search

yegor256 / 0rsk

Online Risk Manager
https://www.0rsk.com
MIT License
20 stars 2 forks source link

Bump rack from 2.2.4 to 2.2.6.4 #81

Closed dependabot[bot] closed 6 months ago

dependabot[bot] commented 1 year ago

Bumps rack from 2.2.4 to 2.2.6.4.

Changelog

Sourced from rack's changelog.

Changelog

All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.

Unreleased

SPEC Changes

Changed

  • rack.input is now optional, and if missing, will raise an error. Use this to fail on multipart parsing a request without an input body. (#2018, [@​ioquatix])
  • Introduce module Rack::BadRequest which is included in multipart and query parser errors. (#2019, [@​ioquatix])
  • MIME type for JavaScript files (.js) changed from application/javascript to text/javascript (1bd0f15)
  • Add .mjs MIME type (#2057, [@​axilleas])
  • Update MIME types associated to .ttf, .woff, .woff2 and .otf extensions to use mondern font/* types. (#2065, [@​davidstosik])

[3.0.8] - 2023-06-14

[3.0.7] - 2023-03-16

[3.0.6.1] - 2023-03-13

  • [CVE-2023-27539] Avoid ReDoS in header parsing

[3.0.6] - 2023-03-13

  • Add QueryParser#missing_value for handling missing values + tests. (#2052, [@​ioquatix])

[3.0.5] - 2023-03-13

[3.0.4.2] - 2023-03-02

  • [CVE-2023-27530] Introduce multipart_total_part_limit to limit total parts

[3.0.4.1] - 2023-01-17

  • [CVE-2022-44571] Fix ReDoS vulnerability in multipart parser
  • [CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges
  • [CVE-2022-44572] Forbid control characters in attributes (also ReDoS)

[3.0.4] - 2023-01-17

... (truncated)

Commits


Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/yegor256/0rsk/network/alerts).

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

yegor256 commented 1 year ago

@rultor please, try to merge

rultor commented 1 year ago

@rultor please, try to merge

@yegor256 OK, I'll try to merge now. You can check the progress of the merge here

rultor commented 1 year ago

@rultor please, try to merge

@dependabot[bot] @yegor256 Oops, I failed. You can see the full log here (spent 5min)

be found here:

/usr/local/rvm/gems/ruby-3.0.1/extensions/x86_64-linux/3.0.0/openssl-3.1.0/mkmf.log

extconf failed, exit code 1

Gem files will remain installed in
/usr/local/rvm/gems/ruby-3.0.1/gems/openssl-3.1.0 for inspection.
Results logged to
/usr/local/rvm/gems/ruby-3.0.1/extensions/x86_64-linux/3.0.0/openssl-3.1.0/gem_make.out

/usr/local/rvm/rubies/ruby-3.0.1/lib/ruby/3.0.0/rubygems/ext/builder.rb:91:in
`run'
/usr/local/rvm/rubies/ruby-3.0.1/lib/ruby/3.0.0/rubygems/ext/ext_conf_builder.rb:48:in
`block in build'
  /usr/local/rvm/rubies/ruby-3.0.1/lib/ruby/3.0.0/tempfile.rb:317:in `open'
/usr/local/rvm/rubies/ruby-3.0.1/lib/ruby/3.0.0/rubygems/ext/ext_conf_builder.rb:28:in
`build'
/usr/local/rvm/rubies/ruby-3.0.1/lib/ruby/3.0.0/rubygems/ext/builder.rb:157:in
`build_extension'
/usr/local/rvm/rubies/ruby-3.0.1/lib/ruby/3.0.0/rubygems/ext/builder.rb:191:in
`block in build_extensions'
/usr/local/rvm/rubies/ruby-3.0.1/lib/ruby/3.0.0/rubygems/ext/builder.rb:188:in
`each'
/usr/local/rvm/rubies/ruby-3.0.1/lib/ruby/3.0.0/rubygems/ext/builder.rb:188:in
`build_extensions'
/usr/local/rvm/rubies/ruby-3.0.1/lib/ruby/3.0.0/rubygems/installer.rb:821:in
`build_extensions'
/usr/local/rvm/gems/ruby-3.0.1/gems/bundler-2.3.26/lib/bundler/rubygems_gem_installer.rb:72:in
`build_extensions'
/usr/local/rvm/gems/ruby-3.0.1/gems/bundler-2.3.26/lib/bundler/rubygems_gem_installer.rb:28:in
`install'
/usr/local/rvm/gems/ruby-3.0.1/gems/bundler-2.3.26/lib/bundler/source/rubygems.rb:207:in
`install'
/usr/local/rvm/gems/ruby-3.0.1/gems/bundler-2.3.26/lib/bundler/installer/gem_installer.rb:54:in
`install'
/usr/local/rvm/gems/ruby-3.0.1/gems/bundler-2.3.26/lib/bundler/installer/gem_installer.rb:16:in
`install_from_spec'
/usr/local/rvm/gems/ruby-3.0.1/gems/bundler-2.3.26/lib/bundler/installer/parallel_installer.rb:186:in
`do_install'
/usr/local/rvm/gems/ruby-3.0.1/gems/bundler-2.3.26/lib/bundler/installer/parallel_installer.rb:177:in
`block in worker_pool'
/usr/local/rvm/gems/ruby-3.0.1/gems/bundler-2.3.26/lib/bundler/worker.rb:62:in
`apply_func'
/usr/local/rvm/gems/ruby-3.0.1/gems/bundler-2.3.26/lib/bundler/worker.rb:57:in
`block in process_queue'
/usr/local/rvm/gems/ruby-3.0.1/gems/bundler-2.3.26/lib/bundler/worker.rb:54:in
`loop'
/usr/local/rvm/gems/ruby-3.0.1/gems/bundler-2.3.26/lib/bundler/worker.rb:54:in
`process_queue'
/usr/local/rvm/gems/ruby-3.0.1/gems/bundler-2.3.26/lib/bundler/worker.rb:91:in
`block (2 levels) in create_threads'

An error occurred while installing openssl (3.1.0), and Bundler cannot continue.

In Gemfile:
  glogin was resolved to 0.11.0, which depends on
    openssl
container ed0f7359af7053348c1db2e7e2939923dffb55f4f82f1574e0ea0c0ecaed0684 is dead
Tue 04 Jul 2023 09:33:10 PM CEST
dependabot[bot] commented 6 months ago

Superseded by #104.