🚨 [security] Update activejob: 5.1.1 → 5.1.6.1 (minor)
**Welcome to Depfu** 👋
This is one of the first three pull requests with dependency updates we've sent your way. We tried to start with a few easy patch-level updates. Hopefully your tests will pass and you can merge this pull request without too much risk. This should give you an idea how Depfu works in general.
After you merge your first pull request, we'll send you a few more. We'll never open more than seven PRs at the same time so you're not getting overwhelmed with updates.
[Let us know](mailto:hi@depfu.com) if you have any questions. Thanks so much for giving Depfu a try!
Advisory: CVE-2018-16476 Disclosed: November 27, 2018 URL: https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw
Broken Access Control vulnerability in Active Job
There is a vulnerability in Active Job. This vulnerability has been
assigned the CVE identifier CVE-2018-16476.Versions Affected: >= 4.2.0
Not affected: < 4.2.0
Fixed Versions: 4.2.11, 5.0.7.1, 5.1.6.1, 5.2.1.1Impact
Carefully crafted user input can cause Active Job to deserialize it using GlobalId
and allow an attacker to have access to information that they should not have.Vulnerable code will look something like this:
MyJob.perform_later(user_input)All users running an affected release should either upgrade or use one of the
workarounds immediately.
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
↗ ️ activejob (indirect, 5.1.1 → 5.1.6.1) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by 20 commits:
Preparing for 5.1.6.1 releaseDo not deserialize GlobalID objects that were not generated by Active JobPreparing for 5.1.6 releaseFix changelog entries of `5-1-stable` [ci skip]Preparing for 5.1.5 releasePreparing for 5.1.5.rc1 releaseBackport #30748 for redis-rb 4.0 supportMerge pull request #30468 from greysteil/backport-changelog-linksPreparing for 5.1.4 releaseAdd source code and changelog links to gemspecsUpdate changelog headers for 5.1.4.rc1Preparing for 5.1.4.rc1 releasePreparing for 5.1.3 releasePreparing for 5.1.3.rc3 releasePreparing for 5.1.3.rc2 releasePreparing for 5.1.3.rc1 releaseMerge pull request #26587 from utilum/active_job_serialize_provider_job_idPreparing for 5.1.2 releasePreparing for 5.1.2.rc1 releaseFix the changelogs.
✳ ️ jbuilder (2.7.0 → 2.8.0) · Repo · Changelog
✳ ️ rails (5.1.1 → 5.1.6.1) · Repo
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗ ️ actioncable (indirect, 5.1.1 → 5.1.6.1) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by 19 commits:
Preparing for 5.1.6.1 releasePreparing for 5.1.6 releaseFix changelog entries of `5-1-stable` [ci skip]Preparing for 5.1.5 releasePreparing for 5.1.5.rc1 releaseMerge pull request #31671 from larskanis/pg-1.0Backport #30748 for redis-rb 4.0 supportMerge pull request #30468 from greysteil/backport-changelog-linksPreparing for 5.1.4 releaseAdd source code and changelog links to gemspecsUpdate changelog headers for 5.1.4.rc1Preparing for 5.1.4.rc1 releasePreparing for 5.1.3 releasePreparing for 5.1.3.rc3 releasePreparing for 5.1.3.rc2 releasePreparing for 5.1.3.rc1 releasePreparing for 5.1.2 releasePreparing for 5.1.2.rc1 releaseFix the changelogs.
↗ ️ actionmailer (indirect, 5.1.1 → 5.1.6.1) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by 18 commits:
Preparing for 5.1.6.1 releasePreparing for 5.1.6 releasePreparing for 5.1.5 releasePreparing for 5.1.5.rc1 releaseMerge pull request #30391 from jbourassa/fix-actionmailer-lambda-defaultMerge pull request #30468 from greysteil/backport-changelog-linksFix tests on Mail 2.7Preparing for 5.1.4 releaseAdd source code and changelog links to gemspecsUpdate changelog headers for 5.1.4.rc1Preparing for 5.1.4.rc1 releasePreparing for 5.1.3 releasePreparing for 5.1.3.rc3 releasePreparing for 5.1.3.rc2 releasePreparing for 5.1.3.rc1 releasePreparing for 5.1.2 releasePreparing for 5.1.2.rc1 releaseFix the changelogs.
