🚨 [security] Update activesupport 6.1.7.5 → 7.2.2 (major) by depfu[bot] · Pull Request #149 · XPBytes/administrate-default_order

depfu · 2024-11-01T04:15:48Z

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ activesupport (6.1.7.5 → 7.2.2) · Repo · Changelog

Security Advisories 🚨

🚨 Active Support Possibly Discloses Locally Encrypted Files

🚨 Possible XSS Security Vulnerability in SafeBuffer#bytesplice

🚨 ReDoS based DoS vulnerability in Active Support's underscore

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ actionpack (indirect, 6.1.7.5 → 7.2.2) · Repo · Changelog

Security Advisories 🚨

🚨 Possible ReDoS vulnerability in HTTP Token authentication in Action Controller

🚨 Possible ReDoS vulnerability in query parameter filtering in Action Dispatch

🚨 Possible ReDoS vulnerability in HTTP Token authentication in Action Controller

🚨 Possible ReDoS vulnerability in query parameter filtering in Action Dispatch

🚨 Possible ReDoS vulnerability in HTTP Token authentication in Action Controller

🚨 Possible ReDoS vulnerability in query parameter filtering in Action Dispatch

🚨 Possible ReDoS vulnerability in HTTP Token authentication in Action Controller

🚨 Possible ReDoS vulnerability in query parameter filtering in Action Dispatch

🚨 Missing security headers in Action Pack on non-HTML responses

🚨 Missing security headers in Action Pack on non-HTML responses

🚨 Missing security headers in Action Pack on non-HTML responses

🚨 Rails has possible XSS Vulnerability in Action Controller

🚨 Rails has possible XSS Vulnerability in Action Controller

🚨 Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch

🚨 Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to

🚨 ReDoS based DoS vulnerability in Action Dispatch

🚨 ReDoS based DoS vulnerability in Action Dispatch

🚨 Open Redirect Vulnerability in Action Pack

🚨 Cross-site Scripting Vulnerability in Action Pack

🚨 Exposure of information in Action Pack

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ actionview (indirect, 6.1.7.5 → 7.2.2) · Repo · Changelog

Security Advisories 🚨

🚨 rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements

🚨 XSS Vulnerability in Action View tag helpers

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ activemodel (indirect, 6.1.7.5 → 7.2.2) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ activerecord (indirect, 6.1.7.5 → 7.2.2) · Repo · Changelog

↗️ builder (indirect, 3.2.4 → 3.3.0) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ erubi (indirect, 1.10.0 → 1.13.0) · Repo · Changelog

Release Notes

1.13.0 (from changelog)

1.12.0 (from changelog)

1.11.0 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ ffi (indirect, 1.15.5 → 1.17.0) · Repo · Changelog

Release Notes

1.17.0 (from changelog)

1.16.3 (from changelog)

1.16.2 (from changelog)

1.16.1 (from changelog)

1.16.0 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ i18n (indirect, 1.14.5 → 1.14.6) · Repo · Changelog

Release Notes

1.14.6

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ loofah (indirect, 2.19.1 → 2.23.1) · Repo · Changelog

Release Notes

2.23.1

2.23.0

2.22.0

2.21.4

2.21.3

2.21.2

2.21.1

2.21.0

2.20.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ mini_portile2 (indirect, 2.8.0 → 2.8.8) · Repo · Changelog

Release Notes

2.8.8

2.8.7

2.8.6

2.8.5

2.8.4

2.8.3

2.8.2

2.8.1

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ nokogiri (indirect, 1.13.10 → 1.16.7) · Repo · Changelog

Security Advisories 🚨

🚨 Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459

🚨 Use-after-free in libxml2 via Nokogiri::XML::Reader

🚨 Use-after-free in libxml2 via Nokogiri::XML::Reader

🚨 Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062

🚨 Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062

🚨 Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ racc (indirect, 1.6.1 → 1.8.1) · Repo · Changelog

Release Notes

1.8.1

1.8.0

1.7.3

1.7.2

1.7.1

1.7.0

1.6.2

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rack (indirect, 2.2.8.1 → 3.1.8) · Repo · Changelog

↗️ rack-test (indirect, 1.1.0 → 2.1.0) · Repo · Changelog

Release Notes

2.1.0 (from changelog)

2.0.2 (from changelog)

2.0.1 (from changelog)

2.0.0 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rails-dom-testing (indirect, 2.0.3 → 2.2.0) · Repo · Changelog

Release Notes

2.2.0

2.1.1

2.1.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rails-html-sanitizer (indirect, 1.4.4 → 1.6.0) · Repo · Changelog

Release Notes

1.6.0

1.5.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ railties (indirect, 6.1.7.5 → 7.2.2) · Repo · Changelog

↗️ sprockets (indirect, 4.0.3 → 4.2.1) · Repo · Changelog

Release Notes

4.2.1

4.2.0 (from changelog)

4.1.1

4.1.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ thor (indirect, 1.2.1 → 1.3.2) · Repo · Changelog

↗️ tilt (indirect, 2.0.10 → 2.4.0) · Repo · Changelog

Release Notes

2.4.0 (from changelog)

2.1.0 (from changelog)

2.0.11 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ zeitwerk (indirect, 2.6.17 → 2.7.1) · Repo · Changelog

Release Notes

2.7.1 (from changelog)

