search

gate-sso / gate

Gate is MFA Enabled SSO Platform that supports SAML, OAuth, Linux shell login and CAS
https://gate-sso.github.io
MIT License
203 stars 52 forks source link

Bump activerecord-session_store and rails #208

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps activerecord-session_store and rails. These dependencies needed to be updated together. Updates activerecord-session_store from 1.1.3 to 2.0.0

Release notes

Sourced from activerecord-session_store's releases.

Version 2.0.0

  • Drop support to Rails < 5.2 and Ruby < 2.2 (5db9171)
  • Fix compatibility issue with ruby-head (#159)
  • Fix CVE-2019-25025 vulnerability (#151)
  • Add db:sessions:upgrade rake task to upgrade all existing sessions to the secure version (c23358c)

Please see CVE-2019-25025 mitigation section in the README file for more information about security vulnerability and mitigation.

Commits
  • 78e0047 Bump to 2.0.0
  • c23358c Move secure migration into a rake task
  • 1973f37 Update styling in README.md
  • b1f36fb Update build matrix
  • c16ddd2 Merge pull request #175 from thorsteneckel/patch-1
  • 4b705d9 Migration can not rolled back as sessions are now secure hashes. Thanks to @​n...
  • 90a4cb2 Applied suggestions by @​kratob
  • 59755d3 Added documentation on how to mitigate CVE-2015-9284.
  • 9d4dd11 Merge pull request #151 from rails-lts/secure-session-store
  • 532a9a5 Merge remote-tracking branch 'upstream/master' into secure-session-store
  • Additional commits viewable in compare view


Updates rails from 5.1.6.2 to 7.0.3.1

Release notes

Sourced from rails's releases.

7.0.3

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • Some internal housekeeping on reloads could break custom respond_to? methods in class objects that referenced reloadable constants. See #44125 for details.

    Xavier Noria

  • Fixed MariaDB default function support.

    Defaults would be written wrong in "db/schema.rb" and not work correctly if using db:schema:load. Further more the function name would be added as string content when saving new records.

    kaspernj

  • Fix remove_foreign_key with :if_exists option when foreign key actually exists.

    fatkodima

  • Remove --no-comments flag in structure dumps for PostgreSQL

    This broke some apps that used custom schema comments. If you don't want comments in your structure dump, you can use:

    ActiveRecord::Tasks::DatabaseTasks.structure_dump_flags = ['--no-comments']

    Alex Ghiculescu

  • Use the model name as a prefix when filtering encrypted attributes from logs.

    For example, when encrypting Person#name it will add person.name as a filter parameter, instead of just name. This prevents unintended filtering of parameters with a matching name in other models.

... (truncated)

Commits
  • 04972d9 Preparing for 7.0.3.1 release
  • 0c68c1f updating version and changelog
  • 9529dc8 Change ActiveRecord::Coders::YAMLColumn default to safe_load
  • 3872bc0 Preparing for 7.0.3 release
  • 74beedc Remove incorrect tests
  • 54bd582 Merge pull request #44947 from jasonkarns/patch-3
  • 082e929 Merge pull request #45027 from rails/fix-tag-helper-regression
  • cd7700b Merge pull request #45016 from adrianna-chang-shopify/ac-fix-strict-loading-p...
  • f99f422 Merge pull request #45018 from lucthev/lt/strict-false
  • fd7dc8f Merge pull request #45013 from JohnAnon9771/fix/doc-active-record-querying
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/gate-sso/gate/network/alerts).