chanzuckerberg / sorbet-rails

A set of tools to make the Sorbet typechecker work with Ruby on Rails seamlessly.
MIT License
638 stars 84 forks source link

Update sqlite3 requirement from ~> 1.4.1 to ~> 1.5.4 #524

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 2 years ago

Updates the requirements on sqlite3 to permit the latest version.

Release notes

Sourced from sqlite3's releases.

1.5.4 / 2022-11-18

Dependencies

  • Vendored sqlite is updated to v3.40.0.

sha256 checksums:

6b5df9845b54de0933e829c40b222100c7bd5190c53adfd88a19bfafd4520132  sqlite3-1.5.4-aarch64-linux.gem
cfed00e8f9200ea38451856e53e891dc11d3297e95120f1f2879ec8000169941  sqlite3-1.5.4-arm-linux.gem
6e70813a40bc4524623f0d66b96cf3068397973c661ca33773f85cc3e49141a6  sqlite3-1.5.4-arm64-darwin.gem
186bcdd7869b9098f9091640c7e6b250951988eb9f0d92f05e5160b64bed0000  sqlite3-1.5.4-x64-mingw-ucrt.gem
28a4daf8386d67590f86f32284229de2fa66c7e19389fc7e18c60143be616729  sqlite3-1.5.4-x64-mingw32.gem
495757cc3d65484055706adf416ea3ce8040c4b5847d7a3e959e7f22a1990739  sqlite3-1.5.4-x86-linux.gem
d5db3d52c9bfffc172eaae265cb367ad6f8ee99e15deb3386c97889ef1673a95  sqlite3-1.5.4-x86_64-darwin.gem
28a91539287a4a19d1beb1b168cbbec969eda3035a1c8c9208475d9765152f89  sqlite3-1.5.4-x86_64-linux.gem
5d4f6bed23a629651c965f5107861f11df479d74eeef3a70d6ec702f28112101  sqlite3-1.5.4.gem
Changelog

Sourced from sqlite3's changelog.

1.5.4 / 2022-11-18

Dependencies

  • Vendored sqlite is updated to v3.40.0.

1.5.3 / 2022-10-11

Fixed

  • Fixed installation of the "ruby" platform gem when building from source on Fedora. In v1.5.0..v1.5.2, installation failed on some systems due to the behavior of Fedora's pkg-config implementation. #355

1.5.2 / 2022-10-01

Packaging

This version correctly vendors the tarball for sqlite v3.39.4 in the vanilla "ruby" platform gem package, so that users will not require network access at installation.

v1.5.0 and v1.5.1 mistakenly packaged the tarball for sqlite v3.38.5 in the vanilla "ruby" platform gem, resulting in downloading the intended tarball over the network at installation time (or, if the network was not available, failure to install). Note that the precompiled native gems were not affected by this issue. #352

1.5.1 / 2022-09-29

Dependencies

  • Vendored sqlite is updated to v3.39.4.

Security

The vendored version of sqlite, v3.39.4, should be considered to be a security release. From the release notes:

Version 3.39.4 is a minimal patch against the prior release that addresses issues found since the prior release. In particular, a potential vulnerability in the FTS3 extension has been fixed, so this should be considered a security update.

In order to exploit the vulnerability, an attacker must have full SQL access and must be able to construct a corrupt database with over 2GB of FTS3 content. The problem arises from a 32-bit signed integer overflow.

For more information please see GHSA-mgvv-5mxp-xq67.

1.5.0 / 2022-09-08

Packaging

Faster, more reliable installation

... (truncated)

Commits
  • beaa142 version bump to v1.5.4
  • a1cdafa Merge pull request #362 from sparklemotion/flavorjones-update-to-3_40_0
  • d5ece08 dep: update packaged sqlite3 to v3.40.0
  • 9ef3c1b ci: add dependencies.yml to actions/cache key
  • c1eb06d Merge pull request #361 from sparklemotion/flavorjones-allow-experimental-builds
  • 1c60661 ci: periodically run tests against upstream sqlite
  • a8f4010 dev: add ability to build against an arbitrary sqlite source tree
  • 72836be Merge pull request #347 from sparklemotion/flavorjones-truffleruby-gem-install
  • 12fc329 version bump to v1.5.3
  • 5ec7855 Merge pull request #355 from sparklemotion/354-work-around-fedora-pkgconf-lib...
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
codecov[bot] commented 2 years ago

Codecov Report

Merging #524 (248c6f8) into master (447ecbe) will decrease coverage by 0.03%. The diff coverage is n/a.

@@            Coverage Diff             @@
##           master     #524      +/-   ##
==========================================
- Coverage   97.48%   97.44%   -0.04%     
==========================================
  Files         115      115              
  Lines        2978     2978              
==========================================
- Hits         2903     2902       -1     
- Misses         75       76       +1     
Impacted Files Coverage Δ
spec/sorbet_spec.rb 84.21% <0.00%> (-2.64%) :arrow_down:

:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more

dependabot[bot] commented 1 year ago

Superseded by #533.