search

zooniverse / talk-api

Apache License 2.0
6 stars 0 forks source link

Bump sidekiq, factory_girl_rails, json-schema_builder, logstasher, pundit, rack-cors, rails, restpack_serializer, rspec-rails and schema_plus_pg_indexes #307

Closed dependabot[bot] closed 11 months ago

dependabot[bot] commented 1 year ago

Bumps sidekiq, factory_girl_rails, json-schema_builder, logstasher, pundit, rack-cors, rails, restpack_serializer, rspec-rails and schema_plus_pg_indexes. These dependencies needed to be updated together. Updates sidekiq from 5.2.8 to 7.1.4

Changelog

Sourced from sidekiq's changelog.

7.1.4

  • Fix empty retry_for logic #6035

7.1.3

  • Add sidekiq_options retry_for: 48.hours to allow time-based retry windows #6029
  • Support sidekiq_retry_in and sidekiq_retries_exhausted_block in ActiveJobs (#5994)
  • Lowercase all Rack headers for Rack 3.0 #5951
  • Validate Sidekiq::Web page refresh delay to avoid potential DoS, CVE-2023-26141, thanks for reporting Keegan!

7.1.2

  • Mark Web UI assets as private so CDNs won't cache them #5936
  • Fix stackoverflow when using Oj and the JSON log formatter #5920
  • Remove spurious enqueued_at from scheduled ActiveJobs #5937

7.1.1

  • Support multiple CurrentAttributes #5904
  • Speed up latency fetch with large queues on Redis <7 #5910
  • Allow a larger default client pool #5886
  • Ensure Sidekiq.options[:environment] == RAILS_ENV #5932

7.1.0

  • Improve display of ActiveJob arguments in Web UI [#5825, cover]
  • Update push_bulk to push batch_size jobs at a time and allow laziness [#5827, fatkodima] This allows Sidekiq::Client to push unlimited jobs as long as it has enough memory for the batch_size.
  • Update perform_bulk to use push_bulk internally.
  • Change return value of push_bulk to map 1-to-1 with arguments. If you call push_bulk(args: [[1], [2], [3]]), you will now always get an array of 3 values as the result: ["jid1", nil, "jid3"] where nil means that particular job did not push successfully (possibly due to middleware stopping it). Previously nil values were removed so it was impossible to tell which jobs pushed successfully and which did not.
  • Migrate away from all deprecated Redis commands #5788 Sidekiq will now print a warning if you use one of those deprecated commands.
  • Prefix all Sidekiq thread names #5872

7.0.9

  • Restore confirmation dialogs in Web UI [#5881, shevaun]

... (truncated)

Commits


Updates factory_girl_rails from 4.7.0 to 4.9.0

Release notes

Sourced from factory_girl_rails's releases.

Version 4.9.0

This is the final release of factory_girl_rails, which has been renamed to factory_bot_rails.

Learn more about the name change here: https://robots.thoughtbot.com/factory_bot

Version 4.8.2

This is the first release of factory_bot_rails, formerly known as factory_girl_rails.

Learn more about the name change here: https://robots.thoughtbot.com/factory_bot

Changelog

Sourced from factory_girl_rails's changelog.

factory_bot_rails versioning is synced with factory_bot releases. For this reason there might not be any notable changes in new versions of this project.

NEWS

6.2.0 (May 7, 2021)

  • Changed: factory_bot dependency to ~> 6.2.0

6.1.0 (July 8, 2020)

  • Changed: factory_bot dependency to ~> 6.1.0

6.0.0 (June 18, 2020)

  • Fixed: generate a plural factory name when the --force-plural flag is provided
  • Changed: factory_bot dependency to ~> 6.0.0
  • Removed: "factory_bot.register_reloader" initializer, now registering the reloader after application initialization
  • Removed: support for EOL versions of Ruby (2.3, 2.4) and Rails (4.2)

5.2.0 (April 26, 2020)

  • Changed: factory_bot dependency to ~> 5.2.0

5.1.1 (September 24, 2019)

  • Fixed: Ensure definitions do not load before I18n is initialized

5.1.0 (September 24, 2019)

  • Changed: factory_bot dependency to ~> 5.1.0

5.0.2 (April 14, 2019)

  • Bugfix: Reload factory_bot whenever the application changes to avoid holding onto stale object references
  • Bugfix: Avoid watching project root when no factory definitions exist

5.0.1 (February 9, 2019)

  • Bugfix: Avoid watching files and directories that don't exist (to avoid a file watching bug in Rails rails/rails#32700)

5.0.0 (February 1, 2019)

  • Added: calling reload! in the Rails console will reload any factory definition files that have changed
  • Added: support for custom generator templates
  • Added: definition_file_paths configuration option, making it easier to place factories in custom locations
  • Changed: namespaced models are now generated inside a directory matching the namespace

... (truncated)

Commits
  • 13ecff9 Bump version to 4.9.0
  • ebd3310 Update FactoryGirl requirement to 4.9.0
  • dca3731 Bump version to 4.8.0
  • 91dfdca Update Factory Girl requirement to 4.8.0
  • 4a7afc4 Updates ReadMe to recommend environments for gem
  • ec478f1 Appraise against Rails 5.0
  • 4044827 link to confguring the test suite
  • a44854d Update Gemspec file to not use git ls-files
  • 282b293 Add $ to command line instruction
  • 24f3624 update gemspec description
  • Additional commits viewable in compare view


Updates json-schema_builder from 0.0.8 to 0.8.2

Commits
  • 0adaef5 Bugfix Entity#required= with non-true values
  • 44dc6a4 Allow required property errors to be customized more easily
  • 3b6e870 Bump version
  • 90e16e4 Allow entity definitions to reopened and extended
  • a1931ce Allow schemas to be built iteratively
  • a0ec3a9 Bump version
  • f5ee96d Prevent array items from attempting to merge anyOf children. Fixes #6
  • 7b5c302 Merge pull request #3 from jirutka/pattern_properties
  • 372d069 Fix pattern_properties to be actually usable
  • cc16075 Bump version
  • Additional commits viewable in compare view


Updates logstasher from 0.9.0 to 2.1.5

Release notes

Sourced from logstasher's releases.

Latest release

This is for enabling auto release in github actions

Changelog

Sourced from logstasher's changelog.

2.1.5

  • Ruby 3.0 and Rails 6 support

1.2.2

  • Merge from #142 - Fix bug in detection of ActiveJob

1.2.1

  • Merge from #131 - Fix gem initialization on MacOS Sierra

1.2.0

  • Merge from #130 - Allow non-rails project to use this gem
  • Merge from #125 - Updated yaml config

1.1.1

  • Typo fixes. Merge from #127

1.1.0

  • Added 'field_renaming' configuration option

1.0.0

  • Drops support for ruby < 2 and Rails < 4
Commits


Updates pundit from 1.1.0 to 2.3.1

Changelog

Sourced from pundit's changelog.

2.3.1 (2023-07-17)

Fixed

  • Use Kernel.warn instead of ActiveSupport::Deprecation.warn for deprecations (#764)
  • Policy generator now works on Ruby 3.2 (#754)

2.3.0 (2022-12-19)

Added

  • add support for rubocop-rspec syntax extensions (#745)

2.2.0 (2022-02-11)

Fixed

  • Using policy_class and a namespaced record now passes only the record when instantiating the policy. (#697, #689, #694, #666)

Changed

  • Require users to explicitly define Scope#resolve in generated policies (#711, #722)

Deprecated

  • Deprecate include Pundit in favor of include Pundit::Authorization (#621)

2.1.1 (2021-08-13)

Friday 13th-release!

Careful! The bugfix below (#626) could break existing code. If you rely on the return value for authorize and namespaced policies you might need to do some changes.

Fixed

  • .authorize and #authorize return the instance, even for namespaced policies (#626)

Changed

  • Generate application scope with protected attr_readers. (#616)

Removed

  • Dropped support for Ruby end-of-life versions: 2.1 and 2.2. (#604)
  • Dropped support for Ruby end-of-life versions: 2.3 (#633)
  • Dropped support for Ruby end-of-life versions: 2.4, 2.5 and JRuby 9.1 (#676)
  • Dropped support for RSpec 2 (#615)

... (truncated)

Commits
  • 4e75805 Release v2.3.1
  • 4594188 Fix e-mail address of Varvet AB author
  • a9e02df Merge pull request #769 from varvet/kbs/adjust-readme-wording
  • 1fae7fe Add backticks around codey-things
  • 5b22078 Merge pull request #771 from fdocr/patch-1
  • c0971c0 Update README.md
  • 64228ce Update README, because nothing is ever simple
  • 1f5f6be Merge pull request #764 from etiennebarrie/remove-deprecated-usage-of-actives...
  • 391bcb6 Merge pull request #767 from varvet/kbs/update-community-health-files
  • b86b5aa Add changelog
  • Additional commits viewable in compare view


Updates rack-cors from 1.0.6 to 2.0.1

Changelog

Sourced from rack-cors's changelog.

2.0.1 - 2023-02-17

Changed

  • Use Rack::Utils::HeaderHash when Rack 2.x is detected

2.0.0 - 2023-02-14

Changed

  • Refactored codebase
  • Support declaring custom protocols in origin
  • Lowercased header names as defined by Rack spec
  • Fix issue with duplicate headers because of header name case

1.1.1 - 2019-12-29

Changed

  • Allow //* to match // and / paths

1.1.0 - 2019-11-19

Changed

  • Use Rack::Utils.escape_path instead of Rack::Utils.escape
  • Require Rack 2.0 for escape_path method
  • Don't try to clean path if invalid.
  • Return 400 (Bad Request) on preflights with invalid path
Commits


Updates rails from 4.2.11.3 to 5.2.8.1

Release notes

Sourced from rails's releases.

5.2.8.1

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • Change ActiveRecord::Coders::YAMLColumn default to safe_load

    This adds two new configuration options The configuration options are as follows:

    • config.active_storage.use_yaml_unsafe_load

    When set to true, this configuration option tells Rails to use the old "unsafe" YAML loading strategy, maintaining the existing behavior but leaving the possible escalation vulnerability in place. Setting this option to true is not recommended, but can aid in upgrading.

    • config.active_record.yaml_column_permitted_classes

    The "safe YAML" loading method does not allow all classes to be deserialized by default. This option allows you to specify classes deemed "safe" in your application. For example, if your application uses Symbol and Time in serialized data, you can add Symbol and Time to the allowed list as follows:

    config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]

    [CVE-2022-32224]

Action View

  • No changes.

Action Pack

... (truncated)

Commits
  • 8030cff Preparing for 5.2.8.1 release
  • 85b72c3 Ruby 3.1 compatibility
  • ec10235 updating version and changelog
  • 6576aa7 Change ActiveRecord::Coders::YAMLColumn default to safe_load
  • 2652133 Preparing for 5.2.8 release
  • a1b8a9b Merge pull request #45027 from rails/fix-tag-helper-regression
  • cfef5e9 Merge pull request #44966 from fallwith/patch-1
  • cd9d9f0 retain Ruby 2.2 compatibility for Rails 5.2
  • 9f3761a Merge branch '5-2-sec' into 5-2-stable
  • b290430 Preparing for 5.2.7.1 release
  • Additional commits viewable in compare view


Updates restpack_serializer from 637aaaf to 0.5.9

Commits


Updates rspec-rails from 3.4.2 to 5.1.2

Release notes

Sourced from rspec-rails's releases.

4.0.2 / 2020-12-26

Full Changelog

Bug Fixes:

  • Indent all extra failure lines output from system specs. (Alex Robbin, #2321)
  • Generated request spec for update now uses the correct let. (Paul Hanyzewski, #2344)
  • Return true/false from predicate methods in config rather than raw values. (Phil Pirozhkov, Jon Rowe, #2353, #2354)
  • Remove old #fixture_path feature detection code which broke under newer Rails. (Koen Punt, Jon Rowe, #2370)
Changelog

Sourced from rspec-rails's changelog.

5.1.2 / 2022-04-24

Full Changelog

Bug Fixes:

  • Fix controller scaffold templates parameter name. (Taketo Takashima, #2591)
  • Include generator specs in the inferred list of specs. (Jason Karns, #2597)

5.1.1 / 2022-03-07

Full Changelog

Bug Fixes:

  • Properly handle global id serialised arguments in have_enqueued_mail. (Jon Rowe, #2578)

5.1.0 / 2022-01-26

Full Changelog

Enhancements:

  • Make the API request scaffold template more consistent and compatible with Rails 6.1. (Naoto Hamada, #2484)
  • Change the scaffold rails_helper.rb template to use require_relative. (Jon Dufresne, #2528)

5.0.3 / 2022-01-26

Full Changelog

Bug Fixes:

  • Properly name params in controller and request spec templates when using the --model-name parameter. (@​kenzo-tanaka, #2534)
  • Fix parameter matching with mail delivery job and ActionMailer::MailDeliveryJob. (Fabio Napoleoni, #2516, #2546)
  • Fix Rails 7 have_enqueued_mail compatibility (Mikael Henriksson, #2537, #2546)

5.0.2 / 2021-08-14

Full Changelog

Bug Fixes:

  • Prevent generated job specs from duplicating _job in filenames. (Nick Flückiger, #2496)
  • Fix ActiveRecord::TestFixture#uses_transaction by using example description to replace example name rather than example in our monkey patched run_in_transaction? method. (Stan Lo, #2495)
  • Prevent keyword arguments being lost when methods are invoked dynamically in controller specs. (Josh Cheek, #2509, #2514)

... (truncated)

Commits


Updates schema_plus_pg_indexes from 0.1.12 to 0.3.2

Commits
  • a7e2d23 version bump to 0.3.2
  • d1b39ec add rails 5.2 support
  • cba2661 relax rspec version constraint
  • 46db5ce version bump 0.3.1
  • c71d49f Merge pull request #19 from joxxoxo/fix-schema-dump-for-complex-order-clause
  • a741253 Fix schema dump for complex order clause
  • a583df3 version bump 0.3.0
  • ee595b0 change "History" => "Release Notes"
  • f8b4e2d Merge branch 'AR-5.1'
  • f3fbba6 adjust expectations to match AR 5.1 dump
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/zooniverse/talk-api/network/alerts).
dependabot[bot] commented 11 months ago

Superseded by #310.