Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the production-dependencies group with 6 updates #21

Closed
wants to merge 1 commit into from
Closed

Bump the production-dependencies group with 6 updates #21

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 1, 2024
edited
Loading

Bumps the production-dependencies group with 6 updates:

Package From To
bootsnap 1.17.0 1.18.3
graphql 2.1.6 2.2.11
pg 1.5.4 1.5.5
puma 6.4.0 6.4.2
rails 7.1.2 7.1.3.2
rubocop-rails 2.22.2 2.23.1

Updates bootsnap from 1.17.0 to 1.18.3

Changelog

Sourced from bootsnap's changelog.

1.18.3

  • Fix the cache corruption issue in the revalidation feature. See #474. The cache revalidation feature remains opt-in for now, until it is more battle tested.

1.18.2

  • Disable stale cache entries revalidation by default as it seems to cause cache corruption issues. See #471 and #474. Will be re-enabled in a future version once the root cause is identified.
  • Fix a potential compilation issue on some systems. See #470.

1.18.1

  • Handle EPERM errors when opening files with O_NOATIME.

1.18.0

  • Bootsnap.instrumentation now receive :hit events.
  • Add Bootsnap.log_stats! to print hit rate statistics on process exit. Can also be enabled with BOOTSNAP_STATS=1.
  • Revalidate stale cache entries by digesting the source content. This should significantly improve performance in environments where mtime isn't preserved (e.g. CI systems doing a git clone, etc). See #468.
  • Open source files and cache entries with O_NOATIME when available to reduce disk accesses. See #469.
  • bootsnap precompile --gemfile now look for .rb files in the whole gem and not just the lib/ directory. See #466.

1.17.1

  • Fix a compatibility issue with the prism library that ships with Ruby 3.3. See #463.
  • Improved the Kernel#require decorator to not cause a method redefinition warning. See #461.
Commits
  • 48c08b0 Release 1.18.3
  • 08cd0d9 Merge pull request #476 from Shopify/fix-revalidation
  • ad189d1 Fix a cache corruption issue during revalidation
  • 2dba040 Release 1.18.2
  • 38554bb Merge pull request #475 from Shopify/disable-revalidation-by-default
  • a5b46d0 Disable stale cache entries revalidation by default
  • 4b6d40e Merge pull request #473 from Shopify/gnu-source
  • 33754b4 Define _GNU_SOURCE properly
  • d4b4666 Workaround fdatasync bug on macOS
  • c88b4bd Include errno_provenance in sys_err messages
  • Additional commits viewable in compare view

Updates graphql from 2.1.6 to 2.2.11

Changelog

Sourced from graphql's changelog.

2.2.11 (27 Feb 2024)

New features

  • Sentry: support transaction names in tracing #4853

Bug fixes

  • Tracing: handle unknown trace modes at runtime #4856

2.2.10 (20 Feb 2024)

New features

  • Parser: support directives on variable definitions #4847

Bug fixes

  • Fix compatibility with Ruby 3.4 #4846
  • Tracing: Fix applying default options to non-default modes #4849, #4850

2.2.9 (15 Feb 2024)

New features

  • Complexity: Treat custom Connection fields as metadata (like totalCount), not as if they were evaluated for each item in the list #4842
  • Subscriptions: Serialize ActiveRecord::Relations given to .trigger #4840

Bug fixes

  • Complexity: apply configured complexity ... to connection fields #4841
  • Authorization: properly handle Resolver arguments that return false for #authorized? #4839

2.2.8 (7 Feb 2024)

New features

  • Responses have "errors" before "data", as recommended by the GraphQL spec #4823

Bug fixes

  • Sentry: fix integration with other trace modules #4830
  • Sentry: fix when child span is nil (test environments) #4828
  • Remove needless Base64 backport #4820
  • Fix module arrangement to support RDoc #4819

2.2.7 (29 Jan 2024)

Deprecations

... (truncated)

Commits

Updates pg from 1.5.4 to 1.5.5

Changelog

Sourced from pg's changelog.

v1.5.5 [2024-02-15] Lars Kanis [email protected]

  • Explicitly retype timespec fields to int64_t to fix compatibility with 32bit arches. #547
  • Fix possible buffer overflows in PG::BinaryDecoder::CopyRow on 32 bit systems. #548
  • Add binary Windows gems for Ruby 3.3.
  • Update Windows fat binary gem to OpenSSL-3.2.1 and PostgreSQL-16.2.
Commits
  • daec80f Add release notes for pg-1.5.5
  • 72cdd6b Add ruby-3.3 to windows binary gems
  • d99a6b4 Bump VERSION to 1.5.5
  • f74a371 Update openssl and postgresql versions for binary gems
  • 5c105f2 Update OpenSSL and PostgreSQL versions for Windows binary gem
  • 2218ebf Print the contant of "setup.log" on failure
  • babfda4 Work around an logging issue on Windows
  • 1c67bbf Merge pull request #549 from jackorp/dont_ship_po_files
  • 99119b1 Don't ship POT files in gem.
  • dfd5f59 Merge pull request #548 from larskanis/fix-x86
  • Additional commits viewable in compare view

Updates puma from 6.4.0 to 6.4.2

Release notes

Sourced from puma's releases.

6.4.1

  • Bugfixes

    • DSL#warn_if_in_single_mode - fixup when workers set via CLI (#3256)
    • Fix idle-timeout not working in cluster mode (#3235, #3228, #3282, #3283)
    • Fix worker 0 timing out during phased restart (#3225, #2786)
    • context_builder.rb - require openssl if verify_mode != 'none' (#3179)
    • Make puma cluster process suitable as PID 1 (#3255)
    • Improve Puma::NullIO consistency with real IO (#3276)
    • extconf.rb - fixup to detect openssl info in Ruby build (#3271, #3266)
    • MiniSSL.java - set serialVersionUID, fix RaiseException deprecation (#3270)
    • dsl.rb - fix warn_if_in_single_mode when WEB_CONCURRENCY is set (#3265, #3264)

  • Maintenance

    • LOTS of test refactoring to make tests more stable and easier to write - thanks to @​MSP-Greg!
    • Fix bug in tests re: TestPuma::HOST4 (#3254)
    • Dockerfile for minimal repros: use Ruby 3.2, expect bundler installed (#3245)
    • fix define_method calls, use Symbol parameter instead of String (#3293)

  • Docs

    • README.md - add the puma-acme plugin (#3301)
    • Remove --keep-file-descriptors flag from systemd docs (#3248)
    • Note symlink mechanism in restart documentation for hot restart (#3298)
Changelog

Sourced from puma's changelog.

6.4.2 / 2024-01-08

  • Security
    • Limit the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. (GHSA-c2f4-cvqm-65w2)

6.4.1 / 2024-01-03

  • Bugfixes

    • DSL#warn_if_in_single_mode - fixup when workers set via CLI (#3256)
    • Fix idle-timeout not working in cluster mode (#3235, #3228, #3282, #3283)
    • Fix worker 0 timing out during phased restart (#3225, #2786)
    • context_builder.rb - require openssl if verify_mode != 'none' (#3179)
    • Make puma cluster process suitable as PID 1 (#3255)
    • Improve Puma::NullIO consistency with real IO (#3276)
    • extconf.rb - fixup to detect openssl info in Ruby build (#3271, #3266)
    • MiniSSL.java - set serialVersionUID, fix RaiseException deprecation (#3270)
    • dsl.rb - fix warn_if_in_single_mode when WEB_CONCURRENCY is set (#3265, #3264)

  • Maintenance

    • LOTS of test refactoring to make tests more stable and easier to write - thanks to @​MSP-Greg!
    • Fix bug in tests re: TestPuma::HOST4 (#3254)
    • Dockerfile for minimal repros: use Ruby 3.2, expect bundler installed (#3245)
    • fix define_method calls, use Symbol parameter instead of String (#3293)

  • Docs

    • README.md - add the puma-acme plugin (#3301)
    • Remove --keep-file-descriptors flag from systemd docs (#3248)
    • Note symlink mechanism in restart documentation for hot restart (#3298)
Commits

Updates rails from 7.1.2 to 7.1.3.2

Release notes

Sourced from rails's releases.

v7.1.3.2

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • No changes.

Action Pack

  • Fix raise_on_missing_translations not working correctly with the translate method in controllers after the patch for CVE-2024-26143.

Active Job

  • No changes.

Action Mailer

  • No changes.

Action Cable

  • No changes.

... (truncated)

Commits
  • 6f0d1ad Preparing for 7.1.3.2 release
  • c25f0fc Respect raise_on_missing_ in controller
  • d73ed95 Preparing for 7.1.3.1 release
  • 43037d8 update changelog
  • 5187a9e fix XSS vulnerability when using translation
  • b4d3bfb Fix ReDoS in accept header scanning
  • 36c1591 Preparing for 7.1.3 release
  • a84622f Sync changelog
  • 1f505f0 Merge pull request #50771 from rails/backport-preview-nplus1
  • d8a8dd9 Merge pull request #50758 from rails/fix-video-preview-nplus1
  • Additional commits viewable in compare view

Updates rubocop-rails from 2.22.2 to 2.23.1

Release notes

Sourced from rubocop-rails's releases.

RuboCop Rails 2.23.1

Bug fixes

  • #1221: Fix an exception in Rails/WhereNot when calling .where on an implicit receiver (e.g. inside model code). (@​bquorning)

RuboCop Rails 2.23.0 (The RubyConf Taiwan 2023 Edition)

New features

Bug fixes

  • #1206: Fix an error for Rails/WhereMissing where join method is called without arguments. (@​fatkodima)
  • #1189: Fix false negatives for Rails/Pluck when using safe navigation method calls. (@​koic)
  • #1204: Make Rails/ActiveSupportAliases, Rails/FindBy, Rails/FindById, Rails/Inquiry, Rails/Pick Rails/PluckId, Rails/PluckInWhere, Rails/WhereEquals, Rails/WhereExists, and Rails/WhereNot cops aware of safe navigation operator. (@​koic)

Changes

Changelog

Sourced from rubocop-rails's changelog.

2.23.1 (2023-12-25)

Bug fixes

  • #1221: Fix an exception in Rails/WhereNot when calling .where on an implicit receiver (e.g. inside model code). ([@​bquorning][])

2.23.0 (2023-12-16)

New features

Bug fixes

  • #1206: Fix an error for Rails/WhereMissing where join method is called without arguments. ([@​fatkodima][])
  • #1189: Fix false negatives for Rails/Pluck when using safe navigation method calls. ([@​koic][])
  • #1204: Make Rails/ActiveSupportAliases, Rails/FindBy, Rails/FindById, Rails/Inquiry, Rails/Pick Rails/PluckId, Rails/PluckInWhere, Rails/WhereEquals, Rails/WhereExists, and Rails/WhereNot cops aware of safe navigation operator. ([@​koic][])

Changes

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the production-dependencies group with 6 updates
9d58e13 
Bumps the production-dependencies group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [bootsnap](https://github.com/Shopify/bootsnap) | `1.17.0` | `1.18.3` |
| [graphql](https://github.com/rmosolgo/graphql-ruby) | `2.1.6` | `2.2.11` |
| [pg](https://github.com/ged/ruby-pg) | `1.5.4` | `1.5.5` |
| [puma](https://github.com/puma/puma) | `6.4.0` | `6.4.2` |
| [rails](https://github.com/rails/rails) | `7.1.2` | `7.1.3.2` |
| [rubocop-rails](https://github.com/rubocop/rubocop-rails) | `2.22.2` | `2.23.1` |


Updates `bootsnap` from 1.17.0 to 1.18.3
- [Changelog](https://github.com/Shopify/bootsnap/blob/main/CHANGELOG.md)
- [Commits](Shopify/bootsnap@v1.17.0...v1.18.3)

Updates `graphql` from 2.1.6 to 2.2.11
- [Release notes](https://github.com/rmosolgo/graphql-ruby/releases)
- [Changelog](https://github.com/rmosolgo/graphql-ruby/blob/master/CHANGELOG.md)
- [Commits](rmosolgo/graphql-ruby@v2.1.6...v2.2.11)

Updates `pg` from 1.5.4 to 1.5.5
- [Changelog](https://github.com/ged/ruby-pg/blob/master/History.md)
- [Commits](ged/ruby-pg@v1.5.4...v1.5.5)

Updates `puma` from 6.4.0 to 6.4.2
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](puma/puma@v6.4.0...v6.4.2)

Updates `rails` from 7.1.2 to 7.1.3.2
- [Release notes](https://github.com/rails/rails/releases)
- [Commits](rails/rails@v7.1.2...v7.1.3.2)

Updates `rubocop-rails` from 2.22.2 to 2.23.1
- [Release notes](https://github.com/rubocop/rubocop-rails/releases)
- [Changelog](https://github.com/rubocop/rubocop-rails/blob/master/CHANGELOG.md)
- [Commits](rubocop/rubocop-rails@v2.22.2...v2.23.1)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: graphql
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: pg
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: puma
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: rails
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: rubocop-rails
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 1, 2024
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Apr 1, 2024

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Apr 1, 2024
@dependabot dependabot bot deleted the dependabot/bundler/production-dependencies-3ae302ed5a branch April 1, 2024 12:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants