Bumps ffi from 1.9.23 to 1.10.0. This update includes security fixes.
Vulnerabilities fixed
*Sourced from [The Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ffi/CVE-2018-1000201.yml).*
> **ruby-ffi DDL loading issue on Windows OS**
> ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be
> hijacked on Windows OS, when a Symbol is used as DLL name instead of a String
> This vulnerability appears to have been fixed in v1.9.24 and later.
>
> Patched versions: >= 1.9.24
> Unaffected versions: none
Changelog
*Sourced from [ffi's changelog](https://github.com/ffi/ffi/blob/master/CHANGELOG.md).*
> 1.10.0 / 2019-01-06
> -------------------
>
> Added:
> * Add /opt/local/lib/ to ffi's fallback library search path. [#638](https://github-redirect.dependabot.com/ffi/ffi/issues/638)
> * Add binary gem support for ruby-2.6 on Windows
> * Add FreeBSD on AArch64 and ARM support. [#644](https://github-redirect.dependabot.com/ffi/ffi/issues/644)
> * Add FFI::LastError.winapi_error on Windows native or Cygwin. [#633](https://github-redirect.dependabot.com/ffi/ffi/issues/633)
>
> Changed:
> * Update to rake-compiler-dock-0.7.0
> * Use 64-bit inodes on FreeBSD >= 12. [#644](https://github-redirect.dependabot.com/ffi/ffi/issues/644)
> * Switch time_t and suseconds_t types to long on FreeBSD. [#627](https://github-redirect.dependabot.com/ffi/ffi/issues/627)
> * Make register_t long_long on 64-bit FreeBSD. [#644](https://github-redirect.dependabot.com/ffi/ffi/issues/644)
> * Fix Pointer#write_array_of_type [#637](https://github-redirect.dependabot.com/ffi/ffi/issues/637)
>
> Removed:
> * Drop binary gem support for ruby-2.0 and 2.1 on Windows
>
>
> 1.9.25 / 2018-06-03
> -------------------
>
> Changed:
> * Revert closures via libffi.
> This re-adds ClosurePool and fixes compat with SELinux enabled systems. [#621](https://github-redirect.dependabot.com/ffi/ffi/issues/621)
>
>
> 1.9.24 / 2018-06-02
> -------------------
>
> Security Note:
>
> This update addresses vulnerability CVE-2018-1000201: DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String. Found by Matthew Bush.
>
> Added:
> * Added a CHANGELOG file
> * Add mips64(eb) support, and mips r6 support. ([#601](https://github-redirect.dependabot.com/ffi/ffi/issues/601))
>
> Changed:
> * Update libffi to latest changes on master.
> * Don't search in hardcoded /usr paths on Windows.
> * Don't treat Symbol args different to Strings in ffi_lib.
> * Make sure size_t is defined in Thread.c. Fixes [#609](https://github-redirect.dependabot.com/ffi/ffi/issues/609)
Commits
- [`d976d4a`](https://github.com/ffi/ffi/commit/d976d4ac9845a008ac8637457565a350328a4b44) Bump VERSION to 1.10.0
- [`1efa8fb`](https://github.com/ffi/ffi/commit/1efa8fb77a5c87b1c77491a8349f511eaa8ec725) Update CHANGELOG
- [`d7d642d`](https://github.com/ffi/ffi/commit/d7d642d55110f96ed411bb3cea5883910885c331) Merge pull request [#633](https://github-redirect.dependabot.com/ffi/ffi/issues/633) from graywolf/add_win_error
- [`fa65b25`](https://github.com/ffi/ffi/commit/fa65b25b1d9f800c96586ecad995d8644492a615) Merge pull request [#637](https://github-redirect.dependabot.com/ffi/ffi/issues/637) from ytaka/ytaka
- [`09ddbbd`](https://github.com/ffi/ffi/commit/09ddbbde4f6b70b8521e7347aa3ab7766907593f) Merge pull request [#655](https://github-redirect.dependabot.com/ffi/ffi/issues/655) from 4ndv/master
- [`94a80cf`](https://github.com/ffi/ffi/commit/94a80cf83e3495697329f25635e01682aa617e5c) Merge branch 'master' of https://github.com/meanphil/ffi into meanphil-master
- [`7979e1a`](https://github.com/ffi/ffi/commit/7979e1aee73ca03e06c097eca1fb500fcc65871d) Use local variable instead of constant
- [`1eb199a`](https://github.com/ffi/ffi/commit/1eb199a50925d52f6b70db13b1e75f7e6fde77bc) Merge branch 'master' of https://github.com/myfreeweb/ffi into myfreeweb-master
- [`a9439f2`](https://github.com/ffi/ffi/commit/a9439f2e9331d3d1c883d53c0a9b8ac4dac8a33f) Remove rubinius, since it seems to be no longer available on Travis-CI
- [`a8f7f36`](https://github.com/ffi/ffi/commit/a8f7f3687be01f9f80556bbb4776cc5e134534f9) Travis-CI: Remove old rubies and update the rest
- Additional commits viewable in [compare view](https://github.com/ffi/ffi/compare/1.9.23...1.10.0)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot.
Bumps ffi from 1.9.23 to 1.10.0. This update includes security fixes.
Vulnerabilities fixed
*Sourced from [The Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ffi/CVE-2018-1000201.yml).* > **ruby-ffi DDL loading issue on Windows OS** > ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be > hijacked on Windows OS, when a Symbol is used as DLL name instead of a String > This vulnerability appears to have been fixed in v1.9.24 and later. > > Patched versions: >= 1.9.24 > Unaffected versions: noneChangelog
*Sourced from [ffi's changelog](https://github.com/ffi/ffi/blob/master/CHANGELOG.md).* > 1.10.0 / 2019-01-06 > ------------------- > > Added: > * Add /opt/local/lib/ to ffi's fallback library search path. [#638](https://github-redirect.dependabot.com/ffi/ffi/issues/638) > * Add binary gem support for ruby-2.6 on Windows > * Add FreeBSD on AArch64 and ARM support. [#644](https://github-redirect.dependabot.com/ffi/ffi/issues/644) > * Add FFI::LastError.winapi_error on Windows native or Cygwin. [#633](https://github-redirect.dependabot.com/ffi/ffi/issues/633) > > Changed: > * Update to rake-compiler-dock-0.7.0 > * Use 64-bit inodes on FreeBSD >= 12. [#644](https://github-redirect.dependabot.com/ffi/ffi/issues/644) > * Switch time_t and suseconds_t types to long on FreeBSD. [#627](https://github-redirect.dependabot.com/ffi/ffi/issues/627) > * Make register_t long_long on 64-bit FreeBSD. [#644](https://github-redirect.dependabot.com/ffi/ffi/issues/644) > * Fix Pointer#write_array_of_type [#637](https://github-redirect.dependabot.com/ffi/ffi/issues/637) > > Removed: > * Drop binary gem support for ruby-2.0 and 2.1 on Windows > > > 1.9.25 / 2018-06-03 > ------------------- > > Changed: > * Revert closures via libffi. > This re-adds ClosurePool and fixes compat with SELinux enabled systems. [#621](https://github-redirect.dependabot.com/ffi/ffi/issues/621) > > > 1.9.24 / 2018-06-02 > ------------------- > > Security Note: > > This update addresses vulnerability CVE-2018-1000201: DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String. Found by Matthew Bush. > > Added: > * Added a CHANGELOG file > * Add mips64(eb) support, and mips r6 support. ([#601](https://github-redirect.dependabot.com/ffi/ffi/issues/601)) > > Changed: > * Update libffi to latest changes on master. > * Don't search in hardcoded /usr paths on Windows. > * Don't treat Symbol args different to Strings in ffi_lib. > * Make sure size_t is defined in Thread.c. Fixes [#609](https://github-redirect.dependabot.com/ffi/ffi/issues/609)Commits
- [`d976d4a`](https://github.com/ffi/ffi/commit/d976d4ac9845a008ac8637457565a350328a4b44) Bump VERSION to 1.10.0 - [`1efa8fb`](https://github.com/ffi/ffi/commit/1efa8fb77a5c87b1c77491a8349f511eaa8ec725) Update CHANGELOG - [`d7d642d`](https://github.com/ffi/ffi/commit/d7d642d55110f96ed411bb3cea5883910885c331) Merge pull request [#633](https://github-redirect.dependabot.com/ffi/ffi/issues/633) from graywolf/add_win_error - [`fa65b25`](https://github.com/ffi/ffi/commit/fa65b25b1d9f800c96586ecad995d8644492a615) Merge pull request [#637](https://github-redirect.dependabot.com/ffi/ffi/issues/637) from ytaka/ytaka - [`09ddbbd`](https://github.com/ffi/ffi/commit/09ddbbde4f6b70b8521e7347aa3ab7766907593f) Merge pull request [#655](https://github-redirect.dependabot.com/ffi/ffi/issues/655) from 4ndv/master - [`94a80cf`](https://github.com/ffi/ffi/commit/94a80cf83e3495697329f25635e01682aa617e5c) Merge branch 'master' of https://github.com/meanphil/ffi into meanphil-master - [`7979e1a`](https://github.com/ffi/ffi/commit/7979e1aee73ca03e06c097eca1fb500fcc65871d) Use local variable instead of constant - [`1eb199a`](https://github.com/ffi/ffi/commit/1eb199a50925d52f6b70db13b1e75f7e6fde77bc) Merge branch 'master' of https://github.com/myfreeweb/ffi into myfreeweb-master - [`a9439f2`](https://github.com/ffi/ffi/commit/a9439f2e9331d3d1c883d53c0a9b8ac4dac8a33f) Remove rubinius, since it seems to be no longer available on Travis-CI - [`a8f7f36`](https://github.com/ffi/ffi/commit/a8f7f3687be01f9f80556bbb4776cc5e134534f9) Travis-CI: Remove old rubies and update the rest - Additional commits viewable in [compare view](https://github.com/ffi/ffi/compare/1.9.23...1.10.0)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.