🚨 [security] Update rails 7.0.5.1 → 7.0.7.2 (patch)

[depfu]

---

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

---

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ rails (7.0.5.1 → 7.0.7.2) · Repo

Release Notes

7.0.7.2

No changes between this and 7.0.7.2. This release was just to fix file permissions in the previous release.

7.0.7.1

Active Support

• Use a temporary file for storing unencrypted files while editing

  [CVE-2023-38037]

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• No changes.

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• No changes.

Action Mailbox

• No changes.

Action Text

• No changes.

Railties

• No changes.

7.0.7

Active Support

• Fix Cache::NullStore with local caching for repeated reads.

  fatkodima

• Fix to_s with no arguments not respecting custom :default formats

  Hartley McGuire

• Fix ActiveSupport::Inflector.humanize(nil) raising NoMethodError: undefined method `end_with?' for nil:NilClass.

  James Robinson

• Fix Enumerable#sum for Enumerator#lazy.

  fatkodima, Matthew Draper, Jonathan Hefner

• Improve error message when EventedFileUpdateChecker is used without a
  compatible version of the Listen gem

  Hartley McGuire

Active Model

• Error.full_message now strips ":base" from the message.

  zzak

• Add a load hook for ActiveModel::Model (named active_model) to match the load hook for
  ActiveRecord::Base and allow for overriding aspects of the ActiveModel::Model class.

Active Record

• Restores functionality to the missing method when using enums and fixes.

  paulreece

• Fix StatementCache::Substitute with serialized type.

  ywenc

• Fix :db_runtime on notification payload when application have multiple databases.

  Eileen M. Uchitelle

• Correctly dump check constraints for MySQL 8.0.16+.

  Steve Hill

• Fix ActiveRecord::QueryMethods#in_order_of to include nils, to match the
  behavior of Enumerable#in_order_of.

  For example, Post.in_order_of(:title, [nil, "foo"]) will now include posts
  with nil titles, the same as Post.all.to_a.in_order_of(:title, [nil, "foo"]).

  fatkodima

• Revert "Fix autosave associations with validations added on :base of the associated objects."

  This change intended to remove the :base attribute from the message,
  but broke many assumptions which key these errors were stored.

  zzak

• Fix #previously_new_record? to return true for destroyed records.

  Before, if a record was created and then destroyed, #previously_new_record? would return true.
  Now, any UPDATE or DELETE to a record is considered a change, and will result in #previously_new_record?
  returning false.

  Adrianna Chang

• Revert breaking changes to has_one relationship deleting the old record before the new one is validated.

  zzak

• Fix support for Active Record instances being uses in queries.

  As of 7.0.5, query arguments were deep duped to avoid mutations impacting
  the query cache, but this had the adverse effect to clearing the primary key when
  the query argument contained an ActiveRecord::Base instance.

  This broke the noticed gem.

  Jean Boussier

Action View

• Fix render collection: @records, cache: true to cache fragments as bare strings

  Previously it would incorrectly cache them as Action View buffers.

  Jean Boussier

• Don't double-encode nested field_id and field_name index values

  Pass index: @options as a default keyword argument to field_id and
  field_name view helper methods.

  Sean Doyle

Action Pack

• No changes.

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• No changes.

Action Mailbox

• No changes.

Action Text

• No changes.

Railties

• Update default scaffold templates to set 303 (See Other) as status code
  on redirect for the update action for XHR requests other than GET or POST
  to avoid issues (e.g browsers trying to follow the redirect using the
  original request method resulting in double PATCH/PUT)

  Guillermo Iguaran

7.0.6

Active Support

• Fix EncryptedConfiguration returning incorrect values for some Hash
  methods

  Hartley McGuire

• Fix arguments being destructed Enumerable#many? with block.

  Andrew Novoselac

• Fix humanize for strings ending with id.

  fatkodima

Active Model

• No changes.

Active Record

• Fix autosave associations with validations added on :base of the associated objects.

  fatkodima

• Fix result with anonymous PostgreSQL columns of different type from json.

  Oleksandr Avoiants

• Preserve timestamp when setting an ActiveSupport::TimeWithZone value to timestamptz attribute.

  fatkodima

• Fix where on association with has_one/has_many polymorphic relations.

  Before:

  Treasure.where(price_estimates: PriceEstimate.all)
  #=> SELECT (...) WHERE "treasures"."id" IN (SELECT "price_estimates"."estimate_of_id" FROM "price_estimates")

  Later:

  Treasure.where(price_estimates: PriceEstimate.all)
  #=> SELECT (...) WHERE "treasures"."id" IN (SELECT "price_estimates"."estimate_of_id" FROM "price_estimates" WHERE "price_estimates"."estimate_of_type" = 'Treasure')

  Lázaro Nixon

• Fix decrementing counter caches on optimistically locked record deletion

  fatkodima

• Ensure binary-destined values have binary encoding during type cast.

  Matthew Draper

• Preserve existing column default functions when altering table in SQLite.

  fatkodima

• Remove table alias added when using where.missing or where.associated.

  fatkodima

• Fix Enumerable#in_order_of to only flatten first level to preserve nesting.

  Miha Rekar

Action View

• No changes.

Action Pack

• No changes.

Active Job

• Fix error Active Job passed class with permitted?.

  Alex Baldwin

Action Mailer

• No changes.

Action Cable

• Fix Action Cable Redis configuration with sentinels.

  Dmitriy Ivliev

Active Storage

• Fix retrieving rotation value from FFmpeg on version 5.0+.

  In FFmpeg version 5.0+ the rotation value has been removed from tags.
  Instead the value can be found in side_data_list. Along with
  this update it's possible to have values of -90, -270 to denote the video
  has been rotated.

  Haroon Ahmed

Action Mailbox

• No changes.

Action Text

• No changes.

Railties

• Avoid escaping paths when editing credentials.

  Jonathan Hefner

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

✳️ net-imap (0.3.6 → 0.3.7) · Repo

Release Notes

0.3.7

What's Changed

• 🔒️ Backport: Fix for Digest MD5 bad challenges by @nobu in #160
  • PR for backport is #161

Full Changelog: v0.3.6...v0.3.7

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ actioncable (indirect, 7.0.5.1 → 7.0.7.2) · Repo · Changelog

Release Notes

7.0.7.1 (from changelog)

• No changes.

7.0.7 (from changelog)

• No changes.

7.0.6 (from changelog)

• Fix Action Cable Redis configuration with sentinels.

  Dmitriy Ivliev

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ actionmailbox (indirect, 7.0.5.1 → 7.0.7.2) · Repo · Changelog

↗️ actionmailer (indirect, 7.0.5.1 → 7.0.7.2) · Repo · Changelog

Release Notes

7.0.7.1 (from changelog)

• No changes.

7.0.7 (from changelog)

• No changes.

7.0.6 (from changelog)

• No changes.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ actionpack (indirect, 7.0.5.1 → 7.0.7.2) · Repo · Changelog

Release Notes

7.0.7.1 (from changelog)

• No changes.

7.0.7 (from changelog)

• No changes.

7.0.6 (from changelog)

• No changes.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ actiontext (indirect, 7.0.5.1 → 7.0.7.2) · Repo · Changelog

Release Notes

7.0.7.1 (from changelog)

• No changes.

7.0.7 (from changelog)

• No changes.

7.0.6 (from changelog)

• No changes.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ actionview (indirect, 7.0.5.1 → 7.0.7.2) · Repo · Changelog

Release Notes

7.0.7.1 (from changelog)

• No changes.

7.0.7 (from changelog)

• Fix render collection: @records, cache: true to cache fragments as bare strings

  Previously it would incorrectly cache them as Action View buffers.

  Jean Boussier

• Don't double-encode nested field_id and field_name index values

  Pass index: @options as a default keyword argument to field_id and field_name view helper methods.

  Sean Doyle

7.0.6 (from changelog)

• No changes.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ activejob (indirect, 7.0.5.1 → 7.0.7.2) · Repo · Changelog

Release Notes

7.0.7.1 (from changelog)

• No changes.

7.0.7 (from changelog)

• No changes.

7.0.6 (from changelog)

• Fix error Active Job passed class with permitted?.

  Alex Baldwin

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ activemodel (indirect, 7.0.5.1 → 7.0.7.2) · Repo · Changelog

Release Notes

7.0.7.1 (from changelog)

• No changes.

7.0.7 (from changelog)

• Error.full_message now strips ":base" from the message.

  zzak

• Add a load hook for ActiveModel::Model (named active_model) to match the load hook for ActiveRecord::Base and allow for overriding aspects of the ActiveModel::Model class.

7.0.6 (from changelog)

• No changes.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ activerecord (indirect, 7.0.5.1 → 7.0.7.2) · Repo · Changelog

Release Notes

7.0.7.1 (from changelog)

• No changes.

7.0.7 (from changelog)

• Restores functionality to the missing method when using enums and fixes.

  paulreece

• Fix StatementCache::Substitute with serialized type.

  ywenc

• Fix :db_runtime on notification payload when application have multiple databases.

  Eileen M. Uchitelle

• Correctly dump check constraints for MySQL 8.0.16+.

  Steve Hill

• Fix ActiveRecord::QueryMethods#in_order_of to include nils, to match the behavior of Enumerable#in_order_of.

  For example, Post.in_order_of(:title, [nil, "foo"]) will now include posts with nil titles, the same as Post.all.to_a.in_order_of(:title, [nil, "foo"]).

  fatkodima

• Revert "Fix autosave associations with validations added on :base of the associated objects."

  This change intended to remove the :base attribute from the message, but broke many assumptions which key these errors were stored.

  zzak

• Fix #previously_new_record? to return true for destroyed records.

  Before, if a record was created and then destroyed, #previously_new_record? would return true. Now, any UPDATE or DELETE to a record is considered a change, and will result in #previously_new_record? returning false.

  Adrianna Chang

• Revert breaking changes to has_one relationship deleting the old record before the new one is validated.

  zzak

• Fix support for Active Record instances being uses in queries.

  As of 7.0.5, query arguments were deep duped to avoid mutations impacting the query cache, but this had the adverse effect to clearing the primary key when the query argument contained an ActiveRecord::Base instance.

  This broke the noticed gem.

  Jean Boussier

7.0.6 (from changelog)

• Fix autosave associations with validations added on :base of the associated objects.

  fatkodima

• Fix result with anonymous PostgreSQL columns of different type from json.

  Oleksandr Avoiants

• Preserve timestamp when setting an ActiveSupport::TimeWithZone value to timestamptz attribute.

  fatkodima

• Fix where on association with has_one/has_many polymorphic relations.

  Before:

  Treasure.where(price_estimates: PriceEstimate.all)
  #=> SELECT (...) WHERE "treasures"."id" IN (SELECT "price_estimates"."estimate_of_id" FROM "price_estimates")

  Later:

  Treasure.where(price_estimates: PriceEstimate.all)
  #=> SELECT (...) WHERE "treasures"."id" IN (SELECT "price_estimates"."estimate_of_id" FROM "price_estimates" WHERE "price_estimates"."estimate_of_type" = 'Treasure')

  Lázaro Nixon

• Fix decrementing counter caches on optimistically locked record deletion

  fatkodima

• Ensure binary-destined values have binary encoding during type cast.

  Matthew Draper

• Preserve existing column default functions when altering table in SQLite.

  fatkodima

• Remove table alias added when using where.missing or where.associated.

  fatkodima

• Fix Enumerable#in_order_of to only flatten first level to preserve nesting.

  Miha Rekar

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ activestorage (indirect, 7.0.5.1 → 7.0.7.2) · Repo · Changelog

Release Notes

7.0.7.1 (from changelog)

• No changes.

7.0.7 (from changelog)

• No changes.

7.0.6 (from changelog)

• Fix retrieving rotation value from FFmpeg on version 5.0+.

  In FFmpeg version 5.0+ the rotation value has been removed from tags. Instead the value can be found in side_data_list. Along with this update it's possible to have values of -90, -270 to denote the video has been rotated.

  Haroon Ahmed

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ activesupport (indirect, 7.0.5.1 → 7.0.7.2) · Repo · Changelog

Security Advisories 🚨

🚨 Possible File Disclosure of Locally Encrypted Files

There is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037.

Versions Affected: >= 5.2.0 Not affected: < 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5

Impact

ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file’s permissions are defaulted to the user’s current umask settings, meaning that it’s possible for other users on the same system to read the contents of the temporary file.

Attackers that have access to the file system could possibly read the contents of this temporary file while a user is editing it.

All users running an affected release should either upgrade or use one of the workarounds immediately.

Releases

The fixed releases are available at the normal locations.

Workarounds

To work around this issue, you can set your umask to be more restrictive like this:

$ umask 0077

Release Notes

7.0.7.1 (from changelog)

• Use a temporary file for storing unencrypted files while editing

  [CVE-2023-38037]

7.0.7 (from changelog)

• Fix Cache::NullStore with local caching for repeated reads.

  fatkodima

• Fix to_s with no arguments not respecting custom :default formats

  Hartley McGuire

• Fix ActiveSupport::Inflector.humanize(nil) raising NoMethodError: undefined method `end_with?' for nil:NilClass.

  James Robinson

• Fix Enumerable#sum for Enumerator#lazy.

  fatkodima, Matthew Draper, Jonathan Hefner

• Improve error message when EventedFileUpdateChecker is used without a compatible version of the Listen gem

  Hartley McGuire

7.0.6 (from changelog)

• Fix EncryptedConfiguration returning incorrect values for some Hash methods

  Hartley McGuire

• Fix arguments being destructed Enumerable#many? with block.

  Andrew Novoselac

• Fix humanize for strings ending with id.

  fatkodima

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ mini_mime (indirect, 1.1.2 → 1.1.5) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ mini_portile2 (indirect, 2.8.2 → 2.8.4) · Repo · Changelog

Release Notes

2.8.4

2.8.4 / 2023-07-18

• cmake: set CMAKE compile flags to configure cross-compilation similarly to autotools --host flag: SYSTEM_NAME, SYSTEM_PROCESSOR, C_COMPILER, and CXX_COMPILER. [#130] (Thanks, @stanhu!)

2.8.3

2.8.3 / 2023-07-18

Fixed

• cmake: only use MSYS/NMake generators when available. [#129] (Thanks, @stanhu!)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ minitest (indirect, 5.18.1 → 5.19.0) · Repo · Changelog

Release Notes

5.19.0 (from changelog)

• 2 minor enhancements:

  • Add metadata lazy accessor to Runnable / Result. (matteeyah)

  • Only load minitest/unit (aka ancient MiniTest compatibility layer) if ENV

• 1 bug fix:

  • Minitest::TestTask enthusiastically added itself to default. (ParadoxV5)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ nokogiri (indirect, 1.15.2 → 1.15.4) · Repo · Changelog

Release Notes

1.15.4

1.15.4 / 2023-08-11

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.11.5 from v2.11.4. For details please see https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5

Fixed

• Fixed a typo in a HTML5 parser error message. [#2927] (Thanks, @anishathalye!)
• [CRuby] ObjectSpace.memsize_of is now safe to call on Documents with complex DTDs. In previous versions, this debugging method could result in a segfault. [#2923, #2924]

---

sha256 checksums:

