Skip to content

Bump the bundler group across 1 directory with 9 updates #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the bundler group across 1 directory with 9 updates #4

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Mar 18, 2024

Bumps the bundler group with 8 updates in the / directory:

Package From To
carrierwave 2.2.2 2.2.5
devise_invitable 2.0.6 2.0.9
nokogiri 1.13.6 1.15.6
puma 5.6.4 5.6.8
sidekiq 6.4.2 6.5.10
sidekiq-unique-jobs 7.1.23 7.1.33
yard 0.9.27 0.9.36
sanitize 6.0.0 6.1.0

Updates carrierwave from 2.2.2 to 2.2.5

Release notes

Sourced from carrierwave's releases.

2.2.5

Security

2.2.4

Fixed

2.2.3

Fixed

Changelog

Sourced from carrierwave's changelog.

2.2.5 - 2023-11-29

Security

2.2.4 - 2023-06-10

Fixed

2.2.3 - 2022-11-21

Fixed

Commits
  • 0fcff94 Version 2.2.5
  • 39b282d Fix Content-Type allowlist bypass vulnerability
  • 2f91bee Version 2.2.4
  • 2f2d77a Merge pull request #2665 from SuperTux88/backport-kwargs-fix
  • 52237f4 fix: ruby 2.7 kwarg warning in uploader process
  • bdb0be0 File.exists? had been deprecated since Ruby 2.1 and has been deleted in Ruby 3.2
  • ed8c518 Forward to 1.x changelog for older changes
  • baf5df7 Version 2.2.3
  • 8c4c91f Make spec runnable
  • c74579d Workaround for 'undefined method closed?' error caused by ssrf_filter 1.1
  • Additional commits viewable in compare view

Updates devise_invitable from 2.0.6 to 2.0.9

Changelog

Sourced from devise_invitable's changelog.

2.0.9

  • Do not accept expired invitation on password reset (#897)

2.0.8

  • Fix for turbo stream

2.0.7

  • Allow customizing invalid_token_path_for, the path to redirect users who try to accept with invalid token
  • Don't override registrations controller in routes if module option is used
  • Fix typo in spanish translation, add Catalan translation (#857)
  • Fix for ruby 3.2.0
Commits

Updates nokogiri from 1.13.6 to 1.15.6

Release notes

Sourced from nokogiri's releases.

1.15.6 / 2024-03-16

Note

This security release is a backport to the unsupported v1.15.x branch. Current stable is v1.16.x, which addressed the referenced CVE in v1.16.2 on 2024-02-04.

Security

Dependencies

sha256 checksums:

d79f713dffff149d60ab272d206a3ca96db2b891ab6a9f65362bfb78aface37a  gems/nokogiri-1.15.6-aarch64-linux.gem
62b5b7b387ec6c61c1ea5f889b7bc579eedd37f265f7cc1dc392484938549f1a  gems/nokogiri-1.15.6-arm-linux.gem
ba93c63f5c03047778abf16c80676fe67e7eb7d871ab0aaa7e2c2dfe4ec20027  gems/nokogiri-1.15.6-arm64-darwin.gem
d24639a546ba58c86d18da1ed124eaecbd45c5ae4c4dec41751b730a2b732ac3  gems/nokogiri-1.15.6-java.gem
e36887d89ec1b080e4a01dd2ff52650003db01d2a5edf5e6ab19e4c0bdb1385f  gems/nokogiri-1.15.6-x64-mingw-ucrt.gem
852c59a398499c8fcb6478d76396dcd50afa8f8902563b76265cd7dc90a731a1  gems/nokogiri-1.15.6-x64-mingw32.gem
19e0a5fbfa4393353fbcf6801f8f62350b6e16f43c907680c5884896858a23a2  gems/nokogiri-1.15.6-x86-linux.gem
9d464bbbaad6721a5a73181165fda67573f64ef2803c3337f6f733603e9d309a  gems/nokogiri-1.15.6-x86-mingw32.gem
32d045cdb0ce097e4543a5e7a79efd13ff05d904e32f4328732149dbea3c7f15  gems/nokogiri-1.15.6-x86_64-darwin.gem
26a79da0377100d6938ae2f1b115230a8a4a4595e35b89164d8495af32091186  gems/nokogiri-1.15.6-x86_64-linux.gem
70ce799b4b3e23b358501f1da3914f70b1c7a113fb12e96a7d53558481146e08  gems/nokogiri-1.15.6.gem

1.15.5 / 2023-11-17

Dependencies

sha256 checksums:

6dfa1d9837ddb233e234d56e244560ab1bc545d3d1744478060e18691f44ded7  nokogiri-1.15.5-aarch64-linux.gem
e3ac6608c6e1714bc11ff04e29a43fedf4cac2aea1bd88256cc3b927c06f347f  nokogiri-1.15.5-arm-linux.gem
4d7b15d53c0397d131376a19875aa97dd1c8b404c2c03bd2171f9b77e9592d40  nokogiri-1.15.5-arm64-darwin.gem
5f87e71aaeb4f7479b94698737a0aacea77836b4805c7433b655e9565bd56cfe  nokogiri-1.15.5-java.gem
7612be800909ae51e0a7cfbe1f768757857a9ff0339686814ca67d9bae271ca2  nokogiri-1.15.5-x64-mingw-ucrt.gem
</tr></table>

... (truncated)

Changelog

Sourced from nokogiri's changelog.

1.15.6 / 2024-03-16

Security

Dependencies

1.15.5 / 2023-11-17

Dependencies

1.15.4 / 2023-08-11

Dependencies

Fixed

1.15.3 / 2023-07-05

Fixed

  • Passing an object that is not a kind of XML::Node as the first parameter to CDATA.new now raises a TypeError. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). #2920
  • Passing an object that is not a kind of XML::Node as the first parameter to Schema.from_document now raises a TypeError. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). #2920
  • [CRuby] Passing an object that is not a kind of XML::Node as the second parameter to Text.new now raises a TypeError. Previously this would result in a segfault. #2920
  • [CRuby] Replacing a node's children via methods like Node#inner_html=, #children=, and #replace no longer defensively dups the node's next sibling if it is a Text node. This behavior was originally adopted to work around libxml2's memory management (see #283 and #595) but should not have included operations involving xmlAddChild(). #2916
  • [JRuby] Fixed NPE when serializing an unparented HTML node. [Liquid Tag Render Refactor Tracker forem/forem#2559, #2895] (@​cbasguti)

1.15.2 / 2023-05-24

Dependencies

  • [JRuby] Vendored org.nokogiri:nekodtd is updated to v0.1.11.noko2. This is functionally equivalent to v0.1.11.noko1 but restores support for Java 8.

... (truncated)

Commits
  • 7ab6310 version bump to v1.15.6
  • f8156b4 dep: update libxml to 2.11.7 (branch 1.15.x) (#3154)
  • 9827619 ci: pin to a version of bundler that works across supported rubies
  • 83a2571 dep: bump libxml to v2.11.7
  • 5745d4b version bump to v1.15.5
  • da2d908 ci: add ruby version to vendored libs cache key (backport) (#3029)
  • 0f56450 ci: add ruby version to vendored libs cache key (#3028)
  • 32b2c35 dep: update libxml to 2.11.5 and libxslt to 1.1.39 (v1.15.x) (#3025)
  • b8f7e16 ci: skip the BSD builds for now
  • aa3208b dep: update libxml to 2.11.5 and libxslt to 1.1.39
  • Additional commits viewable in compare view

Updates puma from 5.6.4 to 5.6.8

Release notes

Sourced from puma's releases.

5.6.7

Security Address HTTP request smuggling vulnerabilities with zero-length Content Length header and trailer fields (GHSA-68xg-gqqm-vgj8)

5.6.5 / 2022-08-23

  • Bugfixes
    • NullIO#closed should return false (#2883)
    • Puma::ControlCLI - allow refork command to be sent as a request (#2868, #2866)
    • [jruby] Fix TLS verification hang (#2890, #2729)
    • extconf.rb - don't use pkg_config('openssl') if '--with-openssl-dir' is used (#2885, #2839)
    • MiniSSL - detect SSL_CTX_set_dh_auto (#2864, #2863)
    • Fix rack.after_reply exceptions breaking connections (#2861, #2856)
    • Escape SSL cert and filenames (#2855)
    • Fail hard if SSL certs or keys are invalid (#2848)
    • Fail hard if SSL certs or keys cannot be read by user (#2847)
    • Fix build with Opaque DH in LibreSSL 3.5. (#2838)
    • Pre-existing socket file removed when TERM is issued after USR2 (if puma is running in cluster mode) (#2817)
    • Fix Puma::StateFile#load incompatibility (#2810)
Changelog

Sourced from puma's changelog.

5.6.8 / 2024-01-08

  • Security
    • Limit the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. (GHSA-c2f4-cvqm-65w2)

5.6.7 / 2023-08-18

  • Security
    • Address HTTP request smuggling vulnerabilities with zero-length Content Length header and trailer fields (GHSA-68xg-gqqm-vgj8)

5.6.6 / 2023-06-21

  • Bugfix
    • Prevent loading with rack 3 (#3166)

5.6.5 / 2022-08-23

  • Feature

    • Puma::ControlCLI - allow refork command to be sent as a request (#2868, #2866)

  • Bugfixes

    • NullIO#closed should return false (#2883)
    • [jruby] Fix TLS verification hang (#2890, #2729)
    • extconf.rb - don't use pkg_config('openssl') if '--with-openssl-dir' is used (#2885, #2839)
    • MiniSSL - detect SSL_CTX_set_dh_auto (#2864, #2863)
    • Fix rack.after_reply exceptions breaking connections (#2861, #2856)
    • Escape SSL cert and filenames (#2855)
    • Fail hard if SSL certs or keys are invalid (#2848)
    • Fail hard if SSL certs or keys cannot be read by user (#2847)
    • Fix build with Opaque DH in LibreSSL 3.5. (#2838)
    • Pre-existing socket file removed when TERM is issued after USR2 (if puma is running in cluster mode) (#2817)
    • Fix Puma::StateFile#load incompatibility (#2810)
Commits

Updates sidekiq from 6.4.2 to 6.5.10

Changelog

Sourced from sidekiq's changelog.

Sidekiq Changes

Sidekiq Changes | Sidekiq Pro Changes | Sidekiq Enterprise Changes

HEAD

7.2.2

  • Add Process.warmup call in Ruby 3.3+
  • Batch jobs now skip transactional push #6160

7.2.1

  • Add Sidekiq::Work type which replaces the raw Hash as the third parameter in Sidekiq::WorkSet#each { |pid, tid, hash| ... } #6145
  • DEPRECATED: direct access to the attributes within the hash block parameter above. The Sidekiq::Work instance contains accessor methods to get at the same data, e.g.
work["queue"] # Old
work.queue # New

7.2.0

  • sidekiq_retries_exhausted can return :discard to avoid the deadset and all death handlers #6091
  • Metrics filtering by job class in Web UI #5974
  • Better readability and formatting for numbers within the Web UI #6080
  • Add explicit error if user code tries to nest test modes #6078
Sidekiq::Testing.inline! # global setting
Sidekiq::Testing.fake! do # override within block
  # ok
  Sidekiq::Testing.inline! do # can't override the override
    # not ok, nested
  end
end
  • SECURITY Forbid inline JavaScript execution in Web UI #6074
  • Adjust redis-client adapter to avoid method_missing #6083 This can result in app code breaking if your app's Redis API usage was depending on Sidekiq's adapter to correct invalid redis-client API usage.

... (truncated)

Commits

Updates sidekiq-unique-jobs from 7.1.23 to 7.1.33

Release notes

Sourced from sidekiq-unique-jobs's releases.

v7.1.33

What's Changed

  • NOTE: The RCE vulnerability was a false alarm; sidekiq-unique-jobs was not vulnerable to RCE. You can find additional information in the PR linked below.
  • fix: backport xss and rce fixes to v7.1 by @​mhenrixon in mhenrixon/sidekiq-unique-jobs#834

Full Changelog: mhenrixon/sidekiq-unique-jobs@v7.1.32...v7.1.33

v7.1.31

What's Changed

New Contributors

Full Changelog: mhenrixon/sidekiq-unique-jobs@v7.1.30...v7.1.31

v7.1.30

What's Changed

Full Changelog: mhenrixon/sidekiq-unique-jobs@v7.1.29...v7.1.30

v7.1.29

What's Changed

New Contributors

Full Changelog: mhenrixon/sidekiq-unique-jobs@v7.1.28...v7.1.29

v7.1.27

What's Changed

Full Changelog: mhenrixon/sidekiq-unique-jobs@v7.1.26...v7.1.27

v7.1.26

What's Changed

... (truncated)

Changelog

Sourced from sidekiq-unique-jobs's changelog.

v7.1.33 (2024-02-12)

Full Changelog

v8.0.9 (2024-02-12)

Full Changelog

Fixed bugs:

v8.0.8 (2024-02-12)

Full Changelog

Implemented enhancements:

  • fix: ensure a new lock isn't conflicting with itself #830 (mhenrixon)

Fixed bugs:

  • until_and_while_executing not entering perform method on initial run #824
  • fix(digest): write digest on middleware call #774 (mhenrixon)

Closed issues:

  • incompatibility with sidekiq-failures #790
  • Jobs queued during existing job inherit lock digest #766

v8.0.7 (2024-02-05)

Full Changelog

Implemented enhancements:

Fixed bugs:

Closed issues:

Merged pull requests:

... (truncated)

Commits
  • f613977 Bump sidekiq-unique-jobs to 7.1.33
  • cd09ba6 fix: backport xss and rce fixes to v7.1 (#834)
  • 81cc875 Bump sidekiq-unique-jobs to 7.1.32
  • 3e21885 fix: while_executing should not invoke conflict strategy when the job was s...
  • eec260f Bump sidekiq-unique-jobs to 7.1.31
  • 9682f16 chore(gem): bump version
  • 0d9a4ea Fix active worker detection by using correct keys (#756) (#799)
  • 0253377 Bump sidekiq-unique-jobs to 7.1.29
  • d0d73b4 Update changelog
  • 6f244a2 Fix instance level after_unlock callback (#737)
  • Additional commits viewable in compare view

Updates yard from 0.9.27 to 0.9.36

Release notes

Sourced from yard's releases.

Release v0.9.36

  • Further XSS fixes for generated frameset pages (#1538)
  • Improve tests for Ruby 3.3 compatibility (#1519, #1531)
  • Documentation improvements (#1524)

Release v0.9.35

  • Fix possible XSS on generated YARD frameset pages (thanks to @​RedYetiDev for finding and patching) (2069e2b).
  • Fix errors when using @option on non-method objects (#1508)
  • Support Ruby 3.3 changes in Ripper parser (#1510)

Release v0.9.34

  • Add changelog to yard.gemspec
  • Fix fork behavior in yard server --fork

Release v0.9.33

  • Ensure .yardopts is present in gem package (internal YARD documentation change)

Release v0.9.32

  • Fix issue with custom Rack::Request attributes in yard server

Release v0.9.31

  • Remove dependency on webrick in YARD::Server::Commands::StaticFileHelpers

Release v0.9.30

  • Hot release fix to correct issue with gem packaging missing templates (#1490)

Release v0.9.29

  • Enable table support for CommonMarker (#1443)
  • Parser performance improvements (#1452, #1453, #1454, #1455)
  • Fix autoload of RipperParser (#1460)
  • Remove dependency on webrick for better Ruby 3.1+ support
  • Improvements for mixin resolution (#1467, #1468)

Release v0.9.28

... (truncated)

Changelog

Sourced from yard's changelog.

0.9.36 - February 29th, 2024

  • Further XSS fixes for generated frameset pages (#1538)
  • Improve tests for Ruby 3.3 compatibility (#1519, #1531)
  • Documentation improvements (#1524)

0.9.35 - February 28th, 2024

  • Fix possible XSS on generated YARD frameset pages (thanks to @​RedYetiDev for finding and patching) (2069e2b).
  • Fix errors when using @option on non-method objects (#1508)
  • Support Ruby 3.3 changes in Ripper parser (#1510)

0.9.34 - April 12nd, 2023

  • Add changelog to yard.gemspec
  • Fix fork behavior in yard server --fork

0.9.33 - April 11st, 2023

  • Ensure .yardopts is present in gem package (internal YARD documentation change)

0.9.32 - April 9th, 2023

  • Fix issue with custom Rack::Request attributes in yard server

0.9.31 - April 9th, 2023

  • Remove dependency on webrick in YARD::Server::Commands::StaticFileHelpers

0.9.30 - April 9th, 2023

  • Hot release fix to correct issue with gem packaging missing templates (#1490)

0.9.29 - April 8th, 2023

... (truncated)

Commits

Updates rack from 2.2.3 to 2.2.8.1

Release notes

Sourced from rack's releases.

v2.2.8.1

What's Changed

Full Changelog: rack/rack@v2.2.8...v2.2.8.1

v2.2.8

What's Changed

New Contributors

Full Changelog: rack/rack@v2.2.7...v2.2.8

v2.2.7

What's Changed

New Contributors

Full Changelog: rack/rack@v2.2.6.4...v2.2.7

v2.2.6.4

No release notes provided.

Changelog

Sourced from rack's changelog.

Changelog

All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.

Unreleased

SPEC Changes

  • rack.input is now optional. (#1997, [@​ioquatix])
  • Rack::Utils.escape_html is now delegated to CGI.escapeHTML. ' is escaped to [#39](https://github.com/rack/rack/issues/39); instead of #x27;. (decimal vs hexadecimal) (#2099, @​JunichiIto)

Changed

  • rack.input is now optional, and if missing, will raise an error. Use this to fail on multipart parsing a request without an input body. (#2018, [@​ioquatix])
  • Introduce module Rack::BadRequest which is included in multipart and query parser errors. (#2019, [@​ioquatix])
  • MIME type for JavaScript files (.js) changed from application/javascript to text/javascript (1bd0f15)
  • Add .mjs MIME type (#2057, [@​axilleas])
  • Update MIME types associated to .ttf, .woff, .woff2 and .otf extensions to use mondern font/* types. (#2065, [@​davidstosik])
  • set_cookie_header utility now supports the partitioned cookie attribute. This is required by Chrome in some embedded contexts. (#2131, [@​flavio-b])
  • Remove non-standard status codes 306, 509, & 510 and update descriptions for 413, 422, & 451. (#2137, [@​wtn])
  • Add fallback lookup and deprecation warning for obsolete status symbols. (#2137, [@​wtn])
  • In Rack::Files, ignore the Range header if served file is 0 bytes. (#2159, [@​zarqman])

[3.0.9] - 2024-01-31

  • Fix incorrect content-length header that was emitted when Rack::Response#write was used in some situations. (#2150, [@​mattbrictson])

[3.0.8] - 2023-06-14

[3.0.7] - 2023-03-16

[3.0.6.1] - 2023-03-13

[3.0.6] - 2023-03-13

  • Add QueryParser#missing_value for handling missing values + tests. (#2052, [@​ioquatix])

[3.0.5] - 2023-03-13

[3.0.4.2] - 2023-03-02

  • [CVE-2023-27530] Introduce multipart_total_part_limit to limit total parts

... (truncated)

Commits

Updates sanitize from 6.0.0 to 6.1.0

Release notes

Sourced from sanitize's releases.

v6.1.0

Features

  • Added the text-decoration-skip-ink and text-decoration-thickness CSS properties to the relaxed config. [@​martineriksson - #228]228

v6.0.2

Bug Fixes

  • CVE-2023-36823: Fixed an HTML+CSS sanitization bypass that could allow XSS (cross-site scripting). This issue affects Sanitize versions 3.0.0 through 6.0.1.

    When using Sanitize's relaxed config or a custom config that allows <style> elements and one or more CSS at-rules, carefully crafted input could be used to sneak arbitrary HTML through Sanitize.

    See the following security advisory for additional details: GHSA-f5ww-cq3m-q3g7

    Thanks to @​cure53 for finding this issue.

v6.0.1

Bug Fixes

  • Sanitize now always removes <noscript> elements and their contents, even when noscript is in the allowlist.

    This fixes a sanitization bypass that could occur when noscript was allowed by a custom allowlist. In this scenario, carefully crafted input could sneak arbitrary HTML through Sanitize, potentially enabling an XSS (cross-site scripting) attack.

    Sanitize's default configs don't allow <noscript> elements and are not vulnerable. This issue only affects users who are using a custom config that adds noscript to the element allowlist.

    The root cause of this issue is that HTML parsing rules treat the contents of a <noscript> element differently depending on whether scripting is enabled in the user agent. Nokogiri doesn't support scripting so it follows the "scripting disabled" rules, but a web browser with scripting enabled will follow the "scripting enabled" rules. This means that Sanitize can't reliably make the contents of a <noscript> element safe for scripting enabled browsers, so the safest thing to do is to remove the element and its contents entirely.

    See the following security advisory for additional details: GHSA-fw3g-2h3j-qmm7

    Thanks to David Klein from TU Braunschweig (@​leeN) for reporting this issue.

  • Fixed an edge case in which the contents of an "unescaped text" element (such as <noembed> or <xmp>) were not properly escaped if that element was allowlisted and was also inside an allowlisted <math> or <svg> element.

    The only way to encounter this situation was to ignore multiple warnings in the readme and create a custom config that allowlisted all the elements involved, including <math> or <svg>. If you're using a default config or if you heeded the warnings about MathML and SVG not being supported, you're not affected by this issue.

    Please let this be a reminder that Sanitize cannot safely sanitize MathML or SVG content and does not support this use case. The default configs don't allow MathML or SVG elements, and allowlisting MathML or SVG elements in a custom config may create a security vulnerability in your application.

    Documentation has been updated to add more warnings and to make the existing warnings about this more prominent.

    Thanks to David Klein from TU Braunschweig (@​leeN) for reporting this issue.

Changelog

Sourced from sanitize's changelog.

6.1.0 (2023-09-14)

Features

  • Added the t...

    Description has been truncated

@dependabot
Bump the bundler group across 1 directory with 9 updates
00f94a6 
Bumps the bundler group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [carrierwave](https://github.com/carrierwaveuploader/carrierwave) | `2.2.2` | `2.2.5` |
| [devise_invitable](https://github.com/scambra/devise_invitable) | `2.0.6` | `2.0.9` |
| [nokogiri](https://github.com/sparklemotion/nokogiri) | `1.13.6` | `1.15.6` |
| [puma](https://github.com/puma/puma) | `5.6.4` | `5.6.8` |
| [sidekiq](https://github.com/sidekiq/sidekiq) | `6.4.2` | `6.5.10` |
| [sidekiq-unique-jobs](https://github.com/mhenrixon/sidekiq-unique-jobs) | `7.1.23` | `7.1.33` |
| [yard](https://github.com/lsegal/yard) | `0.9.27` | `0.9.36` |
| [sanitize](https://github.com/rgrove/sanitize) | `6.0.0` | `6.1.0` |


Updates `carrierwave` from 2.2.2 to 2.2.5
- [Release notes](https://github.com/carrierwaveuploader/carrierwave/releases)
- [Changelog](https://github.com/carrierwaveuploader/carrierwave/blob/v2.2.5/CHANGELOG.md)
- [Commits](carrierwaveuploader/carrierwave@v2.2.2...v2.2.5)

Updates `devise_invitable` from 2.0.6 to 2.0.9
- [Changelog](https://github.com/scambra/devise_invitable/blob/master/CHANGELOG.md)
- [Commits](scambra/devise_invitable@v2.0.6...v2.0.9)

Updates `nokogiri` from 1.13.6 to 1.15.6
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.13.6...v1.15.6)

Updates `puma` from 5.6.4 to 5.6.8
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](puma/puma@v5.6.4...v5.6.8)

Updates `sidekiq` from 6.4.2 to 6.5.10
- [Changelog](https://github.com/sidekiq/sidekiq/blob/main/Changes.md)
- [Commits](sidekiq/sidekiq@v6.4.2...v6.5.10)

Updates `sidekiq-unique-jobs` from 7.1.23 to 7.1.33
- [Release notes](https://github.com/mhenrixon/sidekiq-unique-jobs/releases)
- [Changelog](https://github.com/mhenrixon/sidekiq-unique-jobs/blob/main/CHANGELOG.md)
- [Commits](mhenrixon/sidekiq-unique-jobs@v7.1.23...v7.1.33)

Updates `yard` from 0.9.27 to 0.9.36
- [Release notes](https://github.com/lsegal/yard/releases)
- [Changelog](https://github.com/lsegal/yard/blob/main/CHANGELOG.md)
- [Commits](lsegal/yard@v0.9.27...v0.9.36)

Updates `rack` from 2.2.3 to 2.2.8.1
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](rack/rack@2.2.3...v2.2.8.1)

Updates `sanitize` from 6.0.0 to 6.1.0
- [Release notes](https://github.com/rgrove/sanitize/releases)
- [Changelog](https://github.com/rgrove/sanitize/blob/main/HISTORY.md)
- [Commits](rgrove/sanitize@v6.0.0...v6.1.0)

---
updated-dependencies:
- dependency-name: carrierwave
  dependency-type: direct:production
  dependency-group: bundler-security-group
- dependency-name: devise_invitable
  dependency-type: direct:production
  dependency-group: bundler-security-group
- dependency-name: nokogiri
  dependency-type: direct:production
  dependency-group: bundler-security-group
- dependency-name: puma
  dependency-type: direct:production
  dependency-group: bundler-security-group
- dependency-name: sidekiq
  dependency-type: direct:production
  dependency-group: bundler-security-group
- dependency-name: sidekiq-unique-jobs
  dependency-type: direct:production
  dependency-group: bundler-security-group
- dependency-name: yard
  dependency-type: direct:development
  dependency-group: bundler-security-group
- dependency-name: rack
  dependency-type: indirect
  dependency-group: bundler-security-group
- dependency-name: sanitize
  dependency-type: indirect
  dependency-group: bundler-security-group
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Mar 18, 2024
@dependabot dependabot bot mentioned this pull request Mar 18, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants