search

zooniverse / talk-api

Apache License 2.0
6 stars 0 forks source link

Bump sinatra, rack-cors, sidekiq, rails, logstasher, json-schema_builder, pundit, rspec-rails, redis, factory_girl_rails, schema_plus_pg_indexes and zooniverse_social #298

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps sinatra, rack-cors, sidekiq, rails, logstasher, json-schema_builder, pundit, rspec-rails, redis, factory_girl_rails, schema_plus_pg_indexes and zooniverse_social. These dependencies needed to be updated together. Updates sinatra from 1.4.8 to 3.0.4

Changelog

Sourced from sinatra's changelog.

3.0.4 / 2022-11-25

  • Fix: Escape filename in the Content-Disposition header. #1841 by Kunpei Sakai

3.0.3 / 2022-11-11

3.0.2 / 2022-10-01

  • New: Add Haml 6 support. #1820 by Jordan Owens

3.0.1 / 2022-09-26

  • Fix: Revert removal of rack-protection.rb. #1814 by Olle Jonsson

  • Fix: Revert change to server start and stop messaging by using Kernel#warn. Renamed internal warn method warn_for_deprecation. #1818 by Jordan Owens

3.0.0 / 2022-09-26

  • New: Add Falcon support. #1794 by Samuel Williams and @​horaciob

  • New: Add AES GCM encryption support for session cookies. #1324 (sinatra/sinatra#1324) by Michael Coyne

  • Deprecated: Sinatra Reloader will be removed in the next major release.

  • Fix: Internal Sinatra errors now extend Sinatra::Error. This fixes #1204 and #1518. bda8c29d by Jordan Owens

  • Fix: Preserve query param value if named route param nil. #1676 by Jordan Owens

  • Require Ruby 2.6 as minimum Ruby version. #1699 by Eloy Pérez

  • Breaking change: Remove support for the Stylus template engine. #1697 by Eloy Pérez

  • Breaking change: Remove support for the erubis template engine. #1761 by Eloy Pérez

  • Breaking change: Remove support for the textile template engine. #1766 by Eloy Pérez

  • Breaking change: Remove support for SASS as a template engine. #1768 by Eloy Pérez

  • Breaking change: Remove support for Wlang as a template engine. #1780 by Eloy Pérez

  • Breaking change: Remove support for CoffeeScript as a template engine. #1790 by Eloy Pérez

  • Breaking change: Remove support for Mediawiki as a template engine. #1791 by Eloy Pérez

  • Breaking change: Remove support for Creole as a template engine. #1792 by Eloy Pérez

  • Breaking change: Remove support for Radius as a template engine. #1793 by Eloy Pérez

... (truncated)

Commits
  • eca7b54 3.0.4 release
  • bbc1d47 Merge pull request #1841 from sinatra/filename-escaping
  • ea8fc94 escape filename in the Content-Disposition header
  • c90f203 Merge pull request #1839 from andrykonchin/ak/skip-falcon-in-specs
  • 42e3eed Don't run integration specs on falcon against TruffleRuby
  • cafaab9 3.0.3 release
  • 44ff149 Merge pull request #1835 from dentarg/puma-edge-job
  • e328d08 CI: fix typo in job name variable
  • 88844e4 CI: shorter job name
  • 9b5fcd0 CI: include Puma in job name
  • Additional commits viewable in compare view


Updates rack-cors from 1.0.6 to 1.1.1

Changelog

Sourced from rack-cors's changelog.

1.1.1 - 2019-12-29

Changed

  • Allow //* to match // and / paths

1.1.0 - 2019-11-19

Changed

  • Use Rack::Utils.escape_path instead of Rack::Utils.escape
  • Require Rack 2.0 for escape_path method
  • Don't try to clean path if invalid.
  • Return 400 (Bad Request) on preflights with invalid path
Commits
  • 6fbc109 Up gem version
  • 8572837 Allow more flexible <resource>/* matching
  • a5b2d5a Bump puma from 3.12.1 to 3.12.2 in /examples/rails5
  • f962395 Bump rack from 2.0.6 to 2.0.8 in /examples/rack
  • 14b6bed Bump rack from 2.0.7 to 2.0.8 in /examples/rails5
  • dc58f04 Remove Rails 4 example
  • f42315e Update Rails/Rack examples
  • c8f9a61 Return 400 on preflight for invalid requests
  • ed91aef Don’t attempt to clean path if it is invalid
  • f971f24 Check to see if path is valid before cleaning
  • See full diff in compare view


Updates sidekiq from 5.2.8 to 7.0.2

Changelog

Sourced from sidekiq's changelog.

7.0.2

  • Improve compatibility with custom loggers #5673
  • Add queue weights on Busy page #5640
  • Add BID link on job_info page if job is part of a Batch #5623
  • Allow custom extensions to add rows/links within Job detail pages #5624
Sidekiq::Web.custom_job_info_rows << AddAccountLink.new

class AddAccountLink
include CGI::Util
def add_pair(job)
# yield a (name, value) pair
# You can include HTML tags and CSS, Sidekiq does not do any
# escaping so beware user data injection! Note how we use CGI's
# h escape helper.
aid = job["account_id"]
yield "Account", "<a href='/accounts/#{h aid}'>#{h aid}</a>" if aid
end
end

7.0.1

  • Allow an embedding process to reuse its own heartbeat thread
  • Update zh-cn localization

7.0.0

  • Embedded mode!
  • Capsules!!
  • Job Execution metrics!!!
  • See docs/7.0-Upgrade.md for release notes

6.5.8

  • Fail if using a bad version of scout_apm #5616
  • Add pagination to Busy page #5556
  • Speed up WorkSet#each #5559
  • Adjust CurrentAttributes to work with the String class name so we aren't referencing the Class within a Rails initializer #5536

6.5.7

  • Updates for JA and ZH locales
  • Further optimizations for scheduled polling #5513

... (truncated)

Commits
  • 93f8ede latest changes
  • 621cab6 changes
  • 0bf4a43 Require latest redis-client version for #67
  • b8fa4d1 Update standardrb gem, formatting update
  • aac4237 Adjust deploy API so you can easily pass in custom pool, #5647
  • 78deaa5 Revert "Use configured Redis pool in Sidekiq::Deploy (#5647)"
  • 8e3f8f5 Make ::Logger patching optional, fixes #5673
  • c4dbc92 Further reduce Sidekiq-specific shim so Sidekiq will work with plain old redi...
  • 96552f6 bump
  • 1db35cc update doc with correct method name for retrieving global config (#5648)
  • Additional commits viewable in compare view


Updates rails from 4.2.11.3 to 5.2.8.1

Release notes

Sourced from rails's releases.

5.2.8.1

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • Change ActiveRecord::Coders::YAMLColumn default to safe_load

    This adds two new configuration options The configuration options are as follows:

    • config.active_storage.use_yaml_unsafe_load

    When set to true, this configuration option tells Rails to use the old "unsafe" YAML loading strategy, maintaining the existing behavior but leaving the possible escalation vulnerability in place. Setting this option to true is not recommended, but can aid in upgrading.

    • config.active_record.yaml_column_permitted_classes

    The "safe YAML" loading method does not allow all classes to be deserialized by default. This option allows you to specify classes deemed "safe" in your application. For example, if your application uses Symbol and Time in serialized data, you can add Symbol and Time to the allowed list as follows:

    config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]

    [CVE-2022-32224]

Action View

  • No changes.

Action Pack

... (truncated)

Commits
  • 8030cff Preparing for 5.2.8.1 release
  • 85b72c3 Ruby 3.1 compatibility
  • ec10235 updating version and changelog
  • 6576aa7 Change ActiveRecord::Coders::YAMLColumn default to safe_load
  • 2652133 Preparing for 5.2.8 release
  • a1b8a9b Merge pull request #45027 from rails/fix-tag-helper-regression
  • cfef5e9 Merge pull request #44966 from fallwith/patch-1
  • cd9d9f0 retain Ruby 2.2 compatibility for Rails 5.2
  • 9f3761a Merge branch '5-2-sec' into 5-2-stable
  • b290430 Preparing for 5.2.7.1 release
  • Additional commits viewable in compare view


Updates logstasher from 0.9.0 to 2.1.5

Release notes

Sourced from logstasher's releases.

Latest release

This is for enabling auto release in github actions

Changelog

Sourced from logstasher's changelog.

2.1.5

  • Ruby 3.0 and Rails 6 support

1.2.2

  • Merge from #142 - Fix bug in detection of ActiveJob

1.2.1

  • Merge from #131 - Fix gem initialization on MacOS Sierra

1.2.0

  • Merge from #130 - Allow non-rails project to use this gem
  • Merge from #125 - Updated yaml config

1.1.1

  • Typo fixes. Merge from #127

1.1.0

  • Added 'field_renaming' configuration option

1.0.0

  • Drops support for ruby < 2 and Rails < 4
Commits


Updates json-schema_builder from 0.0.8 to 0.8.2

Commits
  • 0adaef5 Bugfix Entity#required= with non-true values
  • 44dc6a4 Allow required property errors to be customized more easily
  • 3b6e870 Bump version
  • 90e16e4 Allow entity definitions to reopened and extended
  • a1931ce Allow schemas to be built iteratively
  • a0ec3a9 Bump version
  • f5ee96d Prevent array items from attempting to merge anyOf children. Fixes #6
  • 7b5c302 Merge pull request #3 from jirutka/pattern_properties
  • 372d069 Fix pattern_properties to be actually usable
  • cc16075 Bump version
  • Additional commits viewable in compare view


Updates pundit from 1.1.0 to 2.2.0

Changelog

Sourced from pundit's changelog.

2.2.0 (2022-02-11)

Fixed

  • Using policy_class and a namespaced record now passes only the record when instantiating the policy. (#697, #689, #694, #666)

Changed

  • Require users to explicitly define Scope#resolve in generated policies (#711, #722)

Deprecated

  • Deprecate include Pundit in favor of include Pundit::Authorization (#621)

2.1.1 (2021-08-13)

Friday 13th-release!

Careful! The bugfix below (#626) could break existing code. If you rely on the return value for authorize and namespaced policies you might need to do some changes.

Fixed

  • .authorize and #authorize return the instance, even for namespaced policies (#626)

Changed

  • Generate application scope with protected attr_readers. (#616)

Removed

  • Dropped support for Ruby end-of-life versions: 2.1 and 2.2. (#604)
  • Dropped support for Ruby end-of-life versions: 2.3 (#633)
  • Dropped support for Ruby end-of-life versions: 2.4, 2.5 and JRuby 9.1 (#676)
  • Dropped support for RSpec 2 (#615)

2.1.0 (2019-08-14)

Fixed

  • Avoid name clashes with the Error class. (#590)

Changed

  • Return a safer default NotAuthorizedError message. (#583)

2.0.1 (2019-01-18)

... (truncated)

Commits
  • d569083 Release v2.2.0
  • a636019 Merge pull request #722 from varvet/kbs+dgms/test-generators
  • 5acf84c Merge pull request #710 from petergoldstein/feature/add_ruby_3_1_to_travis
  • 44cfa73 Require users to explicitly define Scope#resolve
  • 54675c6 Merge pull request #717 from drewmoore/update-documentation-for-headless-poli...
  • 856d74d Merge pull request #719 from varvet/kbs/add-documentation-note-to-README
  • 3aefb95 Add another note about API documentation
  • 67e0dd3 Remove Struct inheritance from headless policy example
  • 3c725c7 Merge pull request #708 from MarceloAGuimaraes/update-rubocop
  • 4bb0c7d Removing ruby 2.6 as required version because JRuby jruby-9.2 considers itsel...
  • Additional commits viewable in compare view


Updates rspec-rails from 3.4.2 to 5.1.2

Release notes

Sourced from rspec-rails's releases.

4.0.2 / 2020-12-26

Full Changelog

Bug Fixes:

  • Indent all extra failure lines output from system specs. (Alex Robbin, #2321)
  • Generated request spec for update now uses the correct let. (Paul Hanyzewski, #2344)
  • Return true/false from predicate methods in config rather than raw values. (Phil Pirozhkov, Jon Rowe, #2353, #2354)
  • Remove old #fixture_path feature detection code which broke under newer Rails. (Koen Punt, Jon Rowe, #2370)
Changelog

Sourced from rspec-rails's changelog.