2.7.0 (from changelog)

2.6.18 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

🆕 base64 (added, 0.2.0)

🆕 benchmark (added, 0.4.0)

🆕 bigdecimal (added, 3.1.8)

🆕 connection_pool (added, 2.4.1)

🆕 drb (added, 2.2.1)

🆕 io-console (added, 0.7.2)

🆕 irb (added, 1.14.1)

🆕 logger (added, 1.6.1)

🆕 psych (added, 5.2.0)

🆕 rack-session (added, 2.0.0)

🆕 rackup (added, 2.2.1)

🆕 rdoc (added, 6.8.1)

🆕 reline (added, 0.5.11)

🆕 securerandom (added, 0.3.2)

🆕 stringio (added, 3.1.2)

🆕 timeout (added, 0.4.2)

🆕 useragent (added, 0.16.10)

🗑️ method_source (removed)

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

depfu Bot added the depfu label Nov 1, 2024

depfu Bot mentioned this pull request Nov 1, 2024

🚨 [security] Update activesupport 6.1.7.5 → 7.2.1.2 (major) #148

Closed

Update activesupport to version 7.2.2

540120d

depfu Bot force-pushed the depfu/update/activesupport-7.2.2 branch from bc5368d to 540120d Compare November 26, 2024 02:55

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

🚨 [security] Update activesupport 6.1.7.5 → 7.2.2 (major)#149

🚨 [security] Update activesupport 6.1.7.5 → 7.2.2 (major)#149
depfu[bot] wants to merge 1 commit intomasterfrom
depfu/update/activesupport-7.2.2

depfu Bot commented Nov 1, 2024 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

depfu Bot commented Nov 1, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What changed?

✳️ activesupport (6.1.7.5 → 7.2.2) · Repo · Changelog

↗️ actionpack (indirect, 6.1.7.5 → 7.2.2) · Repo · Changelog

↗️ actionview (indirect, 6.1.7.5 → 7.2.2) · Repo · Changelog

↗️ activemodel (indirect, 6.1.7.5 → 7.2.2) · Repo · Changelog

↗️ activerecord (indirect, 6.1.7.5 → 7.2.2) · Repo · Changelog

↗️ builder (indirect, 3.2.4 → 3.3.0) · Repo · Changelog

↗️ erubi (indirect, 1.10.0 → 1.13.0) · Repo · Changelog

1.13.0 (from changelog)

1.12.0 (from changelog)

1.11.0 (from changelog)

↗️ ffi (indirect, 1.15.5 → 1.17.0) · Repo · Changelog

1.17.0 (from changelog)

1.16.3 (from changelog)

1.16.2 (from changelog)

1.16.1 (from changelog)

1.16.0 (from changelog)

↗️ i18n (indirect, 1.14.5 → 1.14.6) · Repo · Changelog

↗️ loofah (indirect, 2.19.1 → 2.23.1) · Repo · Changelog

↗️ mini_portile2 (indirect, 2.8.0 → 2.8.8) · Repo · Changelog

↗️ nokogiri (indirect, 1.13.10 → 1.16.7) · Repo · Changelog

↗️ racc (indirect, 1.6.1 → 1.8.1) · Repo · Changelog

↗️ rack (indirect, 2.2.8.1 → 3.1.8) · Repo · Changelog

↗️ rack-test (indirect, 1.1.0 → 2.1.0) · Repo · Changelog

2.1.0 (from changelog)

2.0.2 (from changelog)

2.0.1 (from changelog)

2.0.0 (from changelog)

↗️ rails-dom-testing (indirect, 2.0.3 → 2.2.0) · Repo · Changelog

↗️ rails-html-sanitizer (indirect, 1.4.4 → 1.6.0) · Repo · Changelog

↗️ railties (indirect, 6.1.7.5 → 7.2.2) · Repo · Changelog

↗️ sprockets (indirect, 4.0.3 → 4.2.1) · Repo · Changelog

4.2.0 (from changelog)

↗️ thor (indirect, 1.2.1 → 1.3.2) · Repo · Changelog

↗️ tilt (indirect, 2.0.10 → 2.4.0) · Repo · Changelog

2.4.0 (from changelog)

2.1.0 (from changelog)

2.0.11 (from changelog)

↗️ zeitwerk (indirect, 2.6.17 → 2.7.1) · Repo · Changelog

2.7.1 (from changelog)

2.7.0 (from changelog)

2.6.18 (from changelog)

🆕 base64 (added, 0.2.0)

🆕 benchmark (added, 0.4.0)

🆕 bigdecimal (added, 3.1.8)

🆕 connection_pool (added, 2.4.1)

🆕 drb (added, 2.2.1)

🆕 io-console (added, 0.7.2)

🆕 irb (added, 1.14.1)

🆕 logger (added, 1.6.1)

🆕 psych (added, 5.2.0)

🆕 rack-session (added, 2.0.0)

🆕 rackup (added, 2.2.1)

🆕 rdoc (added, 6.8.1)

🆕 reline (added, 0.5.11)

🆕 securerandom (added, 0.3.2)

🆕 stringio (added, 3.1.2)

🆕 timeout (added, 0.4.2)

🆕 useragent (added, 0.16.10)

🗑️ method_source (removed)

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

depfu Bot commented Nov 1, 2024 •

edited

Loading