Bumps i18n from 0.7.0 to 0.9.5. This update includes security fixes.
Vulnerabilities fixed
*Sourced from [The Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db/blob/master/gems/i18n/CVE-2014-10077.yml).*
> **i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS**
> i18n Gem for Ruby contains a flaw in the Hash#slice() function in
> lib/i18n/core_ext/hash.rb that is triggered when calling a hash when
> :some_key is in keep_keys but not in the hash. This may allow an attacker
> to cause the program to crash.
>
> Patched versions: >= 0.8.0
> Unaffected versions: none
Release notes
*Sourced from [i18n's releases](https://github.com/svenfuchs/i18n/releases).*
> ## v0.9.5
> * [#404](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/404) reported a regression in 0.9.3, which wasn't fixed by 0.9.4. [#408](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/408) fixes this issue.
>
> Thanks [**wjordan**](https://github.com/wjordan)!
>
> ## v0.9.4
> * Fixed a regression with chained backends introduced in v0.9.3 ([#402](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/402)) - [#405](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/405) - bug report / [#407](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/407) - PR to fix
> * Optimize Backend::Simple#available_locales - reports are that this is now 4x faster than previously - [#406](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/406)
>
> ## v0.9.3
> (For those wondering where v0.9.2 went: I got busy after I pushed the commit for the release, so there was no gem release that day. I am not busy today, so here is v0.9.3 in its stead. This changelog contains changes from v0.9.1 -> v0.9.3)
>
> * I18n no longer stores translations for unavailable locales. [#391](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/391).
> * Added the ability to interpolate with arrays [#395](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/395).
> * Documentation for lambda has been corrected. [#396](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/396)
> * I18n will use [oj](https://rubygems.org/gems/oj) -- a faster JSON library -- but only if it is available. [#398](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/398)
> * Fixed an issue with `translate` and `default: [false]` as an option. [#399](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/399)
> * Fixed an issue with `translate` with `nil` and empty keys. [#400](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/400)
> * Fix issue with disabled subtrees and pluralization for KeyValue backend [#402](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/402)
>
> Thank you to [**stereobooster**](https://github.com/stereobooster), [**fatkodima**](https://github.com/fatkodima) and [**lulalala**](https://github.com/lulalala) for the patches that went towards this release. We appreciate your efforts!
>
>
>
> ## v0.9.1
> * Reverted Hash#slice behaviour introduced with [#250](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/250) - See [#390](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/390).
> * Fixed a regression caused by [#387](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/387), where translations may have returned a not-helpful error message - See [#389](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/389)
>
> ## v0.9.0
> * Made `Backend::Memoize` threadsafe. See [#51](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/51) and [#352](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/352).
> * Added a middleware `I18n::Middleware` that should be used to ensure that i18n config is reset correctly between requests. See [#381](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/381) and [#382](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/382).
>
> ## v0.8.6
> Fixed a small regression introduced in v0.8.5 when using fallbacks - See [#378](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/378)
>
> ## v0.8.5
> - Improved error message for MissingPluralizationKey error - See [#371](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/371)
> - Fixed a thread issue when calling translate when fallbacks were enabled - See [#369](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/369)
>
>
> ## v0.8.4
> Reverted [#236](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/236) - "Don't allow nil to be submitted as a key to I18n.translate" - See [#370](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/370)
>
> ## v0.8.3
> `I18n::Gettext#plural_keys` will now return a hash from Gettext if no arguments are provided -
> https://github-redirect.dependabot.com/svenfuchs/i18n/pull/122
> Fixed a bug where passing `false` to `translate` would not translate that value - https://github-redirect.dependabot.com/svenfuchs/i18n/pull/367
>
> ## v0.8.2
> Do not allow `nil` to be passed to `translate` - https://github-redirect.dependabot.com/svenfuchs/i18n/pull/236
> ... (truncated)
Commits
- [`416859a`](https://github.com/ruby-i18n/i18n/commit/416859a1d137a9d9c2a005ba256bf3c3b393ab5b) Bump to 0.9.5
- [`5c28de8`](https://github.com/ruby-i18n/i18n/commit/5c28de88e3d1087d67806bfd2701835f6d355386) Lock Rake to 12.2.x versions
- [`29fe565`](https://github.com/ruby-i18n/i18n/commit/29fe565bf23818a38d02d3c93e450111bce3d87d) Merge pull request [#408](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/408) from wjordan/enforce_available_locales_false_fix
- [`596a71d`](https://github.com/ruby-i18n/i18n/commit/596a71d6bb536ea0b1e8087ad9d40d18eb8d375e) store translations for unavailable locales if enforce_available_locales is false
- [`888abcb`](https://github.com/ruby-i18n/i18n/commit/888abcbd0b06db8e73f1bf3cac01456caee7dcf4) Bump to 0.9.4
- [`ba8b206`](https://github.com/ruby-i18n/i18n/commit/ba8b206e5dbfced0a200fc90e9d4385c4fd3d9c5) Merge pull request [#407](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/407) from fatkodima/fix-key-value-subtrees
- [`9ddc9f5`](https://github.com/ruby-i18n/i18n/commit/9ddc9f5bcb4152e759cc89c9f65221c783bd6bed) Merge pull request [#406](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/406) from jhawthorn/optimize_available_locales
- [`77c26aa`](https://github.com/ruby-i18n/i18n/commit/77c26aaedee5ad26fba6d69b0f72aa3d69c244c7) Fix Chained backend with KeyValue
- [`7eb3576`](https://github.com/ruby-i18n/i18n/commit/7eb3576901317097398ef2e4ccb84238559217b3) Optimize Backend::Simple#available_locales
- [`7c6ccf4`](https://github.com/ruby-i18n/i18n/commit/7c6ccf471ecf2c0a406d3a5317375f28d2da3613) Bump to 0.9.3
- Additional commits viewable in [compare view](https://github.com/svenfuchs/i18n/compare/v0.7.0...v0.9.5)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.
You can always request more updates by clicking Bump now in your Dependabot dashboard.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot.
Bumps i18n from 0.7.0 to 0.9.5. This update includes security fixes.
Vulnerabilities fixed
*Sourced from [The Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db/blob/master/gems/i18n/CVE-2014-10077.yml).* > **i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS** > i18n Gem for Ruby contains a flaw in the Hash#slice() function in > lib/i18n/core_ext/hash.rb that is triggered when calling a hash when > :some_key is in keep_keys but not in the hash. This may allow an attacker > to cause the program to crash. > > Patched versions: >= 0.8.0 > Unaffected versions: noneRelease notes
*Sourced from [i18n's releases](https://github.com/svenfuchs/i18n/releases).* > ## v0.9.5 > * [#404](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/404) reported a regression in 0.9.3, which wasn't fixed by 0.9.4. [#408](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/408) fixes this issue. > > Thanks [**wjordan**](https://github.com/wjordan)! > > ## v0.9.4 > * Fixed a regression with chained backends introduced in v0.9.3 ([#402](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/402)) - [#405](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/405) - bug report / [#407](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/407) - PR to fix > * Optimize Backend::Simple#available_locales - reports are that this is now 4x faster than previously - [#406](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/406) > > ## v0.9.3 > (For those wondering where v0.9.2 went: I got busy after I pushed the commit for the release, so there was no gem release that day. I am not busy today, so here is v0.9.3 in its stead. This changelog contains changes from v0.9.1 -> v0.9.3) > > * I18n no longer stores translations for unavailable locales. [#391](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/391). > * Added the ability to interpolate with arrays [#395](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/395). > * Documentation for lambda has been corrected. [#396](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/396) > * I18n will use [oj](https://rubygems.org/gems/oj) -- a faster JSON library -- but only if it is available. [#398](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/398) > * Fixed an issue with `translate` and `default: [false]` as an option. [#399](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/399) > * Fixed an issue with `translate` with `nil` and empty keys. [#400](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/400) > * Fix issue with disabled subtrees and pluralization for KeyValue backend [#402](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/402) > > Thank you to [**stereobooster**](https://github.com/stereobooster), [**fatkodima**](https://github.com/fatkodima) and [**lulalala**](https://github.com/lulalala) for the patches that went towards this release. We appreciate your efforts! > > > > ## v0.9.1 > * Reverted Hash#slice behaviour introduced with [#250](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/250) - See [#390](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/390). > * Fixed a regression caused by [#387](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/387), where translations may have returned a not-helpful error message - See [#389](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/389) > > ## v0.9.0 > * Made `Backend::Memoize` threadsafe. See [#51](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/51) and [#352](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/352). > * Added a middleware `I18n::Middleware` that should be used to ensure that i18n config is reset correctly between requests. See [#381](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/381) and [#382](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/382). > > ## v0.8.6 > Fixed a small regression introduced in v0.8.5 when using fallbacks - See [#378](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/378) > > ## v0.8.5 > - Improved error message for MissingPluralizationKey error - See [#371](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/371) > - Fixed a thread issue when calling translate when fallbacks were enabled - See [#369](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/369) > > > ## v0.8.4 > Reverted [#236](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/236) - "Don't allow nil to be submitted as a key to I18n.translate" - See [#370](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/370) > > ## v0.8.3 > `I18n::Gettext#plural_keys` will now return a hash from Gettext if no arguments are provided - > https://github-redirect.dependabot.com/svenfuchs/i18n/pull/122 > Fixed a bug where passing `false` to `translate` would not translate that value - https://github-redirect.dependabot.com/svenfuchs/i18n/pull/367 > > ## v0.8.2 > Do not allow `nil` to be passed to `translate` - https://github-redirect.dependabot.com/svenfuchs/i18n/pull/236 > ... (truncated)Commits
- [`416859a`](https://github.com/ruby-i18n/i18n/commit/416859a1d137a9d9c2a005ba256bf3c3b393ab5b) Bump to 0.9.5 - [`5c28de8`](https://github.com/ruby-i18n/i18n/commit/5c28de88e3d1087d67806bfd2701835f6d355386) Lock Rake to 12.2.x versions - [`29fe565`](https://github.com/ruby-i18n/i18n/commit/29fe565bf23818a38d02d3c93e450111bce3d87d) Merge pull request [#408](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/408) from wjordan/enforce_available_locales_false_fix - [`596a71d`](https://github.com/ruby-i18n/i18n/commit/596a71d6bb536ea0b1e8087ad9d40d18eb8d375e) store translations for unavailable locales if enforce_available_locales is false - [`888abcb`](https://github.com/ruby-i18n/i18n/commit/888abcbd0b06db8e73f1bf3cac01456caee7dcf4) Bump to 0.9.4 - [`ba8b206`](https://github.com/ruby-i18n/i18n/commit/ba8b206e5dbfced0a200fc90e9d4385c4fd3d9c5) Merge pull request [#407](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/407) from fatkodima/fix-key-value-subtrees - [`9ddc9f5`](https://github.com/ruby-i18n/i18n/commit/9ddc9f5bcb4152e759cc89c9f65221c783bd6bed) Merge pull request [#406](https://github-redirect.dependabot.com/svenfuchs/i18n/issues/406) from jhawthorn/optimize_available_locales - [`77c26aa`](https://github.com/ruby-i18n/i18n/commit/77c26aaedee5ad26fba6d69b0f72aa3d69c244c7) Fix Chained backend with KeyValue - [`7eb3576`](https://github.com/ruby-i18n/i18n/commit/7eb3576901317097398ef2e4ccb84238559217b3) Optimize Backend::Simple#available_locales - [`7c6ccf4`](https://github.com/ruby-i18n/i18n/commit/7c6ccf471ecf2c0a406d3a5317375f28d2da3613) Bump to 0.9.3 - Additional commits viewable in [compare view](https://github.com/svenfuchs/i18n/compare/v0.7.0...v0.9.5)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.
You can always request more updates by clicking
Bump now
in your Dependabot dashboard.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.