Skip to content

Bump the bundler group across 1 directories with 9 updates #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Bump the bundler group across 1 directories with 9 updates #2

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Mar 1, 2024

Bumps the bundler group with 8 updates in the / directory:

Package From To
carrierwave 2.2.2 2.2.5
devise_invitable 2.0.6 2.0.9
nokogiri 1.13.6 1.16.2
puma 5.6.4 5.6.8
sidekiq 6.4.2 6.5.10
sidekiq-unique-jobs 7.1.23 7.1.33
yard 0.9.27 0.9.36
sanitize 6.0.0 6.1.0

Updates carrierwave from 2.2.2 to 2.2.5

Release notes

Sourced from carrierwave's releases.

2.2.4

Fixed

2.2.3

Fixed

Changelog

Sourced from carrierwave's changelog.

2.2.5 - 2023-11-29

Security

2.2.4 - 2023-06-10

Fixed

2.2.3 - 2022-11-21

Fixed

Commits
  • 0fcff94 Version 2.2.5
  • 39b282d Fix Content-Type allowlist bypass vulnerability
  • 2f91bee Version 2.2.4
  • 2f2d77a Merge pull request #2665 from SuperTux88/backport-kwargs-fix
  • 52237f4 fix: ruby 2.7 kwarg warning in uploader process
  • bdb0be0 File.exists? had been deprecated since Ruby 2.1 and has been deleted in Ruby 3.2
  • ed8c518 Forward to 1.x changelog for older changes
  • baf5df7 Version 2.2.3
  • 8c4c91f Make spec runnable
  • c74579d Workaround for 'undefined method closed?' error caused by ssrf_filter 1.1
  • Additional commits viewable in compare view

Updates devise_invitable from 2.0.6 to 2.0.9

Changelog

Sourced from devise_invitable's changelog.

2.0.9

  • Do not accept expired invitation on password reset (#897)

2.0.8

  • Fix for turbo stream

2.0.7

  • Allow customizing invalid_token_path_for, the path to redirect users who try to accept with invalid token
  • Don't override registrations controller in routes if module option is used
  • Fix typo in spanish translation, add Catalan translation (#857)
  • Fix for ruby 3.2.0
Commits

Updates nokogiri from 1.13.6 to 1.16.2

Release notes

Sourced from nokogiri's releases.

v1.16.2 / 2024-02-04

Security

Dependencies

sha256 checksums:

69ba15d2a2498324489ed63850997f0b8f684260114ea81116d3082f16551d2d  nokogiri-1.16.2-aarch64-linux.gem
6a05ce42e3587a40cf8936ece0beaa5d32922254215d2e8cf9ad40588bb42e57  nokogiri-1.16.2-arm-linux.gem
c957226c8e36b31be6a3afb8602e2128282bf8b40ea51016c4cd21aa2608d3f8  nokogiri-1.16.2-arm64-darwin.gem
122652bfc338cd8a54a692ac035e245e41fd3b8283299202ca26e7a7d50db310  nokogiri-1.16.2-java.gem
7344b5072ca69fc5bedb61cb01a3b765b93a27aae5a2a845c2ba7200e4345074  nokogiri-1.16.2-x64-mingw-ucrt.gem
a2a5e184a424111a0d5b77947986484920ad708009c667f061e8d02035c562dd  nokogiri-1.16.2-x64-mingw32.gem
833efddeb51a6c2c9f6356295623c2b2e0d50050d468695c59bd929162953323  nokogiri-1.16.2-x86-linux.gem
e67fc0418dffaff9dc8b1dc65f0605282c3fee9488832d0223b620b4319e0b53  nokogiri-1.16.2-x86-mingw32.gem
5def799e5f139f21a79d7cf71172313a7b6fb0e4b2a31ab9bd5d4ad305994539  nokogiri-1.16.2-x86_64-darwin.gem
5b146240ac6ec6c40fd4367623e74442bca45a542bd3282b1d4d18b07b8e5dfe  nokogiri-1.16.2-x86_64-linux.gem
68922ee5cde27497d995c46f2821957bae961947644eed2822d173daf7567f9c  nokogiri-1.16.2.gem

v1.16.1 / 2024-02-03

Dependencies

Fixed

sha256 checksums:

a541f35e5b9798a0c97300f9ee18f4217da2a2945a6d5499e4123b9018f9cafc  nokogiri-1.16.1-aarch64-linux.gem
6b82affd195000ab2f9c36cc08744ec2d2fcf6d8da88d59a2db67e83211f7c69  nokogiri-1.16.1-arm-linux.gem
</tr></table>

... (truncated)

Changelog

Sourced from nokogiri's changelog.

v1.16.2 / 2024-02-04

Security

Dependencies

v1.16.1 / 2024-02-03

Dependencies

Fixed

v1.16.0 / 2023-12-27

Notable Changes

Ruby

This release introduces native gem support for Ruby 3.3.

This release ends support for Ruby 2.7, for which upstream support ended 2023-03-31.

Pattern matching

This version marks official support for the pattern matching API in XML::Attr, XML::Document, XML::DocumentFragment, XML::Namespace, XML::Node, and XML::NodeSet (and their subclasses), originally introduced as an experimental feature in v1.14.0. (@​flavorjones)

Documentation on what can be matched:

... (truncated)

Commits
  • 673756f version bump to v1.16.2
  • 74ffd67 dep: update libxml to 2.12.5 (branch v1.16.x) (#3122)
  • 0d4018d dep: update libxml2 to v2.12.5
  • f33a25f dep: remove patch from #3112 which has been released upstream
  • e994168 version bump to v1.16.1
  • 77ea2f2 dev: add files to manifest ignore list
  • 756f27c build(deps): bump actions/{download,upload}-artifact from 3 to 4
  • 464f8d4 .gitignore: clangd-related files
  • 2beeb96 doc: update CHANGELOG
  • a26536d fix: apply upstream patch for in-context parsing (#3116)
  • Additional commits viewable in compare view

Updates puma from 5.6.4 to 5.6.8

Release notes

Sourced from puma's releases.

5.6.7

Security Address HTTP request smuggling vulnerabilities with zero-length Content Length header and trailer fields (GHSA-68xg-gqqm-vgj8)

5.6.5 / 2022-08-23

  • Bugfixes
    • NullIO#closed should return false (#2883)
    • Puma::ControlCLI - allow refork command to be sent as a request (#2868, #2866)
    • [jruby] Fix TLS verification hang (#2890, #2729)
    • extconf.rb - don't use pkg_config('openssl') if '--with-openssl-dir' is used (#2885, #2839)
    • MiniSSL - detect SSL_CTX_set_dh_auto (#2864, #2863)
    • Fix rack.after_reply exceptions breaking connections (#2861, #2856)
    • Escape SSL cert and filenames (#2855)
    • Fail hard if SSL certs or keys are invalid (#2848)
    • Fail hard if SSL certs or keys cannot be read by user (#2847)
    • Fix build with Opaque DH in LibreSSL 3.5. (#2838)
    • Pre-existing socket file removed when TERM is issued after USR2 (if puma is running in cluster mode) (#2817)
    • Fix Puma::StateFile#load incompatibility (#2810)
Changelog

Sourced from puma's changelog.

5.6.8 / 2024-01-08

  • Security
    • Limit the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. (GHSA-c2f4-cvqm-65w2)

5.6.7 / 2023-08-18

  • Security
    • Address HTTP request smuggling vulnerabilities with zero-length Content Length header and trailer fields (GHSA-68xg-gqqm-vgj8)

5.6.6 / 2023-06-21

  • Bugfix
    • Prevent loading with rack 3 (#3166)

5.6.5 / 2022-08-23

  • Feature

    • Puma::ControlCLI - allow refork command to be sent as a request (#2868, #2866)

  • Bugfixes

    • NullIO#closed should return false (#2883)
    • [jruby] Fix TLS verification hang (#2890, #2729)
    • extconf.rb - don't use pkg_config('openssl') if '--with-openssl-dir' is used (#2885, #2839)
    • MiniSSL - detect SSL_CTX_set_dh_auto (#2864, #2863)
    • Fix rack.after_reply exceptions breaking connections (#2861, #2856)
    • Escape SSL cert and filenames (#2855)
    • Fail hard if SSL certs or keys are invalid (#2848)
    • Fail hard if SSL certs or keys cannot be read by user (#2847)
    • Fix build with Opaque DH in LibreSSL 3.5. (#2838)
    • Pre-existing socket file removed when TERM is issued after USR2 (if puma is running in cluster mode) (#2817)
    • Fix Puma::StateFile#load incompatibility (#2810)
Commits

Updates sidekiq from 6.4.2 to 6.5.10

Changelog

Sourced from sidekiq's changelog.

Sidekiq Changes

Sidekiq Changes | Sidekiq Pro Changes | Sidekiq Enterprise Changes

7.2.2

  • Add Process.warmup call in Ruby 3.3+
  • Batch jobs now skip transactional push #6160

7.2.1

  • Add Sidekiq::Work type which replaces the raw Hash as the third parameter in Sidekiq::WorkSet#each { |pid, tid, hash| ... } #6145
  • DEPRECATED: direct access to the attributes within the hash block parameter above. The Sidekiq::Work instance contains accessor methods to get at the same data, e.g.
work["queue"] # Old
work.queue # New

7.2.0

  • sidekiq_retries_exhausted can return :discard to avoid the deadset and all death handlers #6091
  • Metrics filtering by job class in Web UI #5974
  • Better readability and formatting for numbers within the Web UI #6080
  • Add explicit error if user code tries to nest test modes #6078
Sidekiq::Testing.inline! # global setting
Sidekiq::Testing.fake! do # override within block
  # ok
  Sidekiq::Testing.inline! do # can't override the override
    # not ok, nested
  end
end
  • SECURITY Forbid inline JavaScript execution in Web UI #6074
  • Adjust redis-client adapter to avoid method_missing #6083 This can result in app code breaking if your app's Redis API usage was depending on Sidekiq's adapter to correct invalid redis-client API usage. One example:
# bad, not redis-client native
# Unsupported command argument type: TrueClass (TypeError)
Sidekiq.redis { |c| c.set("key", "value", nx: true, ex: 15) }
# good
</tr></table>

... (truncated)

Commits

Updates sidekiq-unique-jobs from 7.1.23 to 7.1.33

Release notes

Sourced from sidekiq-unique-jobs's releases.

v7.1.33

What's Changed

  • NOTE: The RCE vulnerability was a false alarm; sidekiq-unique-jobs was not vulnerable to RCE. You can find additional information in the PR linked below.
  • fix: backport xss and rce fixes to v7.1 by @​mhenrixon in mhenrixon/sidekiq-unique-jobs#834

Full Changelog: mhenrixon/sidekiq-unique-jobs@v7.1.32...v7.1.33

v7.1.31

What's Changed

New Contributors

Full Changelog: mhenrixon/sidekiq-unique-jobs@v7.1.30...v7.1.31

v7.1.30

What's Changed

Full Changelog: mhenrixon/sidekiq-unique-jobs@v7.1.29...v7.1.30

v7.1.29

What's Changed

New Contributors

Full Changelog: mhenrixon/sidekiq-unique-jobs@v7.1.28...v7.1.29

v7.1.27

What's Changed

Full Changelog: mhenrixon/sidekiq-unique-jobs@v7.1.26...v7.1.27

v7.1.26

What's Changed

... (truncated)

Changelog

Sourced from sidekiq-unique-jobs's changelog.

v7.1.33 (2024-02-12)

Full Changelog

v8.0.9 (2024-02-12)

Full Changelog

Fixed bugs:

v8.0.8 (2024-02-12)

Full Changelog

Implemented enhancements:

  • fix: ensure a new lock isn't conflicting with itself #830 (mhenrixon)

Fixed bugs:

  • until_and_while_executing not entering perform method on initial run #824
  • fix(digest): write digest on middleware call #774 (mhenrixon)

Closed issues:

  • incompatibility with sidekiq-failures #790
  • Jobs queued during existing job inherit lock digest #766

v8.0.7 (2024-02-05)

Full Changelog

Implemented enhancements:

Fixed bugs:

Closed issues:

Merged pull requests:

... (truncated)

Commits
  • f613977 Bump sidekiq-unique-jobs to 7.1.33
  • cd09ba6 fix: backport xss and rce fixes to v7.1 (#834)
  • 81cc875 Bump sidekiq-unique-jobs to 7.1.32
  • 3e21885 fix: while_executing should not invoke conflict strategy when the job was s...
  • eec260f Bump sidekiq-unique-jobs to 7.1.31
  • 9682f16 chore(gem): bump version
  • 0d9a4ea Fix active worker detection by using correct keys (#756) (#799)
  • 0253377 Bump sidekiq-unique-jobs to 7.1.29
  • d0d73b4 Update changelog
  • 6f244a2 Fix instance level after_unlock callback (#737)
  • Additional commits viewable in compare view

Updates yard from 0.9.27 to 0.9.36

Release notes

Sourced from yard's releases.

Release v0.9.36

  • Further XSS fixes for generated frameset pages (#1538)
  • Improve tests for Ruby 3.3 compatibility (#1519, #1531)
  • Documentation improvements (#1524)

Release v0.9.35

  • Fix possible XSS on generated YARD frameset pages (thanks to @​RedYetiDev for finding and patching) (2069e2b).
  • Fix errors when using @option on non-method objects (#1508)
  • Support Ruby 3.3 changes in Ripper parser (#1510)

Release v0.9.34

  • Add changelog to yard.gemspec
  • Fix fork behavior in yard server --fork

Release v0.9.33

  • Ensure .yardopts is present in gem package (internal YARD documentation change)

Release v0.9.32

  • Fix issue with custom Rack::Request attributes in yard server

Release v0.9.31

  • Remove dependency on webrick in YARD::Server::Commands::StaticFileHelpers

Release v0.9.30

  • Hot release fix to correct issue with gem packaging missing templates (#1490)

Release v0.9.29

  • Enable table support for CommonMarker (#1443)
  • Parser performance improvements (#1452, #1453, #1454, #1455)
  • Fix autoload of RipperParser (#1460)
  • Remove dependency on webrick for better Ruby 3.1+ support
  • Improvements for mixin resolution (#1467, #1468)

Release v0.9.28

... (truncated)

Changelog

Sourced from yard's changelog.

0.9.36 - February 29th, 2024

  • Further XSS fixes for generated frameset pages (#1538)
  • Improve tests for Ruby 3.3 compatibility (#1519, #1531)
  • Documentation improvements (#1524)

0.9.35 - February 28th, 2024

  • Fix possible XSS on generated YARD frameset pages (thanks to @​RedYetiDev for finding and patching) (2069e2b).
  • Fix errors when using @option on non-method objects (#1508)
  • Support Ruby 3.3 changes in Ripper parser (#1510)

0.9.34 - April 12nd, 2023

  • Add changelog to yard.gemspec
  • Fix fork behavior in yard server --fork

0.9.33 - April 11st, 2023

  • Ensure .yardopts is present in gem package (internal YARD documentation change)

0.9.32 - April 9th, 2023

  • Fix issue with custom Rack::Request attributes in yard server

0.9.31 - April 9th, 2023

  • Remove dependency on webrick in YARD::Server::Commands::StaticFileHelpers

0.9.30 - April 9th, 2023

  • Hot release fix to correct issue with gem packaging missing templates (#1490)

0.9.29 - April 8th, 2023

... (truncated)

Commits

Updates rack from 2.2.3 to 2.2.8.1

Release notes

Sourced from rack's releases.

v2.2.8

What's Changed

New Contributors

Full Changelog: rack/rack@v2.2.7...v2.2.8

v2.2.7

What's Changed

New Contributors

Full Changelog: rack/rack@v2.2.6.4...v2.2.7

v2.2.6.4

No release notes provided.

Changelog

Sourced from rack's changelog.

Changelog

All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.

Unreleased

SPEC Changes

  • rack.input is now optional. (#1997, [@​ioquatix])
  • Rack::Utils.escape_html is now delegated to CGI.escapeHTML. ' is escaped to [#39](https://github.com/rack/rack/issues/39); instead of #x27;. (decimal vs hexadecimal) (#2099, @​JunichiIto)

Changed

  • rack.input is now optional, and if missing, will raise an error. Use this to fail on multipart parsing a request without an input body. (#2018, [@​ioquatix])
  • Introduce module Rack::BadRequest which is included in multipart and query parser errors. (#2019, [@​ioquatix])
  • MIME type for JavaScript files (.js) changed from application/javascript to text/javascript (1bd0f15)
  • Add .mjs MIME type (#2057, [@​axilleas])
  • Update MIME types associated to .ttf, .woff, .woff2 and .otf extensions to use mondern font/* types. (#2065, [@​davidstosik])
  • set_cookie_header utility now supports the partitioned cookie attribute. This is required by Chrome in some embedded contexts. (#2131, [@​flavio-b])
  • Remove non-standard status codes 306, 509, & 510 and update descriptions for 413, 422, & 451. (#2137, [@​wtn])
  • Add fallback lookup and deprecation warning for obsolete status symbols. (#2137, [@​wtn])
  • In Rack::Files, ignore the Range header if served file is 0 bytes. (#2159, [@​zarqman])

[3.0.9] - 2024-01-31

  • Fix incorrect content-length header that was emitted when Rack::Response#write was used in some situations. (#2150, [@​mattbrictson])

[3.0.8] - 2023-06-14

[3.0.7] - 2023-03-16

[3.0.6.1] - 2023-03-13

[3.0.6] - 2023-03-13

  • Add QueryParser#missing_value for handling missing values + tests. (#2052, [@​ioquatix])

[3.0.5] - 2023-03-13

[3.0.4.2] - 2023-03-02

  • [CVE-2023-27530] Introduce multipart_total_part_limit to limit total parts

... (truncated)

Commits

Updates sanitize from 6.0.0 to 6.1.0

Release notes

Sourced from sanitize's releases.

v6.1.0

Features

  • Added the text-decoration-skip-ink and text-decoration-thickness CSS properties to the relaxed config. [@​martineriksson - #228]228

v6.0.2

Bug Fixes

  • CVE-2023-36823: Fixed an HTML+CSS sanitization bypass that could allow XSS (cross-site scripting). This issue affects Sanitize versions 3.0.0 through 6.0.1.

    When using Sanitize's relaxed config or a custom config that allows <style> elements and one or more CSS at-rules, carefully crafted input could be used to sneak arbitrary HTML through Sanitize.

    See the following security advisory for additional details: GHSA-f5ww-cq3m-q3g7

    Thanks to @​cure53 for finding this issue.

v6.0.1

Bug Fixes

  • Sanitize now always removes <noscript> elements and their contents, even when noscript is in the allowlist.

    This fixes a sanitization bypass that could occur when noscript was allowed by a custom allowlist. In this scenario, carefully crafted input could sneak arbitrary HTML through Sanitize, potentially enabling an XSS (cross-site scripting) attack.

    Sanitize's default configs don't allow <noscript> elements and are not vulnerable. This issue only affects users who are using a custom config that adds noscript to the element allowlist.

    The root cause of this issue is that HTML parsing rules treat the contents of a <noscript> element differently depending on whether scripting is enabled in the user agent. Nokogiri doesn't support scripting so it follows the "scripting disabled" rules, but a web browser with scripting enabled will follow the "scripting enabled" rules. This means that Sanitize can't reliably make the contents of a <noscript> element safe for scripting enabled browsers, so the safest thing to do is to remove the element and its contents entirely.

    See the following security advisory for additional details: GHSA-fw3g-2h3j-qmm7

    Thanks to David Klein from TU Braunschweig (@​leeN) for reporting this issue.

  • Fixed an edge case in which the contents of an "unescaped text" element (such as <noembed> or <xmp>) were not properly escaped if that element was allowlisted and was also inside an allowlisted <math> or <svg> element.

    The only way to encounter this situation was to ignore multiple warnings in the readme and create a custom config that allowlisted all the elements involved, including <math> or <svg>. If you're using a default config or if you heeded the warnings about MathML and SVG not being supported, you're not affected by this issue.

    Please let this be a reminder that Sanitize cannot safely sanitize MathML or SVG content and does not support this use case. The default configs don't allow MathML or SVG elements, and allowlisting MathML or SVG elements in a custom config may create a security vulnerability in your application.

    Documentation has been updated to add more warnings and to make the existing warnings about this more prominent.

    Thanks to David Klein from TU Braunschweig (@​leeN) for reporting this issue.

Changelog

Sourced from sanitize's changelog.

6.1.0 (2023-09-14)

Features

  • Added the text-decoration-skip-ink and text-decoration-thickness CSS properties to the relaxed config. [@​martineriksson - #228]228

6.0.2 (2023-07-06)

Bug Fixes

  • CVE-2023-36823: Fixed an HTML+CSS sanitization bypass that could allow XSS (cross-site scripting). This issue affects Sanitize versions 3.0.0 through 6.0.1.

    When using Sanitize's relaxed config or a cust...

    Description has been truncated

@dependabot
Bump the bundler group across 1 directories with 9 updates
efda15d 
Bumps the bundler group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [carrierwave](https://github.com/carrierwaveuploader/carrierwave) | `2.2.2` | `2.2.5` |
| [devise_invitable](https://github.com/scambra/devise_invitable) | `2.0.6` | `2.0.9` |
| [nokogiri](https://github.com/sparklemotion/nokogiri) | `1.13.6` | `1.16.2` |
| [puma](https://github.com/puma/puma) | `5.6.4` | `5.6.8` |
| [sidekiq](https://github.com/sidekiq/sidekiq) | `6.4.2` | `6.5.10` |
| [sidekiq-unique-jobs](https://github.com/mhenrixon/sidekiq-unique-jobs) | `7.1.23` | `7.1.33` |
| [yard](https://github.com/lsegal/yard) | `0.9.27` | `0.9.36` |
| [sanitize](https://github.com/rgrove/sanitize) | `6.0.0` | `6.1.0` |


Updates `carrierwave` from 2.2.2 to 2.2.5
- [Release notes](https://github.com/carrierwaveuploader/carrierwave/releases)
- [Changelog](https://github.com/carrierwaveuploader/carrierwave/blob/v2.2.5/CHANGELOG.md)
- [Commits](carrierwaveuploader/carrierwave@v2.2.2...v2.2.5)

Updates `devise_invitable` from 2.0.6 to 2.0.9
- [Changelog](https://github.com/scambra/devise_invitable/blob/master/CHANGELOG.md)
- [Commits](scambra/devise_invitable@v2.0.6...v2.0.9)

Updates `nokogiri` from 1.13.6 to 1.16.2
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.13.6...v1.16.2)

Updates `puma` from 5.6.4 to 5.6.8
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](puma/puma@v5.6.4...v5.6.8)

Updates `sidekiq` from 6.4.2 to 6.5.10
- [Changelog](https://github.com/sidekiq/sidekiq/blob/main/Changes.md)
- [Commits](sidekiq/sidekiq@v6.4.2...v6.5.10)

Updates `sidekiq-unique-jobs` from 7.1.23 to 7.1.33
- [Release notes](https://github.com/mhenrixon/sidekiq-unique-jobs/releases)
- [Changelog](https://github.com/mhenrixon/sidekiq-unique-jobs/blob/main/CHANGELOG.md)
- [Commits](mhenrixon/sidekiq-unique-jobs@v7.1.23...v7.1.33)

Updates `yard` from 0.9.27 to 0.9.36
- [Release notes](https://github.com/lsegal/yard/releases)
- [Changelog](https://github.com/lsegal/yard/blob/main/CHANGELOG.md)
- [Commits](lsegal/yard@v0.9.27...v0.9.36)

Updates `rack` from 2.2.3 to 2.2.8.1
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](rack/rack@2.2.3...v2.2.8.1)

Updates `sanitize` from 6.0.0 to 6.1.0
- [Release notes](https://github.com/rgrove/sanitize/releases)
- [Changelog](https://github.com/rgrove/sanitize/blob/main/HISTORY.md)
- [Commits](rgrove/sanitize@v6.0.0...v6.1.0)

---
updated-dependencies:
- dependency-name: carrierwave
  dependency-type: direct:production
  dependency-group: bundler-security-group
- dependency-name: devise_invitable
  dependency-type: direct:production
  dependency-group: bundler-security-group
- dependency-name: nokogiri
  dependency-type: direct:production
  dependency-group: bundler-security-group
- dependency-name: puma
  dependency-type: direct:production
  dependency-group: bundler-security-group
- dependency-name: sidekiq
  dependency-type: direct:production
  dependency-group: bundler-security-group
- dependency-name: sidekiq-unique-jobs
  dependency-type: direct:production
  dependency-group: bundler-security-group
- dependency-name: yard
  dependency-type: direct:development
  dependency-group: bundler-security-group
- dependency-name: rack
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: sanitize
  dependency-type: indirect
  dependency-group: bundler-security-group
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Mar 1, 2024
@dependabot Dependabot
Copy link
Author

dependabot bot commented on behalf of github Mar 18, 2024

Superseded by #4.

@dependabot dependabot bot closed this Mar 18, 2024
@dependabot dependabot bot deleted the dependabot/bundler/bundler-security-group-9252b969f1 branch March 18, 2024 23:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants