search

zooniverse / tove

Transcription Object Viewer/Editor: Backend API for ALICE Text Editor tool
https://alice.zooniverse.org/
2 stars 2 forks source link

Bump rails from 6.1.6 to 7.0.3.1 #338

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps rails from 6.1.6 to 7.0.3.1.

Release notes

Sourced from rails's releases.

7.0.3

Active Support

  • No changes.

Active Model

  • No changes.

Active Record

  • Some internal housekeeping on reloads could break custom respond_to? methods in class objects that referenced reloadable constants. See #44125 for details.

    Xavier Noria

  • Fixed MariaDB default function support.

    Defaults would be written wrong in "db/schema.rb" and not work correctly if using db:schema:load. Further more the function name would be added as string content when saving new records.

    kaspernj

  • Fix remove_foreign_key with :if_exists option when foreign key actually exists.

    fatkodima

  • Remove --no-comments flag in structure dumps for PostgreSQL

    This broke some apps that used custom schema comments. If you don't want comments in your structure dump, you can use:

    ActiveRecord::Tasks::DatabaseTasks.structure_dump_flags = ['--no-comments']

    Alex Ghiculescu

  • Use the model name as a prefix when filtering encrypted attributes from logs.

    For example, when encrypting Person#name it will add person.name as a filter parameter, instead of just name. This prevents unintended filtering of parameters with a matching name in other models.

... (truncated)

Commits
  • 04972d9 Preparing for 7.0.3.1 release
  • 0c68c1f updating version and changelog
  • 9529dc8 Change ActiveRecord::Coders::YAMLColumn default to safe_load
  • 3872bc0 Preparing for 7.0.3 release
  • 74beedc Remove incorrect tests
  • 54bd582 Merge pull request #44947 from jasonkarns/patch-3
  • 082e929 Merge pull request #45027 from rails/fix-tag-helper-regression
  • cd7700b Merge pull request #45016 from adrianna-chang-shopify/ac-fix-strict-loading-p...
  • f99f422 Merge pull request #45018 from lucthev/lt/strict-false
  • fd7dc8f Merge pull request #45013 from JohnAnon9771/fix/doc-active-record-querying
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
guardrails[bot] commented 2 years ago

:warning: We detected 5 security issues in this pull request:

Vulnerable Libraries (5)
Severity | Details ----- | -------- Medium | [actionpack@7.0.3.1](https://github.com/zooniverse/tove/blob/7ceac57ff8a752d0f6a028d756bb9c7f6f8594d4/Gemfile.lock#L5) - **no patch available** Medium | [rack@2.2.4](https://github.com/zooniverse/tove/blob/7ceac57ff8a752d0f6a028d756bb9c7f6f8594d4/Gemfile.lock#L32) - **no patch available** Low | [actioncable@7.0.3.1](https://github.com/zooniverse/tove/blob/7ceac57ff8a752d0f6a028d756bb9c7f6f8594d4/Gemfile.lock#L4) - **no patch available** Medium | [actionview@7.0.3.1](https://github.com/zooniverse/tove/blob/7ceac57ff8a752d0f6a028d756bb9c7f6f8594d4/Gemfile.lock#L21) - **no patch available** High | [activerecord@7.0.3.1](https://github.com/zooniverse/tove/blob/7ceac57ff8a752d0f6a028d756bb9c7f6f8594d4/Gemfile.lock#L12) - **no patch available** More info on how to fix Vulnerable Libraries in [General](https://docs.guardrails.io/docs/en/vulnerabilities/general/using_vulnerable_libraries.html?utm_source=ghpr#).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

dependabot[bot] commented 2 years ago

Superseded by #346.