14091a07e07045a440213f7d5ced732fa7654ae8b6c7d180137f4124c5284ab8  nokogiri-1.15.4-aarch64-linux.gem
572ddc19934d010e98821a946d89462ae66b310fecc3fe12c48b0025c2f76855  nokogiri-1.15.4-arm-linux.gem
707288e293f4fc82a008f90b7ba0180d9f803f6a239a13e424378fedf8cf93e9  nokogiri-1.15.4-arm64-darwin.gem
04745925f63af61144eccef38a703928629cf97c34dbb1c42e3def17ac77ec92  nokogiri-1.15.4-java.gem
a0bfb65461a0453afed1a41b235fe84d5b9c7f4d70afd45f0dc2fdec8909faf1  nokogiri-1.15.4-x64-mingw-ucrt.gem
b9d01b9202e33cc23d19b2c1fc18ff4029cdda9b4f937a4baaefd4124a2158ba  nokogiri-1.15.4-x64-mingw32.gem
f6ae258d7ed5f81715118282aa45486e68fd44b9747d0244a236e9ed5b94c45d  nokogiri-1.15.4-x86-linux.gem
3f65b2426ece8da908bd5df5b6262ce525393f5245f8258a245bb4c3f5759b98  nokogiri-1.15.4-x86-mingw32.gem
d756605c540034debd7f486ae27802e6b1b129013fd6b1bb823783ef6f2bc5d7  nokogiri-1.15.4-x86_64-darwin.gem
872ced3d72d797ed9b5a76c67141c6cee7589711358e11c73e9c53724ffd1842  nokogiri-1.15.4-x86_64-linux.gem
e4a801e5ef643cc0036f0a7e93433d18818b31d48c9c287596b68e92c0173c4d  nokogiri-1.15.4.gem

1.15.3

1.15.3 / 2023-07-05

Fixed

• Passing an object that is not a kind of XML::Node as the first parameter to CDATA.new now raises a TypeError. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). [#2920]
• Passing an object that is not a kind of XML::Node as the first parameter to Schema.from_document now raises a TypeError. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). [#2920]
• [CRuby] Passing an object that is not a kind of XML::Node as the second parameter to Text.new now raises a TypeError. Previously this would result in a segfault. [#2920]
• [CRuby] Replacing a node's children via methods like Node#inner_html=, #children=, and #replace no longer defensively dups the node's next sibling if it is a Text node. This behavior was originally adopted to work around libxml2's memory management (see #283 and #595) but should not have included operations involving xmlAddChild(). [#2916]
• [JRuby] Fixed NPE when serializing an unparented HTML node. [#2559, #2895] (Thanks, @cbasguti!)

---

sha256 checksums:

70dadf636ae026f475f07c16b12c685544d4f8a764777df629abf1f7af0f2fb5  nokogiri-1.15.3-aarch64-linux.gem
83871fa3f544dc601e27abbdef87315a77fe1270fe4904986bd3a7df9ca3d56f  nokogiri-1.15.3-arm-linux.gem
fa4a027478df9004a2ce91389af7b7b5a4fc790c23492dca43b210a0f8770596  nokogiri-1.15.3-arm64-darwin.gem
95d410f995364d9780c4147d8fca6974447a1ccd3a1e1b092f0408836a36cc9c  nokogiri-1.15.3-java.gem
599a46b6e4f5a34dd21da06bdbd69611728304af5ef42bb183e4b4ca073fd7a3  nokogiri-1.15.3-x64-mingw-ucrt.gem
92ebfb637c9b7ba92a221b49ea3328c7e5ee79a28307d75ef55bfe4b5807face  nokogiri-1.15.3-x64-mingw32.gem
ee314666eca832fa71b5bb4c090be46a80aded857aa26121b3b51f3ed658a646  nokogiri-1.15.3-x86-linux.gem
44b7f18817894a5b697bab3d757b12bb7857a0218c1b2e0000929456a2178b34  nokogiri-1.15.3-x86-mingw32.gem
1f0bc0343f9dd1db8dd42e4c9110dd24fc11a7f923b9fa0f866e7f90739e4e7a  nokogiri-1.15.3-x86_64-darwin.gem
ca244ed58568d7265088f83c568d2947102fb00bac14b5bc0e63f678dcd6323d  nokogiri-1.15.3-x86_64-linux.gem
876631295a85315dac37e7a71386d62d9eb452a891083cfe7505cca4805088cb  nokogiri-1.15.3.gem

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rack (indirect, 2.2.7 → 2.2.8) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rails-dom-testing (indirect, 2.0.3 → 2.2.0) · Repo

Release Notes

2.2.0

What's Changed

• Allow user to choose the HTML parser used by @flavorjones in #109
• Fix string substitution regression by @nicoco007 in #110

New Contributors

• @nicoco007 made their first contribution in #110

Full Changelog: v2.1.1...v2.2.0

2.1.1

What's Changed

• Fix issue when application isn't using minitest.

