Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/buzzn/core/network/alerts).
Bumps rack, rails and activerecord. These dependencies needed to be updated together. Updates
rackfrom 1.6.13 to 2.2.3Commits
1741c58bump version5ccca47When parsing cookies, only decode the valuesa5e80f0Bump version.b0de37dRemove trailing whitespace.1a784e5Prepare CHANGELOG for next patch release.a0d57d4Fix to handle same_site option for session poola9b223bEnsure full match. Fixes #1590.f4c5645Double assignment is still needed to prevent an "unused variable" warning5c121ddRevert "Update Thin handler to better handle more options"961d976Prepare point release.Updates
railsfrom 4.2.11.1 to 5.2.4.3Release notes
Sourced from rails's releases.
Commits
7b5cc5aPreparing for 5.2.4.3 release559cce2updating changelog3c806b9bumping version9cb66f6update changelogfbc7becCheck that request is same-origin prior to including CSRF token in XHRsd124f19HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a ...467e339activesupport: Deprecate Marshal.load on raw cache read in RedisCacheStoref7e077factivesupport: Avoid Marshal.load on raw cache value in MemCacheStore7a3ee4fReturn self when calling #each, #each_pair, and #each_value instead of the ra...e8df564Include Content-Length in signature for ActiveStorage direct uploadUpdates
activerecordfrom 4.2.11.1 to 5.2.4.3Release notes
Sourced from activerecord's releases.
Commits
7b5cc5aPreparing for 5.2.4.3 release3c806b9bumping version4dcc543update versionac30e38Preparing for 5.2.4.1 release8bec77cPreparing for 5.2.4 release9e2a341Preparing for 5.2.4.rc1 release1c070a5Merge pull request #37747 from bradleyprice/check-association-loaded-across-c...4074c06Merge pull request #36526 from yahonda/test_statement_cache_with_in_clause_pgfde4401Fix random CI failure due to non-deterministic sorting order94b6887Merge pull request #37489 from giraffate/fix_random_ci_failure_due_to_non-det...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/buzzn/core/network/alerts).