5.1.2 / 2022-04-24

Full Changelog

Bug Fixes:

  • Fix controller scaffold templates parameter name. (Taketo Takashima, #2591)
  • Include generator specs in the inferred list of specs. (Jason Karns, #2597)

5.1.1 / 2022-03-07

Full Changelog

Bug Fixes:

  • Properly handle global id serialised arguments in have_enqueued_mail. (Jon Rowe, #2578)

5.1.0 / 2022-01-26

Full Changelog

Enhancements:

  • Make the API request scaffold template more consistent and compatible with Rails 6.1. (Naoto Hamada, #2484)
  • Change the scaffold rails_helper.rb template to use require_relative. (Jon Dufresne, #2528)

5.0.3 / 2022-01-26

Full Changelog

Bug Fixes:

  • Properly name params in controller and request spec templates when using the --model-name parameter. (@​kenzo-tanaka, #2534)
  • Fix parameter matching with mail delivery job and ActionMailer::MailDeliveryJob. (Fabio Napoleoni, #2516, #2546)
  • Fix Rails 7 have_enqueued_mail compatibility (Mikael Henriksson, #2537, #2546)

5.0.2 / 2021-08-14

Full Changelog

Bug Fixes:

  • Prevent generated job specs from duplicating _job in filenames. (Nick Flückiger, #2496)
  • Fix ActiveRecord::TestFixture#uses_transaction by using example description to replace example name rather than example in our monkey patched run_in_transaction? method. (Stan Lo, #2495)
  • Prevent keyword arguments being lost when methods are invoked dynamically in controller specs. (Josh Cheek, #2509, #2514)

... (truncated)

Commits


Updates redis from 3.3.5 to 5.0.5

Changelog

Sourced from redis's changelog.

5.0.5

  • Fix automatic disconnection when the process was forked. See #1157.

5.0.4

  • Cast ttl argument to integer in expire, setex and a few others.

5.0.3

  • Add OutOfMemoryError as a subclass of CommandError

5.0.2

  • Fix Redis#close to properly reset the fork protection check.

5.0.1

  • Added a fake Redis::Connections.drivers method to be compatible with older sidekiq versions.

5.0.0

  • Eagerly and strictly cast Integer and Float parameters.
  • Allow to call subscribe, unsubscribe, psubscribe and punsubscribe from a subscribed client. See #1131.
  • Use MD5 for hashing server nodes in Redis::Distributed. This should improve keys distribution among servers. See #1089.
  • Changed sadd and srem to now always return an Integer.
  • Added sadd? and srem? which always return a Boolean.
  • Added support for IDLE paramter in xpending.
  • Cluster support has been moved to a redis-clustering companion gem.
  • select no longer record the current database. If the client has to reconnect after select was used, it will reconnect to the original database.
  • Better support Float timeout in blocking commands. See #977.
  • Redis.new will now raise an error if provided unknown options.
  • Removed positional timeout in blocking commands (BLPOP, etc). Timeout now must be passed as an option: r.blpop("key", timeout: 2.5)
  • Removed logger option.
  • Removed reconnect_delay_max and reconnect_delay, you can pass precise sleep durations to reconnect_attempts instead.
  • Require Ruby 2.5+.
  • Removed the deprecated queue and commit methods. Use pipelined instead.
  • Removed the deprecated Redis::Future#==.
  • Removed the deprecated pipelined and multi signature. Commands now MUST be called on the block argument, not the original redis instance.
  • Removed Redis.current. You shouldn't assume there is a single global Redis connection, use a connection pool instead, and libaries using Redis should accept a Redis instance (or connection pool) as a config. E.g. MyLibrary.redis = Redis.new(...).
  • Removed the synchrony driver.
  • Removed Redis.exists_returns_integer, it's now always enabled.

4.8.0

  • Introduce sadd? and srem? as boolean returning versions of sadd and srem.
  • Deprecate sadd and srem returning a boolean when called with a single argument. To enable the redis 5.0 behavior you can set Redis.sadd_returns_boolean = false.
  • Deprecate passing timeout as a positional argument in blocking commands (brpop, blop, etc).

... (truncated)

Commits
  • f3d886f Release 5.0.5
  • bdd51c9 Bump redis-cluster-client
  • 9429205 Merge pull request #1158 from casperisfine/fork-handling
  • 389d8b6 Fix automatic disconnection when the process was forked
  • fdf61e5 Merge pull request #1156 from roharon/hash_flatten_performance
  • 525e5c4 Modify: improve performance of hash flatten without to_a method
  • 912c008 Merge pull request #1155 from dentarg/patch-1
  • 371d8c1 Fix Ruby syntax in example in README
  • 07cccee Merge pull request #1153 from supercaracal/fix-cluster-test
  • d6cf651 Shrink cluster test cases guaranteed by redis-cluster-client and focus on beh...
  • Additional commits viewable in compare view


Updates factory_girl_rails from 4.7.0 to 4.9.0

Release notes

Sourced from factory_girl_rails's releases.

Version 4.9.0

This is the final release of factory_girl_rails, which has been renamed to factory_bot_rails.

Learn more about the name change here: https://robots.thoughtbot.com/factory_bot

Version 4.8.2

This is the first release of factory_bot_rails, formerly known as factory_girl_rails.

Learn more about the name change here: https://robots.thoughtbot.com/factory_bot

Changelog

Sourced from factory_girl_rails's changelog.

factory_bot_rails versioning is synced with factory_bot releases. For this reason there might not be any notable changes in new versions of this project.

NEWS

6.2.0 (May 7, 2021)

  • Changed: factory_bot dependency to ~> 6.2.0

6.1.0 (July 8, 2020)

  • Changed: factory_bot dependency to ~> 6.1.0

6.0.0 (June 18, 2020)

  • Fixed: generate a plural factory name when the --force-plural flag is provided
  • Changed: factory_bot dependency to ~> 6.0.0
  • Removed: "factory_bot.register_reloader" initializer, now registering the reloader after application initialization
  • Removed: support for EOL versions of Ruby (2.3, 2.4) and Rails (4.2)

5.2.0 (April 26, 2020)

  • Changed: factory_bot dependency to ~> 5.2.0

5.1.1 (September 24, 2019)

  • Fixed: Ensure definitions do not load before I18n is initialized

5.1.0 (September 24, 2019)

  • Changed: factory_bot dependency to ~> 5.1.0

5.0.2 (April 14, 2019)

  • Bugfix: Reload factory_bot whenever the application changes to avoid holding onto stale object references
  • Bugfix: Avoid watching project root when no factory definitions exist

5.0.1 (February 9, 2019)

  • Bugfix: Avoid watching files and directories that don't exist (to avoid a file watching bug in Rails rails/rails#32700)

5.0.0 (February 1, 2019)

  • Added: calling reload! in the Rails console will reload any factory definition files that have changed
  • Added: support for custom generator templates
  • Added: definition_file_paths configuration option, making it easier to place factories in custom locations
  • Changed: namespaced models are now generated inside a directory matching the namespace

... (truncated)

Commits
  • 13ecff9 Bump version to 4.9.0
  • ebd3310 Update FactoryGirl requirement to 4.9.0
  • dca3731 Bump version to 4.8.0
  • 91dfdca Update Factory Girl requirement to 4.8.0
  • 4a7afc4 Updates ReadMe to recommend environments for gem
  • ec478f1 Appraise against Rails 5.0
  • 4044827 link to confguring the test suite
  • a44854d Update Gemspec file to not use git ls-files
  • 282b293 Add $ to command line instruction
  • 24f3624 update gemspec description
  • Additional commits viewable in compare view


Updates schema_plus_pg_indexes from 0.1.12 to 0.3.2

Commits
  • a7e2d23 version bump to 0.3.2
  • d1b39ec add rails 5.2 support
  • cba2661 relax rspec version constraint
  • 46db5ce version bump 0.3.1
  • c71d49f Merge pull request #19 from joxxoxo/fix-schema-dump-for-complex-order-clause
  • a741253 Fix schema dump for complex order clause
  • a583df3 version bump 0.3.0
  • ee595b0 change "History" => "Release Notes"
  • f8b4e2d Merge branch 'AR-5.1'
  • f3fbba6 adjust expectations to match AR 5.1 dump
  • Additional commits viewable in compare view


Updates zooniverse_social from 1.1.0 to 1.2.0

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/zooniverse/talk-api/network/alerts).
dependabot[bot] commented 1 year ago

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.