↗ ️ actionpack (indirect, 5.1.1 → 5.1.6.1) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by 57 commits:
Preparing for 5.1.6.1 releasePreparing for 5.1.6 releaseCache url helpers moduleCheck exclude before flagging cookies as secure in ActionDispatch::SSL (#32262)Preparing for 5.1.5 releasePreparing for 5.1.5.rc1 releaseMerge pull request #31099 from nobu/patch-1Generate tmpname on its ownBackport fix `test_session_store_with_expire_after`Fix optimized url helpers when using relative url rootMerge pull request #30468 from greysteil/backport-changelog-linksMerge pull request #30959 from lostapathy/capybara_versionEnsure local dev and prod puma configs do not clobber ActionDispatch::SystemTesting defaultsMerge branch '5-1-4' into 5-1-stablePreparing for 5.1.4 releaseUpdate CHANGELOG.mdAdd source code and changelog links to gemspecsMerge pull request #30421 from y-yagi/fix_30405Update changelog headers for 5.1.4.rc1Preparing for 5.1.4.rc1 releaseMerge pull request #30045 from albertoalmagro/fix-raise-unpermitted-parameters-regressionMerge pull request #29859 from dwightwatson/feature/rack-testMerge branch '5.1.3' into 5-1-stablePreparing for 5.1.3 releaseRemove extranouoououous end.Revert "Load the Parameters configurations on the right time"Maintain original encoding from pathMerge pull request #29561 from samphippen/samphippen/add-option-to-silence-puma-in-system-testClarify route encoding testPath parameters should default to UTF8Preparing for 5.1.3.rc3 releasePreparing for 5.1.3.rc2 releaseMerge pull request #29898 from deivid-rodriguez/follow_up_to_multiple_location_engine_mountingPreparing for 5.1.3.rc1 releaseMerge pull request #29793 from arthurnn/arthurnn/param_encoding_error_msgDon't call register on custom driversMerge pull request #29662 from deivid-rodriguez/engine_multiple_mount_pointsFix endLoad the Parameters configurations on the right timeFix the class name --> ActionController::Parameters [ci skip]Add CHANGELOG entry for #29630 [ci skip]Merge pull request #29630 from kirs/fallback-tos_parametersMerge pull request #29533 from jdelStrother/missing_url_formatsMerge pull request #29551 from Edouard-chin/integration-test-follow-redirectMerge branch '5-1-2' into 5-1-stablePreparing for 5.1.2 releaseMerge pull request #29549 from Edouard-chin/integration-testing-deprecated-methodsMerge pull request #29553 from eugeneius/wrap_parameters_nilFix changelogFix changelogPreparing for 5.1.2.rc1 releaseMerge pull request #27990 from leonelgalan/bug/filtered_parameters_classMerge pull request #29451 from vipulnsward/29441-flatten-defaultMerge pull request #29315 from mariochavez/driven_by_support_headless_driversMerge pull request #28644 from mtsmfm/set-capybara-app-hostMerge pull request #29063 from sepehr500/masterFix the changelogs.
↗ ️ actionview (indirect, 5.1.1 → 5.1.6.1) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by 38 commits:
Preparing for 5.1.6.1 releasePreparing for 5.1.6 releaseMerge pull request #32282 from javan/fix-digesting-mixed-formatsPreparing for 5.1.5 releasePreparing for 5.1.5.rc1 releaseMerge pull request #29127 from DmytroVasin/rails-ujs-remote-callbacksMerge pull request #30468 from greysteil/backport-changelog-linksMerge pull request #30513 from y-yagi/fix_30444Fix `test_should_sanitize_illegal_style_properties` failurePreparing for 5.1.4 releaseAdd source code and changelog links to gemspecsUpdate changelog headers for 5.1.4.rc1Preparing for 5.1.4.rc1 releaseMerge pull request #28912 from kaspth/getting-started-form-withMerge pull request #29918 from xtina-starr/suppress-warning-from-actionview-controller-helperMerge branch '5.1.3' into 5-1-stablePreparing for 5.1.3 releaseMerge pull request #29984 from colorfulfool/form-helpers-unicode-sanitizationMerge branch '5.1.3' into 5-1-stablePreparing for 5.1.3.rc3 releasePreparing for 5.1.3.rc2 releaseMerge pull request #29792 from lugray/delegate_respond_toMerge pull request #29884 from padi/update_rails_5_upgrade_guidePreparing for 5.1.3.rc1 releaseMerge pull request #29630 from kirs/fallback-tos_parametersEnsure input to distance_of_time_in_words is not nilPreparing for 5.1.2 releasePreparing for 5.1.2.rc1 releaseMerge pull request #29503 from savroff/fix_current_page_engine_issueMerge pull request #29412 from y-yagi/fix_29014Add templates left over from 8daef52.Don't rely on the @view_renderer being defined.Merge pull request https://github.com/rails/rails/pull/28637 from st0012/fix-partial-cache-loggingMerge pull request #29187 from robin850/remove-mathnERB::Util.url_encode no longer escapes ~ since ruby 2.5Merge pull request #29151 from onemanstartup/jquery_slim_fixMerge pull request #29152 from djforth/masterFix the changelogs.
↗ ️ activemodel (indirect, 5.1.1 → 5.1.6.1) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by 19 commits:
Preparing for 5.1.6.1 releasePreparing for 5.1.6 releaseMerge pull request #32220 from rails/fix-time-columns-on-sqlite3Preparing for 5.1.5 releasePreparing for 5.1.5.rc1 releaseBackport `Fix to working before/after validation callbacks on multiple contexts.`Merge pull request #30468 from greysteil/backport-changelog-linksPreparing for 5.1.4 releaseAdd source code and changelog links to gemspecsUpdate changelog headers for 5.1.4.rc1Preparing for 5.1.4.rc1 releasePreparing for 5.1.3 releasePreparing for 5.1.3.rc3 releasePreparing for 5.1.3.rc2 releasePreparing for 5.1.3.rc1 releasePreparing for 5.1.2 releasePreparing for 5.1.2.rc1 releaseMerge pull request #29249 from bradleypriest/numericality-precision-regressionFix the changelogs.
↗ ️ activerecord (indirect, 5.1.1 → 5.1.6.1) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗ ️ activesupport (indirect, 5.1.1 → 5.1.6.1) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by 48 commits:
Preparing for 5.1.6.1 releasePreparing for 5.1.6 releaseReturn all mappings for a timezone id in `country_zones`Merge branch '5-1-5' into 5-1-stablePreparing for 5.1.5 releaseDon't force people to upgrade i18n gemAdd missing requireMerge pull request #31991 from radar/bump-i18n-to-one-dot-ohMerge pull request #31923 from jdelStrother/duration-deserializationPreparing for 5.1.5.rc1 releaseMerge pull request #31803 from rmosolgo/rm-dependenciesMerge pull request #31624 from y-yagi/fix_minitest_511Handle `FrozenError` if it is availableRevert "Fix test for change to circular loading message"Revert "Add more info to the circular dependency error"Fix test for change to circular loading messageMerge pull request #31433 from jordan-brough/preserve-deprecated-method-visibilityAdd more info to the circular dependency errorMerge pull request #30468 from greysteil/backport-changelog-linksPrevent deadlocks with load interlock and DB lock.Hash#transform_keys is in Ruby 2.5+Preparing for 5.1.4 releaseAdd source code and changelog links to gemspecsUpdate changelog headers for 5.1.4.rc1Preparing for 5.1.4.rc1 releaseMerge pull request #30285 from albertoalmagro/pass-missing-name-attributeMerge pull request #30045 from albertoalmagro/fix-raise-unpermitted-parameters-regressionRevert "Merge pull request #15446 from akshay-vishnoi/doc_changes"Preparing for 5.1.3 releasePreparing for 5.1.3.rc3 releaseAdd missing support for modulo operations on durationsMerge pull request #29971 from rails/fix-duration-divisionPreparing for 5.1.3.rc2 releasePreparing for 5.1.3.rc1 releaseMerge pull request #29757 from lugray/hash_with_indifferent_access_defaultMerge pull request #29572 from kaspth/test-runner-no-eager-requireMerge pull request #29598 from y-yagi/fix_typo_in_callback_deprecation_msgMerge pull request #29518 from ragesoss/masterPreparing for 5.1.2 releasePreparing for 5.1.2.rc1 releaseMerge pull request #29140 from notEthan/log_subscribed_avoid_rescuingBump changelog for 04b6e71d8f45a5436da8206a9e09ea0017091111 [ci skip]Revert #25628. Incomplete change + needs a deprecation cycle.Fix duplicable? for Ratiional and Complex on ruby master, since they are now duplicableMerge pull request #26628 from mjhoy/fix-number-to-human-25742Merge pull request #29163 from rails/fix-scalar-duration-calculationMerge pull request #29086 from mikeycgto/message-encryptor-auth-tag-checkFix the changelogs.
↗ ️ concurrent-ruby (indirect, 1.0.5 → 1.1.3) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗ ️ erubi (indirect, 1.6.0 → 1.7.1) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by 16 commits:
Bump version to 1.7.1Remove one difference from READMEMinor tweak to READMEBump copyright yearMake whitespace handling for <%# %> tags more compatible with Erubis (Fixes #14)Test on ruby 2.5 on Travisremove unnecessary ternary operationBump version to 1.7.0Fix escaping in erubi/capture_end, the setting was previously inverted (Fixes #10)Make use of <%| more clear in README (Fixes #10)Remove gemspec line from travis.gemfileDrop tiny ruby versions from Travis, so Travis installs latestBump version to 1.6.1Fix usage on newer versions of JRuby 9.1Drop jruby-18mode from TravisUpdate .travis.yml
↗ ️ globalid (indirect, 0.4.0 → 0.4.1) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by 7 commits:
↗ ️ i18n (indirect, 0.8.6 → 1.1.1) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗ ️ loofah (indirect, 2.0.3 → 2.2.3) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗ ️ mail (indirect, 2.6.6 → 2.7.1) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗ ️ method_source (indirect, 0.8.2 → 0.9.2) · Repo
Commits
See the full diff on Github. The new version differs by 30 commits:
Merge pull request #55 from banister/release-0-9-2Release v0.9.2Merge pull request #54 from banister/52-jruby-patch-removalRevert "method_source: fix broken Procs on JRuby 9.2.0.0"bump version number to 0.9.1Merge pull request #51 from kyrylo/jruby-9200-fixmethod_source: fix broken Procs on JRuby 9.2.0.0Merge pull request #50 from mensfeld/masterremove gemfile locklicense for the gemspectweaks to .travis.ymlRun rake gemspec task to bump gemspec data (incl version number)Version 0.9.0 releaseMerge pull request #35 from mlarraz/patch-1Merge pull request #46 from petems/patch-1Merge pull request #45 from junaruga/feature/rspecAdd MIT License to GemfileReplace Bacon to RSpec 3.Merge pull request #42 from junaruga/feature/travis-ruby-headUpdate .travis.ymlMerge pull request #40 from koic/use_latest_rubiesMerge pull request #39 from koic/integer_unificationCI against Ruby 2.4.0CI against Ruby 2.3Integer Unification for Ruby 2.4.0+Add Travis CI status badgeMerge pull request #29 from nicolasleger/add_ruby_2_1_and_2_2Add new Ruby 2.1 and 2.2 versionsMerge pull request #24 from petergoldstein/feature/add_ruby_2_to_travisAdd Ruby 2 to Travis CI matrix. Eliminate warning.
↗ ️ mime-types (indirect, 3.1 → 3.2.2) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by 17 commits:
Finalize 3.2.2 hotfixMerge pull request #137 from bary822/remove_debuggerRemove unintentional debugging codev3.2.1: An encoding bugfix releaseMIME::Types::Container is still an internalUpdate Travis CI test matrixResolve #136 and control growth of containersResolve a bug related to the switch to SetsPerform some maintenance for v3.2Add .gemspec back in with bundle exec rake gemsepcRemove gemspec based on PR feedbackHardcode common argument results to prevent dup string allocationsCalculate priority from MIME types of same family[CI] Test against Ruby 2.5correct spelling mistakeAdd Ruby 2.3, 2.4 to Travis CI.Add __instances__ entry when loading from cache (#126)
↗ ️ mime-types-data (indirect, 3.2016.0521 → 3.2018.0812) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by 8 commits:
Fix the manifest for releasev3.2018.0812 Data Update, with tooling updatesFix a hoe bugMove Markdown extensions from text/plain (#13)Added ipa extention to application/octet-stream mime type definition (#12)Update JS MIME type file extensions (#11)Add .xsd extension to XML mime (#10)Adds more extensions for the video/MTS mime type (#7)
↗ ️ mini_portile2 (indirect, 2.2.0 → 2.3.0) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by 6 commits:
↗ ️ minitest (indirect, 5.10.3 → 5.11.3) · Repo · Changelog
↗ ️ multi_json (indirect, 1.12.1 → 1.13.1) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by 27 commits:
