Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump sqlite3 from 1.4.2 to 1.5.4 in /src/supermarket/engines/fieri #247

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Nov 23, 2022

Bumps sqlite3 from 1.4.2 to 1.5.4.

Release notes

Sourced from sqlite3's releases.

1.5.4 / 2022-11-18

Dependencies

  • Vendored sqlite is updated to v3.40.0.

sha256 checksums:

6b5df9845b54de0933e829c40b222100c7bd5190c53adfd88a19bfafd4520132  sqlite3-1.5.4-aarch64-linux.gem
cfed00e8f9200ea38451856e53e891dc11d3297e95120f1f2879ec8000169941  sqlite3-1.5.4-arm-linux.gem
6e70813a40bc4524623f0d66b96cf3068397973c661ca33773f85cc3e49141a6  sqlite3-1.5.4-arm64-darwin.gem
186bcdd7869b9098f9091640c7e6b250951988eb9f0d92f05e5160b64bed0000  sqlite3-1.5.4-x64-mingw-ucrt.gem
28a4daf8386d67590f86f32284229de2fa66c7e19389fc7e18c60143be616729  sqlite3-1.5.4-x64-mingw32.gem
495757cc3d65484055706adf416ea3ce8040c4b5847d7a3e959e7f22a1990739  sqlite3-1.5.4-x86-linux.gem
d5db3d52c9bfffc172eaae265cb367ad6f8ee99e15deb3386c97889ef1673a95  sqlite3-1.5.4-x86_64-darwin.gem
28a91539287a4a19d1beb1b168cbbec969eda3035a1c8c9208475d9765152f89  sqlite3-1.5.4-x86_64-linux.gem
5d4f6bed23a629651c965f5107861f11df479d74eeef3a70d6ec702f28112101  sqlite3-1.5.4.gem

1.5.3 / 2022-10-11

Fixed

  • Fixed installation of the "ruby" platform gem when building from source on Fedora. In v1.5.0..v1.5.2, installation failed on some systems due to the behavior of Fedora's pkg-config implementation. #355

sha256 checksums:

6780cc379c25a1395568cfd9a422024a0a18e7e2a39024f4120815b1a9d9ddec  sqlite3-1.5.3-aarch64-linux.gem
a8c09c5df83058712489ca7a5b072be8efb62db1d1c30fef4b64e386ff20a408  sqlite3-1.5.3-arm-linux.gem
ed25f7d3a8edc2d0a7b64c51dbb12665e45f750249e88937ae7a4ecdc4a53d13  sqlite3-1.5.3-arm64-darwin.gem
11cd815acd898c1dda022d8145365235fff29cdc2cc155f611c12d66ec925211  sqlite3-1.5.3-x64-mingw-ucrt.gem
10aea826628e6bd4339dccac74679cea6709b95adb78f2661b97101658ac998d  sqlite3-1.5.3-x64-mingw32.gem
c427322e6deb8807165ebb17d027aa8127ae267be2dba769574722f468c0815e  sqlite3-1.5.3-x86-linux.gem
6237622911b170eaf53fa931e3128656d027452acfffdd8cd2d0584f70a40376  sqlite3-1.5.3-x86_64-darwin.gem
12bc33cd1e063651985801a877463aad86645e3bd27d46577dced1a0a41b3826  sqlite3-1.5.3-x86_64-linux.gem
66524f404db0b697620b601dea6381b139e9ce6f47e8eb628759c8d6ddcb25c5  sqlite3-1.5.3.gem

1.5.2 / 2022-10-01

Packaging

This version correctly vendors the tarball for sqlite v3.39.4 in the vanilla "ruby" platform gem package, so that users will not require network access at installation.

... (truncated)

Changelog

Sourced from sqlite3's changelog.

1.5.4 / 2022-11-18

Dependencies

  • Vendored sqlite is updated to v3.40.0.

1.5.3 / 2022-10-11

Fixed

  • Fixed installation of the "ruby" platform gem when building from source on Fedora. In v1.5.0..v1.5.2, installation failed on some systems due to the behavior of Fedora's pkg-config implementation. #355

1.5.2 / 2022-10-01

Packaging

This version correctly vendors the tarball for sqlite v3.39.4 in the vanilla "ruby" platform gem package, so that users will not require network access at installation.

v1.5.0 and v1.5.1 mistakenly packaged the tarball for sqlite v3.38.5 in the vanilla "ruby" platform gem, resulting in downloading the intended tarball over the network at installation time (or, if the network was not available, failure to install). Note that the precompiled native gems were not affected by this issue. #352

1.5.1 / 2022-09-29

Dependencies

  • Vendored sqlite is updated to v3.39.4.

Security

The vendored version of sqlite, v3.39.4, should be considered to be a security release. From the release notes:

Version 3.39.4 is a minimal patch against the prior release that addresses issues found since the prior release. In particular, a potential vulnerability in the FTS3 extension has been fixed, so this should be considered a security update.

In order to exploit the vulnerability, an attacker must have full SQL access and must be able to construct a corrupt database with over 2GB of FTS3 content. The problem arises from a 32-bit signed integer overflow.

For more information please see GHSA-mgvv-5mxp-xq67.

1.5.0 / 2022-09-08

Packaging

Faster, more reliable installation

... (truncated)

Commits
  • beaa142 version bump to v1.5.4
  • a1cdafa Merge pull request #362 from sparklemotion/flavorjones-update-to-3_40_0
  • d5ece08 dep: update packaged sqlite3 to v3.40.0
  • 9ef3c1b ci: add dependencies.yml to actions/cache key
  • c1eb06d Merge pull request #361 from sparklemotion/flavorjones-allow-experimental-builds
  • 1c60661 ci: periodically run tests against upstream sqlite
  • a8f4010 dev: add ability to build against an arbitrary sqlite source tree
  • 72836be Merge pull request #347 from sparklemotion/flavorjones-truffleruby-gem-install
  • 12fc329 version bump to v1.5.3
  • 5ec7855 Merge pull request #355 from sparklemotion/354-work-around-fedora-pkgconf-lib...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [sqlite3](https://github.com/sparklemotion/sqlite3-ruby) from 1.4.2 to 1.5.4.
- [Release notes](https://github.com/sparklemotion/sqlite3-ruby/releases)
- [Changelog](https://github.com/sparklemotion/sqlite3-ruby/blob/master/CHANGELOG.md)
- [Commits](sparklemotion/sqlite3-ruby@v1.4.2...v1.5.4)

---
updated-dependencies:
- dependency-name: sqlite3
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Nov 23, 2022
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Jan 16, 2023

Superseded by #264.

@dependabot dependabot bot closed this Jan 16, 2023
@dependabot dependabot bot deleted the dependabot/bundler/src/supermarket/engines/fieri/sqlite3-1.5.4 branch January 16, 2023 14:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants