🚨 [security] Update ffi: 1.9.14 → 1.10.0 (minor)

[depfu]

---

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

---

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

↗️ ffi (indirect, 1.9.14 → 1.10.0) · Repo · Changelog

Security Advisories 🚨

🚨 ruby-ffi DDL loading issue on Windows OS

ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be
hijacked on Windows OS, when a Symbol is used as DLL name instead of a String
This vulnerability appears to have been fixed in v1.9.24 and later.

Release Notes

1.10.0 (from changelog)

Added:

• Add /opt/local/lib/ to ffi's fallback library search path. #638
• Add binary gem support for ruby-2.6 on Windows
• Add FreeBSD on AArch64 and ARM support. #644
• Add FFI::LastError.winapi_error on Windows native or Cygwin. #633

Changed:

• Update to rake-compiler-dock-0.7.0
• Use 64-bit inodes on FreeBSD >= 12. #644
• Switch time_t and suseconds_t types to long on FreeBSD. #627
• Make register_t long_long on 64-bit FreeBSD. #644
• Fix Pointer#write_array_of_type #637

Removed:

• Drop binary gem support for ruby-2.0 and 2.1 on Windows

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

✳️ aruba (0.14.2 → 0.14.14) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ builder (indirect, 3.2.2 → 3.2.4) · Repo · Changelog

↗️ childprocess (indirect, 0.5.9 → 3.0.0) · Repo · Changelog

Release Notes

3.0.0

• #156: Remove unused rubyforge_project from gemspec
• #160: Remove extension to conditionally install ffi gem on Windows platforms
• #160: Remove runtime dependency on rake gem

2.0.0 (from changelog)

• #148: Drop support for Ruby 2.0, 2.1, and 2.2
• #149: Fix Unix fork reopen to be compatible with Ruby 2.6
• #152/#154: Fix hangs and permission errors introduced in Ruby 2.6 for leader processes of process groups

1.0.1 (from changelog)

• #143: Fix installs by adding rake gem as runtime dependency
• #147: Relax rake gem constraint from < 12 to < 13

1.0.0 (from changelog)

• #134: Add support for non-ASCII characters on Windows
• #132: Install ffi gem requirement on Windows only
• #128: Convert environment variable values to strings when posix_spawn enabled
• #141: Support JRuby on Java >= 9

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ contracts (indirect, 0.14.0 → 0.16.0) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 17 commits:

• v0.16.0
• Add a couple CHANGELOG entries. (#257)
• FIX: methods created with attr_* don't have a source_location. In that case just return the empty string.
• Add a `Contracts::Attrs` module containing attribute w/ contracts utilities. (#255)
• Fix StrictHash contract for extra keys (#254)
• Drop support for Ruby 1.8. (#256)
• Fix broken contracts.coffee link in README.
• adding task to add tag for new versions
• version 0.15.0
• add to readme.md info about running `rspec`
• fixes issue #242 - contract's return value is now enforced with blocks properly (#251)
• make specs less noisy to read by using declarative expectations (#245)
• Merge pull request #237 from eval/patch-1
• Fix contracts used in AR-models
• fix docs
• version bump in changelog
• version 0.14.0

↗️ cucumber (indirect, 2.4.0 → 4.1.0) · Repo · Changelog

Release Notes

4.1.0 (from changelog)

Changed

• Use cucumber-create-meta to produce the Meta message before the run.

• Updated gems:

  • cucumber-wire ~> 3.1.0
  • cucumber-core ~> 7.1.0
  • cucumber-gherkin ~> 14.0.1
    • Fix issue with empty feature files #1427
  • cucumber-messages ~> 12.2.0
  • cucumber-html-formatter ~> 7.0.0
    • Fix issue with Hook attachments #1420

Fixed

• AfterStep hook do not cause issue when running message formatter. #1433 - #1434

4.0.1 (from changelog)

Fixed

• force reference to diff-lcs to 1.3 as 1.4 introduced breaking changes.

4.0.0 (from changelog)

Changed

• log method can now be called with non-string objects and will run .to_s on them. #1410

Improved

• Display snippet when using undefined parameter type #1411

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ cucumber-core (indirect, 1.5.0 → 7.1.0) · Repo · Changelog

Release Notes

7.1.0 (from changelog)

Changed

• Updated gems:
  • cucumber-gherkin ~> 14.0.1
  • cucumber-messages ~> 12.2.0

7.0.0 (from changelog)

Changed

• Updated monorepo libraries:
  • cucumber-gherkin ~> 13
  • cucumber-messages ~> 12

6.0.0 (from changelog)

Changed

• Update to Gherkin 10

Added

• Add envelope event, which are used when emitting Cucumber::Messages
• Add TestCaseCreated and TestStepCreated events, emitted when compiling a Pickle
• Add Id field to TestCase and TestStep
• Added rubocop (with todo file), and removed backports gems (#186, #182 tas50, luke-hill)

Removed

• Remove location for MultiLine arguments

5.0.2 (from changelog)

Changed

• Update to use Gherkin v8

5.0.1 (from changelog)

Removed

• Remove support for ruby 2.2 and below. 2.3 or higher is required now.

5.0.0 (from changelog)

Changed

• Update to use Gherkin v7

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ cucumber-wire (indirect, 0.0.1 → 3.1.0) · Repo

Commits

See the full diff on Github. The new version differs by 74 commits:

• Release 3.1.0
• Bump cucumber / cucumber-core
• Merge pull request #32 from cucumber/gherkin-14
• Bump cucumber-messages to 12.2
• Merge pull request #30 from cucumber/renovate/configure
• Add renovate.json
• Post-releae 3.0.0
• Release 3.0.0
• Update CHANGELOG.md
• Merge pull request #29 from cucumber/cucumber-messages-12.1
• Emit Meta message at beginning of run
• Fix Changelog with correct version number
• Post-release 2.0.1
• Release 2.0.1
• Merge pull request #28 from cucumber/enable-circle-ci-windows-build
• Remove references to MultiJSON as it cuases issues on Windows build
• Update changelog after 2.0.0 release
• Release 2.0.0
• Fix changelog formatting
• Update Changelog after 1.2.0 release
• Release 1.2.0
• Update CHANGELOG.md
• Merge pull request #27 from cucumber/use-idgenerator-uuid
• Use IdGenerator::UUID
• Branch has been merged
• Merge branch 'gherkin-9' into fire-events
• Merge branch 'add-ids-to-elements' into fire-events
• Specify the branch that should fix the CI issues
• CircleCI does not like localhost but is ok with 127.0.0.1
• Enable CircleCI for Wire too
• DataTable do not need Location anymore
• WIP: Hooks now need an ID to be generated
• Merge pull request #11 from olleolleolle/feature/add-docs
• Update changelog post-release
• Release 1.1.0
• Branches gherkin-8 have been merged to master
• Clean spaces that are not real spaces
• Upgrade cucumber-expressions
• Fix a failing test
• gherkin-7 branch do not exist anymore, use gherkin-8 instead
• Merge pull request #22 from cucumber/gherkin-7
• update-gemspec tweaks
• Fix typo
• Build all branches
• Change branch syntax
• Update dependency
• Upgrade to gherkin 7
• Merge pull request #21 from cucumber/feature/updated_deps
• Update ruby/gem dependencies
• Merge pull request #17 from cucumber/ci-use-latest-jruby
• CI: Use JRuby 9.2.7.0
• Upgrade rubies, don't depend on git
• Upgrade changelog
• Local gems are loaded in a similar way to cucumber-ruby and cucumber-ruby-core
• Bump to cucumber-expressions 7.0.0
• Release 1.0.0 & Add contributing
• Merge #15 'Add feature describing expected serialization of docstrings'
• Add feature describing expected serialization of docstrings
• Merge #14 'Adapt to the move of Location to Cucumber::Core::Test'
• Fixes to work with modern Cucucmber-Ruby
• Adapt to the move of Location to Cucumber::Core::Test
• Merge pull request #13 from cucumber/changelog-add
• CHANGELOG add for cucumber/cucumber #251
• README: Explain background for gem
• README: Configuration section [ci skip]
• README: SVG build badge [ci skip]
• Merge pull request #10 from junaruga/feature/readme-add-build-status
• Add Travis Build Status to README.
• Merge pull request #9 from junaruga/feature/travis-drop-1.9-and-jruby
• Drop Ruby 1.9 and JRuby from supported platforms.
• Add ruby-head to Travis. (#8)
• Merge pull request #7 from junaruga/feature/travis-ruby-2.4
• Add Ruby 2.4 to Travis CI
• Add license

↗️ multi_json (indirect, 1.12.1 → 1.15.0) · Repo · Changelog

Release Notes

1.15.0 (from changelog)

• Improve detection of json_gem adapter

1.14.1 (from changelog)

• Fix a warning in Ruby 2.7

1.14.0 (from changelog)

• Support Oj 3.x gem

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 48 commits:

• Version 0.15.0
• Add 2.7 to a list of "supported" ruby versions
• Revert "Update multi_json.gemspec"
• Merge pull request #197 from eregon/fix-detection-json-gem
• Merge pull request #194 from bastelfreak/ruby27
• Fix detection for the json_gem adapter
• Update multi_json.gemspec
• Add Ruby 2.7 to test matrix
• Version 0.14.1
• Update changelog for 0.14.1
• Fix 2.7 warning
• Merge pull request #193 from orien/gem-metadata
• Add project metadata to the gemspec
• Version 0.14.0
• Remove ssh key signing
• Add changelog for 0.14
• Oj 2 and 3 support
• Fix CI
• Remove gemnasium
• Merge pull request #192 from igas/patch-2
• Fix codeclimate badge
• Version 1.13.1
• Fix missing stdlib set dependency in oj adapter
• Merge pull request #184 from josephpage/patch-1
• add changelog history for 0.13.0 release
• Version 0.13.0
• Fix copyright year in README
• Fix README typo
• Make Oj adapter handle JSON::ParseError correctly
• Sort out the README a bit
• Make CI utilize fresh rubygems and bundler
• Update CI rubies
• Merge pull request #180 from 284km/update_travis
• CI against Ruby 2.2.8/2.3.5/2.4.2
• Version 1.12.2
• Update bundler before running specs in CI
• Bump up some ruby versions for CI
• Renew my cert
• Tidy up gemspec a bit
• Merge pull request #177 from aried3r/patch-1
• Update README.md
• Specify different versions of json gem
• Add ruby 2.4 to travis
• Update some development dependencies
• Merge pull request #173 from jorgebraz/master
• Check if read IO object value is `blank?`
• Merge pull request #169 from app2641/typo
• Fix typo [ci skip]

🆕 activesupport (added, 6.0.3.2)

🆕 cucumber-create-meta (added, 1.0.0)

🆕 cucumber-cucumber-expressions (added, 10.2.1)

🆕 cucumber-gherkin (added, 14.1.0)

🆕 cucumber-html-formatter (added, 7.0.0)

🆕 cucumber-messages (added, 12.3.2)

🆕 cucumber-tag-expressions (added, 2.0.4)

🆕 middleware (added, 0.1.0)

🆕 minitest (added, 5.14.1)

🆕 protobuf-cucumber (added, 3.10.8)

🆕 sys-uname (added, 1.2.1)

🆕 thread_safe (added, 0.3.6)

🆕 tzinfo (added, 1.2.7)

🆕 zeitwerk (added, 2.4.0)

🗑️ gherkin (removed)

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)

[michaelmior]

@depfu rebase

[michaelmior]

@depfu rebase