Version 1.13.1Fix missing stdlib set dependency in oj adapterMerge pull request #184 from josephpage/patch-1add changelog history for 0.13.0 releaseVersion 0.13.0Fix copyright year in READMEFix README typoMake Oj adapter handle JSON::ParseError correctlySort out the README a bitMake CI utilize fresh rubygems and bundlerUpdate CI rubiesMerge pull request #180 from 284km/update_travisCI against Ruby 2.2.8/2.3.5/2.4.2Version 1.12.2Update bundler before running specs in CIBump up some ruby versions for CIRenew my certTidy up gemspec a bitMerge pull request #177 from aried3r/patch-1Update README.mdSpecify different versions of json gemAdd ruby 2.4 to travisUpdate some development dependenciesMerge pull request #173 from jorgebraz/masterCheck if read IO object value is `blank?`Merge pull request #169 from app2641/typoFix typo [ci skip]
↗ ️ nio4r (indirect, 2.1.0 → 2.3.1) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by 63 commits:
v2.3.1Merge pull request #188 from socketry/fix-remove-interestsBump version.Don't preemptively update monitor->interests. Fixes #187.Merge pull request #186 from olleolleolle/patch-4Travis: use jruby-9.1.17.0v2.3.02018Merge pull request #183 from socketry/allow-interests-nilFix trailing whitespace.Fix C implementation.Also handle nil interests in JRuby implementation.Allow Monitor#interests=nil in pure Ruby implementation.Only update interests if they have changed.Handle Monitor#interests = nilv2.2.0Merge pull request #181 from socketry/rubocop-0-52-1Update to RuboCop 0.52.1Merge pull request #180 from socketry/better-port-h-checkext/nio4r/extconf.rb: check for port_event_t in port.h (fixes #178)Merge pull request #179 from tompng/rb_funcall_fixgem update --system before installadd 2.5.0 to .travis.ymlfix rb_funcall argument(when argc=0)Merge pull request #177 from socketry/fix-jruby-bytebuffer-string-conversionsFix ByteBuffer string conversions on JRubyMerge pull request #175 from olleolleolle/patch-4udp_socket_spec: Not on JRubyTravis: jruby-9.1.15.0Merge pull request #174 from socketry/rubocop-0-51Update RuboCop to 0.51Remove .ruby-versionMerge pull request #170 from HoneyryderChuck/cancelled_keycall SelectionKey#isValid before readyOps, to prevent CancelledKeyExceptiontest inconsistency of readiness when the selectable has been closedadded first draft of testreverted changespreventing CancelledKeyException, which randomly happens when selector selects an already closed keyMerge pull request #173 from socketry/fix-cispec: Use 127.0.0.1 instead of localhost (fixes #172)Merge pull request #171 from olleolleolle/patch-3Travis: latest JRubyMerge pull request #165 from olleolleolle/patch-3Travis: jruby-9.1.13.0Merge pull request #164 from HoneyryderChuck/bufferleakmoved buffer initialization to allocateinitialize buffer, as initialization may fail to mallocate the bufferfree char buffer when cleaning up ByteBuffer objectMerge pull request #162 from larskanis/dont-build-ext-on-windowsDon't build the extension on WindowsMerge pull request #157 from MSP-Greg/mingw_tests_1Windows / MinGW test failure - fix spec_helper.rbMerge pull request #155 from olleolleolle/patch-3Travis: jruby-9.1.12.0Add Appveyor badgeMerge pull request #153 from unak/patch-1Merge branch 'master' into patch-1Merge pull request #154 from socketry/appveyorappveyor.yml: Initial configurationSupport mswinSupport mswinMerge pull request #151 from socketry/configurable-backendsNIO::Selector: Support for enumerating and configuring backend
↗ ️ nokogiri (indirect, 1.8.0 → 1.8.5) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗ ️ rack (indirect, 2.0.3 → 2.0.6) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by 19 commits:
Bumping version for releaseWhitelist http/https schemesReduce buffer size to avoid pathological parsingMerge tag '2.0.5' into 2-0-stableMerge pull request #1296 from tomelm/fix-prefers-plaintextBump version for releaseMerge pull request #1268 from eileencodes/forwardport-pr-1249-to-2-0-stableMerge pull request #1249 from mclark/handle-invalid-method-parametersStick with a passing version of Rubygems and bundlerLeahizeBumping versionwebrick: remove concurrent-ruby dev dependencyMerge pull request #1190 from hugoabonizio/masterMerge pull request #1193 from tompng/multipart_less_memoryMerge pull request #1192 from jkowens/masterMerge pull request #1179 from tompng/masterMerge pull request #1151 from cremno/simplify-some-string-creationsMerge pull request #1189 from lugray/fix_rack_lockRequire the right file for the digest we're using
↗ ️ rack-test (indirect, 0.6.3 → 1.1.0) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗ ️ rails-html-sanitizer (indirect, 1.0.3 → 1.0.4) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by 16 commits:
Prepare to 1.0.4 releaseMake sure we address CVE-2018-8048Remove rbx since it doesn't seem to install.Merge pull request #66 from fschwahn/improve-testsFix deprecation warning from MinitestMake tests pass again with recent nokogiri versionsRename test to better reflect what is actually testedtyposWe're still testing against ruby 1.9 and 2.0 that aren't supported by nokogiri 1.7activesupport 5 doesn't support ruby < 2.2.2 that are still tested in this repobundle with the newest released bundlerTest against newer released rubies[ci skip] Remove faulty overrides in scrubber example.[ci skip] Change override method in PermitScrubber.Merge pull request #47 from pvalena/patch-1Correct license filename
↗ ️ railties (indirect, 5.1.1 → 5.1.6.1) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by 59 commits:
Preparing for 5.1.6.1 releasePreparing for 5.1.6 releaseAdd CHANGELOG entry for minimum ruby version checkMerge pull request #32252 from bogdanvlviv/fix-changelogs-of-5-1-stable-30748Compare ruby version with correct wayFix `test_config_another_database` failureMerge pull request #32310 from sodabrew/mysql2-0.4-0.5Fix changelog entries of `5-1-stable` [ci skip]Merge pull request #31901 from Kevinrob/patch-1Preparing for 5.1.5 releasePreparing for 5.1.5.rc1 release`Minitest::Result` can't use in 5-1-stableMerge pull request #31624 from y-yagi/fix_minitest_511Merge pull request #31671 from larskanis/pg-1.0Handle `FrozenError` if it is availableMerge pull request #31355 from rails/fix-rails-env-with-rubyBackport #30748 for redis-rb 4.0 supportMerge pull request #30468 from greysteil/backport-changelog-linksBackport #30579Merge pull request #29146 from y-yagi/fix_29138Preparing for 5.1.4 releaseAdd source code and changelog link to railties.gemspecUpdate changelog headers for 5.1.4.rc1Preparing for 5.1.4.rc1 releaseAdd test case to make sure Parameters configuration are executed onceMerge pull request #29010 from y-yagi/fix_28988Merge pull request #30115 from intrip/30049-application-controller-renderer-defaults-automatic-reload-in-devMerge branch '5.1.3' into 5-1-stablePreparing for 5.1.3 releaseMerge branch '5.1.3' into 5-1-stablePreparing for 5.1.3.rc3 releasePreparing for 5.1.3.rc2 release[ci skip] Add regression changelog entry for #29926.Merge pull request #29926 from pawandubey:fix-test-with-absolute-pathsMerge pull request #29926 from pawandubey:fix-test-with-absolute-pathsMerge pull request #29898 from deivid-rodriguez/follow_up_to_multiple_location_engine_mountingMerge pull request #29898 from deivid-rodriguez/follow_up_to_multiple_location_engine_mountingMerge pull request #29902 from y-yagi/fix_29880Preparing for 5.1.3.rc1 releaseMerge pull request #29821 from y-yagi/set_rails_env_before_load_application_fileMerge pull request #29772 from y-yagi/allow_to_edit_secrets_in_mutiple_applications_at_the_same_timeFix template format check.Fix root not being defined on Travis.Fix mattr_reader usage to 5.1 style.Merge pull request #29572 from kaspth/test-runner-no-eager-requireMerge pull request #29705 from y-yagi/do_not_update_secrets_yml_encMerge pull request #29721 from y-yagi/fix_29696Merge pull request #29725 from y-yagi/fix_29717Merge pull request #29662 from deivid-rodriguez/engine_multiple_mount_pointsForce ActionController::Base lazy laod hooks to runPreparing for 5.1.2 releasePreparing for 5.1.2.rc1 releaseMerge pull request #29482 from Edouard-chin/test-load-path[ci skip] Add changelog entry for ff7ec79.Access EDITOR through Ruby's cross-platform ENV.Merge pull request #29238 from ashishg-qburst/generatorMerge pull request #29195 from kaspth/rails-secrets-better-edit-exceptionUpdate system test runner docsFix the changelogs.
↗ ️ rake (indirect, 12.0.0 → 12.3.1) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗ ️ sprockets (indirect, 3.7.1 → 3.7.2) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by 5 commits:
↗ ️ sprockets-rails (indirect, 3.2.0 → 3.2.1) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by 16 commits:
Only use caller_locations in Rails 5Check if the method exists in the right moduleTest with Rails 5.1 and Ruby 2.4.1Use compatible version of sass in old rubiesAlways use the supported version of nokogiri in that rubyMerge pull request #394 from rails/schneems/fix-testsPrepare to 3.2.1 releaseMerge pull request #409 from junaruga/hotfix/undefined-metohd-split-for-nil-classFix a test failure for undefined method `split' for nil:NilClass.Merge pull request #404 from junaruga/feature/readme-badge-masterSpecify master branch for Travis build status image.Fix testsMerge pull request #383 from EiNSTeiN-/patch-1Be more specific with required fileMerge pull request #380 from dreyks/patch-1fix changelog entry about unknown_asset_fallback
↗ ️ thor (indirect, 0.19.4 → 0.20.3) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗ ️ tzinfo (indirect, 1.2.3 → 1.2.5) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by 16 commits:
Preparing v1.2.5.Update copyright years.Use Ruby 1.8 compatible syntax.Document that utc_offset and std_offset may be inaccurate with zoneinfo.Allow zoneinfo offset derivation to pick a negative std_offset.Don't store lazily-evaluated results if the object has been frozen.Remove unnecessary calls to Country.get in tests.Restore $SAFE after running a safe mode test (if possible).Disable Minitest's use of external diff tools during safe mode tests.Add Ruby 2.5.0 and update to the latest Ruby, JRuby and Rbx releases.Replace expired gem signing certificate.Preparing v1.2.4.Update bundler before installing gems.Use the Trusty build environment.Update to Ruby 2.2.8, 2.3.5, 2.4.2, JRuby 1.7.27, 9.1.13.0 and rbx 3.86.Ignore the leapseconds file included in v2017c+ zoneinfo directories.
↗ ️ websocket-extensions (indirect, 0.1.2 → 0.1.3) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by 20 commits:
Bump version to 0.1.3.Bump Ruby versions on Travis.Header parser should accept uppercase letters.Fix the version of Rubygems that Travis is using on Ruby 1.9.Use an https: link to github in the gemspec.Merge pull request #4 from EdwardBetts/spellingcorrect spelling mistakeUpdate Ruby versions in Travis config.Merge pull request #3 from junaruga/feature/travis-ruby-headAdd Ruby 2.4.1 to .travis.ymlBump Ruby versions 2.2 and 2.3 on Travis.Remove Rubinius from the build as it hasn't worked on Travis for weeks.Update Ruby versions for Travis.Update the Ruby versions used on Travis.Separate the license textCreate CODE_OF_CONDUCT.md.Update Rubies for Travis: 2.1.7, 2.2.3, jruby-9, rbx-2.5.Test on Ruby 2.2.1.Reversing the previous commit; generateResponse() should throw on invalid heders (as should activate()), because the server should fail the connection in this event.If the header from the client is invalid, just ignore it and build a pipeline with no sessions.
🆕 crass (added, 1.0.4)
🆕 mini_mime (added, 1.0.1)
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.
All Depfu comment commands
- @depfu rebase
- Rebases against your default branch and redoes this update
- @depfu merge
- Merges this PR once your tests are passing and conflicts are resolved
- @depfu reopen
- Restores the branch and reopens this PR (if it's closed)
- @depfu pause
- Ignores all future updates for this dependency and closes this PR
- @depfu pause [minor|major]
- Ignores all future minor/major updates for this dependency and closes this PR
- @depfu resume
- Future versions of this dependency will create PRs again (leaves this PR as is)