -t timeout setting (defaults to 25 seconds)
  • Iteration callbacks now have easy access to job arguments via the arguments method:
def on_stop
  p arguments # => `[123, "string", {"key" => "value"}]`
  id, str, hash = arguments
end
  • Iterable jobs can be cancelled via Sidekiq::Client#cancel!:
c = Sidekiq::Client.new
jid = c.push("class" => SomeJob, "args" => [123])
c.cancel!(jid) # => true
  • Take over support for ActiveJob's :sidekiq adapter [#6430, fatkodima]
  • Ensure CurrentAttributes are in scope when creating batch callbacks #6455
  • Add Sidekiq.gem_version API.
  • Update Ukranian translations

7.3.2

  • Adjust ActiveRecord batch iteration to restart an interrupted batch from the beginning. Each batch should be processed as a single transaction in order to be idempotent. #6405
  • Fix typo in Sidekiq::DeadSet#kill #6397
  • Fix CSS issue with bottom bar in Web UI #6414

7.3.1

  • Don't count job interruptions as failures in metrics #6386

... (truncated)

Commits

Updates rexml from 3.3.3 to 3.3.9

Release notes

Sourced from rexml's releases.

REXML 3.3.9 - 2024-10-24

Improvements

  • Improved performance.

Fixes

  • Fixed a parse bug for text only invalid XML.

  • Fixed a parse bug that &#0x...; is accepted as a character reference.

Thanks

  • NAITOH Jun

REXML 3.3.8 - 2024-09-29

Improvements

  • SAX2: Improve parse performance.

Fixes

  • Fixed a bug that unexpected attribute namespace conflict error for the predefined "xml" namespace is reported.
    • GH-208
    • Patch by KITAITI Makoto

Thanks

  • NAITOH Jun

  • KITAITI Makoto

REXML 3.3.7 - 2024-09-04

Improvements

  • Added local entity expansion limit methods

... (truncated)

Changelog

Sourced from rexml's changelog.

3.3.9 - 2024-10-24 {#version-3-3-9}

Improvements

  • Improved performance.

Fixes

  • Fixed a parse bug for text only invalid XML.

  • Fixed a parse bug that &#0x...; is accepted as a character reference.

Thanks

  • NAITOH Jun

3.3.8 - 2024-09-29 {#version-3-3-8}

Improvements

  • SAX2: Improve parse performance.

Fixes

  • Fixed a bug that unexpected attribute namespace conflict error for the predefined "xml" namespace is reported.
    • GH-208
    • Patch by KITAITI Makoto

Thanks

  • NAITOH Jun

  • KITAITI Makoto

3.3.7 - 2024-09-04 {#version-3-3-7}

Improvements

  • Added local entity expansion limit methods

... (truncated)

Commits

Updates fugit from 1.11.0 to 1.11.1

Changelog

Sourced from fugit's changelog.

fugit 1.11.1 released 2024-08-15

  • Prevent nat parsing chocking on long input (> 256 chars), gh-104
Commits

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
puma [< 5.7, > 5.6.2]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the bundler group across 1 directory with 5 updates
a1c4952 
Bumps the bundler group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [puma](https://github.com/puma/puma) | `6.4.2` | `6.4.3` |
| [dotenv-rails](https://github.com/bkeepers/dotenv) | `3.1.2` | `3.1.4` |
| [sidekiq](https://github.com/sidekiq/sidekiq) | `6.5.5` | `7.3.5` |
| [rexml](https://github.com/ruby/rexml) | `3.3.3` | `3.3.9` |
| [fugit](https://github.com/floraison/fugit) | `1.11.0` | `1.11.1` |



Updates `puma` from 6.4.2 to 6.4.3
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](puma/puma@v6.4.2...v6.4.3)

Updates `dotenv-rails` from 3.1.2 to 3.1.4
- [Release notes](https://github.com/bkeepers/dotenv/releases)
- [Changelog](https://github.com/bkeepers/dotenv/blob/main/Changelog.md)
- [Commits](bkeepers/dotenv@v3.1.2...v3.1.4)

Updates `sidekiq` from 6.5.5 to 7.3.5
- [Changelog](https://github.com/sidekiq/sidekiq/blob/main/Changes.md)
- [Commits](sidekiq/sidekiq@v6.5.5...v7.3.5)

Updates `rexml` from 3.3.3 to 3.3.9
- [Release notes](https://github.com/ruby/rexml/releases)
- [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md)
- [Commits](ruby/rexml@v3.3.3...v3.3.9)

Updates `fugit` from 1.11.0 to 1.11.1
- [Changelog](https://github.com/floraison/fugit/blob/master/CHANGELOG.md)
- [Commits](floraison/fugit@v1.11.0...v1.11.1)

---
updated-dependencies:
- dependency-name: puma
  dependency-type: direct:production
  dependency-group: bundler
- dependency-name: dotenv-rails
  dependency-type: direct:production
  dependency-group: bundler
- dependency-name: sidekiq
  dependency-type: direct:production
  dependency-group: bundler
- dependency-name: rexml
  dependency-type: direct:production
  dependency-group: bundler
- dependency-name: fugit
  dependency-type: indirect
  dependency-group: bundler
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Nov 11, 2024
@dependabot dependabot bot mentioned this pull request Nov 11, 2024
Closed
@github-actions GitHub Actions
Copy link

Review app deployed to https://get-into-teaching-app-review-4346.test.teacherservices.cloud

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
12 New issues
10 Accepted issues

Measures
0 Security Hotspots
95.7% Coverage on New Code
0.1% Duplication on New Code

See analysis details on SonarCloud

@sarahcrack
Copy link
Collaborator

closing this PR as this request requires an upgrade of Redis/Sidekiq; we can't do this on production at the moment.

@sarahcrack sarahcrack closed this Nov 11, 2024
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 11, 2024

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/bundler/bundler-1907af7182 branch November 11, 2024 12:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@sarahcrack