🚨 [security] Update all of rails 7.2.2 → 7.2.2.1 (minor)

[depfu]

---

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

---

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ actionmailer (7.2.2 → 7.2.2.1) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

✳️ railties (7.2.2 → 7.2.2.1) · Repo · Changelog

Release Notes

7.2.2.1 (from changelog)

• No changes.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

✳️ rdoc (6.7.0 → 6.8.1) · Repo · Changelog

Release Notes

6.8.1

What's Changed

🐛 Bug Fixes

• Added missing _sidebar_toggle.rhtml by @ishe-ua in #1211

New Contributors

• @ishe-ua made their first contribution in #1211

Full Changelog: v6.8.0...v6.8.1

6.8.0

What's Changed

✨ Enhancements

• Require space between hash/content in ATX heading by @skipkayhil in #1140
• Add new ruby parser that uses Prism by @tompng in #1144
• Add support for mobile screen sizes on Darkfish by @MatheusRich in #1025
• Modernize RDoc Darkfish template CSS by @st0012 in #1157
• Use pointer cursor for navigation toggle by @omegahm in #1175
• Add home page link to output message by @st0012 in #1165
• Improve method source toggling by @st0012 in #1176
• Make methods and attributes linkable by @st0012 in #1189
• Add support for meta tags by @vinistock in #1091
• Add scroll-margin-top on all :target elements by @omegahm in #1174
• Use scroll-margin-top on anchor targets by @st0012 in #1190
• feature: Render mixed-in methods and constants with --embed-mixins by @flavorjones in #842
• Red-based darkfish color scheme by @st0012 in #1191
• Use thicker fonts with high contrast to improve readability by @st0012 in #1197
• Display class ancestors in the sidebar by @alexisbernard in #1183
• Split list of class and instance methods in two by @alexisbernard in #1206

🐛 Bug Fixes

• Abort with error message if --dump argument invalid by @adam12 in #1104
• Fix darkfish responsiveness issue on screens between 1024px and ~1650px by @st0012 in #1148
• Fix sidebar scroll and footer display by @st0012 in #1152
• Fix sidebar scroll again and add missing footer back by @st0012 in #1154
• Make summary triangle appear in correct place when summary text overflows to next line by @paracycle in #1160
• Make darkfish more responsive and readable on mobile devices by @st0012 in #1162
• Only let browser search through source code until it's expanded by @Earlopain in #1181
• Fix ToRdoc#accept_table by @tompng in #1184
• Extract excerpt from RDoc::Markup::Document (raw pages) correctly by @st0012 in #1200

📚 Documentation

• [DOC] New file RI.md by @BurdetteLamar in #1100
• [DOC] Mods about markup formats by @BurdetteLamar in #1143
• [doc] Mention .document file in README by @okuramasafumi in #1153
• [DOC] Fix links by @BurdetteLamar in #1169
• Improve RDoc pages heading levels order by @antoinem in #1185
• Mention community-maintained themes by @st0012 in #1198

🛠 Other Changes

• Bump ruby/setup-ruby from 1.176.0 to 1.177.1 by @dependabot in #1112
• Bump ruby/setup-ruby from 1.177.1 to 1.179.0 by @dependabot in #1116
• Bump ruby/setup-ruby from 1.179.0 to 1.179.1 by @dependabot in #1120
• Bump ruby/setup-ruby from 1.179.1 to 1.180.0 by @dependabot in #1121
• Add ruby-core CI suite by @st0012 in #1115
• Bump ruby/setup-ruby from 1.152.0 to 1.180.1 by @dependabot in #1124
• Fix some typos by @ydah in #1129
• Bump ruby/setup-ruby from 1.180.1 to 1.183.0 by @dependabot in #1131
• Group code object files into the same directory by @st0012 in #1114
• chore(bin): Add bin/console for better DX by @okuramasafumi in #1132
• Drop reimplementation of Ripper lex state by @nevans in #1118
• Bump ruby/setup-ruby from 1.183.0 to 1.185.0 by @dependabot in #1136
• RDoc task should include top-level .md files too by @st0012 in #1134
• Bump ruby/setup-ruby from 1.185.0 to 1.187.0 by @dependabot in #1142
• Improve rubocop setup by @st0012 in #1139
• Drop unnecessary file_name parameter from Parser.for method. by @st0012 in #1135
• Follow up changes for Prism Ruby parser by @st0012 in #1145
• Fix flaky test: prevent regexp match to tempdir path by @tompng in #1147
• Use ascii chatacter in HTML file to fix ruby ci failure by @tompng in #1150
• Avoid potentially loading the same extension from different versions of the same gem by @deivid-rodriguez in #1155
• Align behaviour between bundle exec rdoc and rake rdoc by @st0012 in #1156
• Tunes up .document by @BurdetteLamar in #1161
• rake install command is failed by @mterada1228 in #1170
• Add more space after magnifying glass by @omegahm in #1173
• Fix ruby-core test suite by @st0012 in #1187
• Use normal font-weight for links by @sambostock in #1188
• Add release.yml by @st0012 in #1193
• Hack for Safari 18 by @nobu in #1195

New Contributors

• @st0012 made their first contribution in #1115
• @ydah made their first contribution in #1129
• @MatheusRich made their first contribution in #1025
• @paracycle made their first contribution in #1160
• @mterada1228 made their first contribution in #1170
• @omegahm made their first contribution in #1173
• @Earlopain made their first contribution in #1181
• @sambostock made their first contribution in #1188
• @antoinem made their first contribution in #1185
• @alexisbernard made their first contribution in #1183

Full Changelog: v6.7.0...v6.8.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ actionpack (indirect, 7.2.2 → 7.2.2.1) · Repo · Changelog

Security Advisories 🚨

🚨 Possible Content Security Policy bypass in Action Dispatch

There is a possible Cross Site Scripting (XSS) vulnerability in the content_security_policy helper in Action Pack.

Impact

Applications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP. This could lead to a bypass of the CSP and its protection against XSS and other attacks.

Releases

The fixed releases are available at the normal locations.

Workarounds

Applications can avoid setting CSP headers dynamically from untrusted input, or can validate/sanitize that input.

Credits

Thanks to ryotak for the report!

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ actionview (indirect, 7.2.2 → 7.2.2.1) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ activejob (indirect, 7.2.2 → 7.2.2.1) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ activesupport (indirect, 7.2.2 → 7.2.2.1) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ date (indirect, 3.4.0 → 3.4.1) · Repo

Release Notes

3.4.1

What's Changed

• Fix incorrect argc2 decrement in datetime_s_iso8601 function by @pelbyl in #105
• Trivial changes by @nobu in #107
• Bump step-security/harden-runner from 2.10.1 to 2.10.2 by @dependabot in #109
• Bump rubygems/release-gem from 612653d273a73bdae1df8453e090060bb4db5f31 to 9e85cb11501bebc2ae661c1500176316d3987059 by @dependabot in #108
• [DOC] Empty the false document by @nobu in #110
• Suppress warnings by @nobu in #111

New Contributors

• @pelbyl made their first contribution in #105

Full Changelog: v3.4.0...v3.4.1

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ io-console (indirect, 0.7.2 → 0.8.0) · Repo

Release Notes

0.8.0

What's Changed

• Move omits by @nobu in #68
• Load the built extension library in noctty tests by @nobu in #69
• Show the correct exception when the stty backend cannot be required by @eregon in #70
• Skip building extension on WASI by @kateinoigakukun in #71
• Update gperf by @nobu in #73
• Declare as Ractor-safe by @nobu in #74
• Make IO.console Ractor-safe by @nobu in #75
• Support older versions of ruby by @nobu in #77
• Bump step-security/harden-runner from 2.10.1 to 2.10.2 by @dependabot in #78
• Bump rubygems/release-gem from 612653d273a73bdae1df8453e090060bb4db5f31 to 9e85cb11501bebc2ae661c1500176316d3987059 by @dependabot in #79
• Read errno before calling rb_io_path() by @XrXr in #80
• Check if rb_syserr_fail_str is available by @nobu in #81
• Freeze the version string by @nobu in #82
• Add IO#ttyname that returns the tty name or nil by @nobu in #76

New Contributors

• @kateinoigakukun made their first contribution in #71
• @XrXr made their first contribution in #80

Full Changelog: v0.7.2...v0.8.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ logger (indirect, 1.6.1 → 1.6.2) · Repo

Sorry, we couldn't find anything useful about this release.

↗️ minitest (indirect, 5.25.1 → 5.25.4) · Repo · Changelog

Release Notes

5.25.4 (from changelog)

• 1 bug fix:

  • Fix for must_verify definition if only requiring minitest/mock (but why?).

5.25.3 (from changelog)

• 5 bug fixes:

  • Fixed assert_mock to fail instead of raise on unmet mock expectations.

  • Fixed assert_mock to take an optional message argument.

  • Fixed formatting of unmet mock expectation messages.

  • Fixed missing must_verify expectation to match assert_mock.

  • minitest/pride: Fixed to use true colors with *-direct terminals (bk2204)

5.25.2 (from changelog)

• 4 bug fixes:

  • Include class name in spec name. (thomasmarshall)

  • Fixed ‘redefining object_id’ warning from ruby 3.4. (mattbrictson)

  • Minitest top-level namespace no longer includes entire contents of README.rdoc. Too much!

  • Refactored spec’s describe to more cleanly determine the superclass and name

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ psych (indirect, 5.2.0 → 5.2.1) · Repo · Changelog

Release Notes

5.2.1

What's Changed

• Eagerly require date by @tdeo in #695
• Bump rubygems/release-gem from 612653d273a73bdae1df8453e090060bb4db5f31 to 9e85cb11501bebc2ae661c1500176316d3987059 by @dependabot in #697
• Bump step-security/harden-runner from 2.10.1 to 2.10.2 by @dependabot in #696

New Contributors

• @tdeo made their first contribution in #695

Full Changelog: v5.2.0...v5.2.1

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rackup (indirect, 2.2.0 → 2.2.1) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ reline (indirect, 0.5.11 → 0.5.12) · Repo

Release Notes

0.5.12

What's Changed

🐛 Bug Fixes

• Fix completion quote, preposing and target calculation bug by @tompng in #763
• Fix tab completion appending quote by @tompng in #782
• Fix io_gate.encoding raises IOError in ruby <= 3.0 by @tompng in #785

🛠 Other Changes

• Remove unused things from reline/unicode.rb by @tompng in #759
• Refactor perform_completon by @tompng in #778
• Remove terminfo.rb by @tompng in #769
• Removed redundant argument at Reline::LineEditor::CompletionBlockTest by @hsbt in #781
• Handle multibyte character input by KeyStroke by @tompng in #713
• fix/omit test that fail in encoding=US_ASCII by @tompng in #784
• Extract TruffleRuby workflow from reline.yml by @ima1zumi in #783
• Bump version to 0.5.12 by @ima1zumi in #786

Full Changelog: v0.5.11...v0.5.12

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ securerandom (indirect, 0.3.1 → 0.4.0) · Repo

Release Notes

0.4.0

What's Changed

• Bump rubygems/release-gem from 612653d273a73bdae1df8453e090060bb4db5f31 to 9e85cb11501bebc2ae661c1500176316d3987059 by @dependabot in #33
• Bump step-security/harden-runner from 2.10.1 to 2.10.2 by @dependabot in #32
• Removed Random::Formatter by @hsbt in #34

Full Changelog: v0.3.2...v0.4.0

0.3.2

What's Changed

• Increase speed of UUID generation by @robotblake in #11
• Test RDoc coverage by @nobu in #25
• Build package by @nobu in #26
• Cleanup by @nobu in #27
• Update UUID documentation with RFC9562 links by @nevans in #30

New Contributors

• @robotblake made their first contribution in #11

Full Changelog: v0.3.1...v0.3.2

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ useragent (indirect, 0.16.10 → 0.16.11) · Repo

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu cancel merge

Cancels automatic merging of this PR

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 89.26%. Comparing base (d68856c) to head (4486470).
Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #131   +/-   ##
=======================================
  Coverage   89.26%   89.26%           
=======================================
  Files           8        8           
  Lines         298      298           
  Branches      104      104           
=======================================
  Hits          266      266           
  Misses         32       32           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[coveralls]

Pull Request Test Coverage Report for Build 12283600941

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 84.755%

---

Totals
Change from base Build 12283573263:	0.0%
Covered Lines:	247
Relevant Lines:	274

---

💛 - Coveralls

[pboling]

@depfu rebase