Skip to content

Ruby dependency upgrade 2023 jan #1382

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 13 commits into
base: master
Choose a base branch
from
Open

Ruby dependency upgrade 2023 jan #1382

wants to merge 13 commits into from

Conversation

kripananda-yadav
Copy link
Contributor

No description provided.

dependabot bot and others added 12 commits January 17, 2023 00:36
@dependabot
Bump loofah from 2.9.0 to 2.19.1
80c2640 
Bumps [loofah](https://github.com/flavorjones/loofah) from 2.9.0 to 2.19.1.
- [Release notes](https://github.com/flavorjones/loofah/releases)
- [Changelog](https://github.com/flavorjones/loofah/blob/main/CHANGELOG.md)
- [Commits](flavorjones/loofah@v2.9.0...v2.19.1)

---
updated-dependencies:
- dependency-name: loofah
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump rails-html-sanitizer from 1.4.2 to 1.4.4
b544a27 
Bumps [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer) from 1.4.2 to 1.4.4.
- [Release notes](https://github.com/rails/rails-html-sanitizer/releases)
- [Changelog](https://github.com/rails/rails-html-sanitizer/blob/master/CHANGELOG.md)
- [Commits](rails/rails-html-sanitizer@v1.4.2...v1.4.4)

---
updated-dependencies:
- dependency-name: rails-html-sanitizer
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump httparty from 0.20.0 to 0.21.0
95c2fa9 
Bumps [httparty](https://github.com/jnunemaker/httparty) from 0.20.0 to 0.21.0.
- [Release notes](https://github.com/jnunemaker/httparty/releases)
- [Changelog](https://github.com/jnunemaker/httparty/blob/master/Changelog.md)
- [Commits](jnunemaker/httparty@v0.20.0...v0.21.0)

---
updated-dependencies:
- dependency-name: httparty
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump sinatra from 2.2.0 to 2.2.3
dc48753 
Bumps [sinatra](https://github.com/sinatra/sinatra) from 2.2.0 to 2.2.3.
- [Release notes](https://github.com/sinatra/sinatra/releases)
- [Changelog](https://github.com/sinatra/sinatra/blob/master/CHANGELOG.md)
- [Commits](sinatra/sinatra@v2.2.0...v2.2.3)

---
updated-dependencies:
- dependency-name: sinatra
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump rack from 2.2.3.1 to 2.2.6.2
7ae4696 
Bumps [rack](https://github.com/rack/rack) from 2.2.3.1 to 2.2.6.2.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](rack/rack@2.2.3.1...v2.2.6.2)

---
updated-dependencies:
- dependency-name: rack
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump globalid from 1.0.0 to 1.0.1
e09c22e 
Bumps [globalid](https://github.com/rails/globalid) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/rails/globalid/releases)
- [Commits](rails/globalid@v1.0.0...v1.0.1)

---
updated-dependencies:
- dependency-name: globalid
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Merge branch 'dependabot/bundler/globalid-1.0.1' of github.com:restar…
670b0ac 
…one/violet_rails into RubyDependencyUpgrade2023Jan
Merge branch 'dependabot/bundler/rack-2.2.6.2' of github.com:restaron…
f480750 
…e/violet_rails into RubyDependencyUpgrade2023Jan
Merge branch 'dependabot/bundler/httparty-0.21.0' of github.com:resta…
217beca 
…rone/violet_rails into RubyDependencyUpgrade2023Jan
fix merge conflict
9f589f8
fix merge conflict
6be8a3e
Merge branch 'dependabot/bundler/rails-html-sanitizer-1.4.4' of githu…
379af29 
…b.com:restarone/violet_rails into RubyDependencyUpgrade2023Jan
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 27, 2023
View reviewed changes
@github-actions
Copy link

Deployed review-app can be viewed at https://review-1382.violet-test.net

@kripananda-yadav
Copy link
Contributor Author

@donrestarone Brakeman indicates that the loofah gem 2.19.1 is vulnerable.

@kripananda-yadav kripananda-yadav added the Pending UAT on Testnet ⚠️ currently on violet-test.net and being tested label Jan 28, 2023
@github-actions
Copy link

Deployed review-app can be viewed at https://review-1382.violet-test.net

@kripananda-yadav kripananda-yadav added Passing UAT on Testnet ✅ and removed Pending UAT on Testnet ⚠️ currently on violet-test.net and being tested labels Jan 31, 2023
@github-actions
Copy link

Deployed review-app can be viewed at https://review-1382.violet-test.net

@donrestarone
Copy link
Contributor

blocked by: #1393

@github-actions
Copy link

github-actions bot commented Feb 5, 2023

Deployed review-app can be viewed at https://review-1382.violet-test.net

@sthajay sthajay mentioned this pull request Feb 11, 2023
Merged
@github-actions
Copy link

Deployed review-app can be viewed at https://review-1382.violet-test.net

@alis-khadka
Copy link
Collaborator

@kripananda-yadav The review-app has been deployed. You can move on with further testing.

@donrestarone
Copy link
Contributor

@alis-khadka could you please fix merge conflicts here?

CC @kripananda-yadav after that we would need another UAT pass to verify the changes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@donrestarone donrestarone donrestarone left review comments

Assignees

@alis-khadka alis-khadka

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@kripananda-yadav @donrestarone @alis-khadka @sthajay