Bumps ffi from 1.9.8 to 1.11.0. This update includes security fixes.
Vulnerabilities fixed
*Sourced from [The Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ffi/CVE-2018-1000201.yml).*
> **ruby-ffi DDL loading issue on Windows OS**
> ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be
> hijacked on Windows OS, when a Symbol is used as DLL name instead of a String
> This vulnerability appears to have been fixed in v1.9.24 and later.
>
> Patched versions: >= 1.9.24
> Unaffected versions: none
Changelog
*Sourced from [ffi's changelog](https://github.com/ffi/ffi/blob/master/CHANGELOG.md).*
> 1.11.0 / 2019-05-17
> -------------------
>
> Added:
> * Add ability to disable or force use of system libffi. [#669](https://github-redirect.dependabot.com/ffi/ffi/issues/669)
> Use like `gem inst ffi -- --enable-system-libffi` .
> * Add ability to call FFI callbacks from outside of FFI call frame. [#584](https://github-redirect.dependabot.com/ffi/ffi/issues/584)
> * Add proper documentation to FFI::Generator and ::Task
> * Add gemspec metadata. [#696](https://github-redirect.dependabot.com/ffi/ffi/issues/696), [#698](https://github-redirect.dependabot.com/ffi/ffi/issues/698)
>
> Changed:
> * Fix stdcall on Win32. [#649](https://github-redirect.dependabot.com/ffi/ffi/issues/649), [#669](https://github-redirect.dependabot.com/ffi/ffi/issues/669)
> * Fix load paths for FFI::Generator::Task
> * Fix FFI::Pointer#read_string(0) to return a binary String. [#692](https://github-redirect.dependabot.com/ffi/ffi/issues/692)
> * Fix benchmark suite so that it runs on ruby-2.x
> * Move FFI::Platform::CPU from C to Ruby. [#663](https://github-redirect.dependabot.com/ffi/ffi/issues/663)
> * Move FFI::StructByReference to Ruby. [#681](https://github-redirect.dependabot.com/ffi/ffi/issues/681)
> * Move FFI::DataConverter to Ruby ([#661](https://github-redirect.dependabot.com/ffi/ffi/issues/661))
> * Various cleanups and improvements of specs and benchmarks
>
> Removed:
> * Remove ruby-1.8 and 1.9 compatibility code. [#683](https://github-redirect.dependabot.com/ffi/ffi/issues/683)
> * Remove unused spec files. [#684](https://github-redirect.dependabot.com/ffi/ffi/issues/684)
>
>
> 1.10.0 / 2019-01-06
> -------------------
>
> Added:
> * Add /opt/local/lib/ to ffi's fallback library search path. [#638](https://github-redirect.dependabot.com/ffi/ffi/issues/638)
> * Add binary gem support for ruby-2.6 on Windows
> * Add FreeBSD on AArch64 and ARM support. [#644](https://github-redirect.dependabot.com/ffi/ffi/issues/644)
> * Add FFI::LastError.winapi_error on Windows native or Cygwin. [#633](https://github-redirect.dependabot.com/ffi/ffi/issues/633)
>
> Changed:
> * Update to rake-compiler-dock-0.7.0
> * Use 64-bit inodes on FreeBSD >= 12. [#644](https://github-redirect.dependabot.com/ffi/ffi/issues/644)
> * Switch time_t and suseconds_t types to long on FreeBSD. [#627](https://github-redirect.dependabot.com/ffi/ffi/issues/627)
> * Make register_t long_long on 64-bit FreeBSD. [#644](https://github-redirect.dependabot.com/ffi/ffi/issues/644)
> * Fix Pointer#write_array_of_type [#637](https://github-redirect.dependabot.com/ffi/ffi/issues/637)
>
> Removed:
> * Drop binary gem support for ruby-2.0 and 2.1 on Windows
>
>
> 1.9.25 / 2018-06-03
> -------------------
>
> Changed:
> * Revert closures via libffi.
> ... (truncated)
Commits
- [`9b4a9e4`](https://github.com/ffi/ffi/commit/9b4a9e450a4f78bf569ad8b6497bd6b4e8ec82d3) Add version 1.11.0 to CHANGELOG
- [`36f1bb5`](https://github.com/ffi/ffi/commit/36f1bb55aa0712fa8ea5431cfb9d94ebc2a34372) Bump VERSION to 1.11.0
- [`29c07a9`](https://github.com/ffi/ffi/commit/29c07a94fadfb644c28741f744ab9a3fda3e544c) Pass options from rake task to the FFI::Generator
- [`7efdd2e`](https://github.com/ffi/ffi/commit/7efdd2ecbb8ab2df56aecade9c82fd48eb71969f) Include the name of the template file instead of just rake
- [`bc99b7e`](https://github.com/ffi/ffi/commit/bc99b7efa78afc150fe32d09579a11c8990aaf84) Add proper documentation to FFI::Generator and ::Task
- [`17e13e2`](https://github.com/ffi/ffi/commit/17e13e27e3e9c5f5fcb30a03662d05e34d3a6e19) Fix load paths for FFI::Generator::Task
- [`423082a`](https://github.com/ffi/ffi/commit/423082adb31e83e528ff4fc1e999fdd279e98dc2) Add require call necessary to load from ffi/tools directory to example
- [`b144bce`](https://github.com/ffi/ffi/commit/b144bce791fbd1149c7ec10eaed11821ea7ea01a) Fix example for FFI::StructGenerator
- [`72b75af`](https://github.com/ffi/ffi/commit/72b75aff41d482e0924c206cba3a54c5ccca09b8) Merge pull request [#698](https://github-redirect.dependabot.com/ffi/ffi/issues/698) from olleolleolle/patch-2
- [`1bda3ef`](https://github.com/ffi/ffi/commit/1bda3ef1f6f415a8f32ad5581c5692fa0042ee18) Merge pull request [#695](https://github-redirect.dependabot.com/ffi/ffi/issues/695) from eregon/more-specs
- Additional commits viewable in [compare view](https://github.com/ffi/ffi/compare/1.9.8...1.11.0)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot.
Bumps ffi from 1.9.8 to 1.11.0. This update includes security fixes.
Vulnerabilities fixed
*Sourced from [The Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ffi/CVE-2018-1000201.yml).* > **ruby-ffi DDL loading issue on Windows OS** > ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be > hijacked on Windows OS, when a Symbol is used as DLL name instead of a String > This vulnerability appears to have been fixed in v1.9.24 and later. > > Patched versions: >= 1.9.24 > Unaffected versions: noneChangelog
*Sourced from [ffi's changelog](https://github.com/ffi/ffi/blob/master/CHANGELOG.md).* > 1.11.0 / 2019-05-17 > ------------------- > > Added: > * Add ability to disable or force use of system libffi. [#669](https://github-redirect.dependabot.com/ffi/ffi/issues/669) > Use like `gem inst ffi -- --enable-system-libffi` . > * Add ability to call FFI callbacks from outside of FFI call frame. [#584](https://github-redirect.dependabot.com/ffi/ffi/issues/584) > * Add proper documentation to FFI::Generator and ::Task > * Add gemspec metadata. [#696](https://github-redirect.dependabot.com/ffi/ffi/issues/696), [#698](https://github-redirect.dependabot.com/ffi/ffi/issues/698) > > Changed: > * Fix stdcall on Win32. [#649](https://github-redirect.dependabot.com/ffi/ffi/issues/649), [#669](https://github-redirect.dependabot.com/ffi/ffi/issues/669) > * Fix load paths for FFI::Generator::Task > * Fix FFI::Pointer#read_string(0) to return a binary String. [#692](https://github-redirect.dependabot.com/ffi/ffi/issues/692) > * Fix benchmark suite so that it runs on ruby-2.x > * Move FFI::Platform::CPU from C to Ruby. [#663](https://github-redirect.dependabot.com/ffi/ffi/issues/663) > * Move FFI::StructByReference to Ruby. [#681](https://github-redirect.dependabot.com/ffi/ffi/issues/681) > * Move FFI::DataConverter to Ruby ([#661](https://github-redirect.dependabot.com/ffi/ffi/issues/661)) > * Various cleanups and improvements of specs and benchmarks > > Removed: > * Remove ruby-1.8 and 1.9 compatibility code. [#683](https://github-redirect.dependabot.com/ffi/ffi/issues/683) > * Remove unused spec files. [#684](https://github-redirect.dependabot.com/ffi/ffi/issues/684) > > > 1.10.0 / 2019-01-06 > ------------------- > > Added: > * Add /opt/local/lib/ to ffi's fallback library search path. [#638](https://github-redirect.dependabot.com/ffi/ffi/issues/638) > * Add binary gem support for ruby-2.6 on Windows > * Add FreeBSD on AArch64 and ARM support. [#644](https://github-redirect.dependabot.com/ffi/ffi/issues/644) > * Add FFI::LastError.winapi_error on Windows native or Cygwin. [#633](https://github-redirect.dependabot.com/ffi/ffi/issues/633) > > Changed: > * Update to rake-compiler-dock-0.7.0 > * Use 64-bit inodes on FreeBSD >= 12. [#644](https://github-redirect.dependabot.com/ffi/ffi/issues/644) > * Switch time_t and suseconds_t types to long on FreeBSD. [#627](https://github-redirect.dependabot.com/ffi/ffi/issues/627) > * Make register_t long_long on 64-bit FreeBSD. [#644](https://github-redirect.dependabot.com/ffi/ffi/issues/644) > * Fix Pointer#write_array_of_type [#637](https://github-redirect.dependabot.com/ffi/ffi/issues/637) > > Removed: > * Drop binary gem support for ruby-2.0 and 2.1 on Windows > > > 1.9.25 / 2018-06-03 > ------------------- > > Changed: > * Revert closures via libffi. > ... (truncated)Commits
- [`9b4a9e4`](https://github.com/ffi/ffi/commit/9b4a9e450a4f78bf569ad8b6497bd6b4e8ec82d3) Add version 1.11.0 to CHANGELOG - [`36f1bb5`](https://github.com/ffi/ffi/commit/36f1bb55aa0712fa8ea5431cfb9d94ebc2a34372) Bump VERSION to 1.11.0 - [`29c07a9`](https://github.com/ffi/ffi/commit/29c07a94fadfb644c28741f744ab9a3fda3e544c) Pass options from rake task to the FFI::Generator - [`7efdd2e`](https://github.com/ffi/ffi/commit/7efdd2ecbb8ab2df56aecade9c82fd48eb71969f) Include the name of the template file instead of just rake - [`bc99b7e`](https://github.com/ffi/ffi/commit/bc99b7efa78afc150fe32d09579a11c8990aaf84) Add proper documentation to FFI::Generator and ::Task - [`17e13e2`](https://github.com/ffi/ffi/commit/17e13e27e3e9c5f5fcb30a03662d05e34d3a6e19) Fix load paths for FFI::Generator::Task - [`423082a`](https://github.com/ffi/ffi/commit/423082adb31e83e528ff4fc1e999fdd279e98dc2) Add require call necessary to load from ffi/tools directory to example - [`b144bce`](https://github.com/ffi/ffi/commit/b144bce791fbd1149c7ec10eaed11821ea7ea01a) Fix example for FFI::StructGenerator - [`72b75af`](https://github.com/ffi/ffi/commit/72b75aff41d482e0924c206cba3a54c5ccca09b8) Merge pull request [#698](https://github-redirect.dependabot.com/ffi/ffi/issues/698) from olleolleolle/patch-2 - [`1bda3ef`](https://github.com/ffi/ffi/commit/1bda3ef1f6f415a8f32ad5581c5692fa0042ee18) Merge pull request [#695](https://github-redirect.dependabot.com/ffi/ffi/issues/695) from eregon/more-specs - Additional commits viewable in [compare view](https://github.com/ffi/ffi/compare/1.9.8...1.11.0)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.