Full Changelog: v2.1.0...v2.1.1

2.1.0

What's Changed

• Address warning: mismatched indentations at 'when' with 'case' by @yahonda in #74
• Make assert_dom_equal ignore insignificant whitespace when walking the node tree by @jduff in #84
• Expand Substitution Matching Types support by @seanpdoyle in #90
• Alias assert_select methods to assert_dom versions by @seanpdoyle in #93
• Raise an error if the last arg is the wrong format by @ghiculescu in #96
• Fix replacement for multiple substitutions by @speckins in #76
• Better error message if response.body is blank or not parseable by Nokogiri by @ghiculescu in #97
• selector_assertions/html_selector: No trailing . on content_mismatch by @issyl0 in #102
• Use Minitest::Assertion#diff for content failure messages by @flavorjones in #106

New Contributors

• @nicolasleger made their first contribution in #73
• @yahonda made their first contribution in #74
• @dependabot made their first contribution in #79
• @jduff made their first contribution in #86
• @amatsuda made their first contribution in #88
• @seanpdoyle made their first contribution in #90
• @ghiculescu made their first contribution in #96
• @jbampton made their first contribution in #95
• @speckins made their first contribution in #76
• @issyl0 made their first contribution in #102
• @flavorjones made their first contribution in #103

Full Changelog: v2.0.3...v2.1.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ railties (indirect, 7.0.5.1 → 7.0.7.2) · Repo · Changelog

Release Notes

7.0.7.1 (from changelog)

• No changes.

7.0.7 (from changelog)

• Update default scaffold templates to set 303 (See Other) as status code on redirect for the update action for XHR requests other than GET or POST to avoid issues (e.g browsers trying to follow the redirect using the original request method resulting in double PATCH/PUT)

  Guillermo Iguaran

7.0.6 (from changelog)

• Avoid escaping paths when editing credentials.

  Jonathan Hefner

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ websocket-driver (indirect, 0.7.5 → 0.7.6) · Repo · Changelog

Release Notes

0.7.6 (from changelog)

• Fix handling of default ports in Host headers on Ruby 3.1+

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ zeitwerk (indirect, 2.6.8 → 2.6.11) · Repo · Changelog

Release Notes

2.6.11 (from changelog)

• Let on_load callbacks for implicit namespaces autoload other implicit namespaces.

2.6.10 (from changelog)

• Improve validation of the values returned by the inflector's camelize.

2.6.9 (from changelog)

• Given a path as a string or Pathname object, Zeitwerk::Loader#cpath_expected_at returns a string with the corresponding expected constant path.

  Some examples, assuming that app/models is a root directory:

  loader.cpath_expected_at("app/models")                  # => "Object"
  loader.cpath_expected_at("app/models/user.rb")          # => "User"
  loader.cpath_expected_at("app/models/hotel")            # => "Hotel"
  loader.cpath_expected_at("app/models/hotel/billing.rb") # => "Hotel::Billing"

  This method returns nil for some input like ignored files, and may raise errors too. Please check its documentation for further details.

• Zeitwerk::Loader#load_file raises with a more informative error if given a hidden file or directory.

• Zeitwerk::Loader#eager_load_dir does nothing if the argument is a hidden file or directory. This is coherent with its existing behavior for eager load exclusions and ignored paths. Before, that kind of argument would result in a non-deliberate NameError.

• Documentation improvements.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu cancel merge

Cancels automatic merging of this PR

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)

[coveralls]

coverage: 98.313%. remained the same when pulling 2c83f26 on depfu/update/group/rails-7.0.7.2 into c414177 on main.

[depfu]

Closing because this update has already been applied