Releases: ualbertalib/library-cms
Releases · ualbertalib/library-cms
2.2.2
What's Changed
- Bump rubocop from 1.75.8 to 1.80.2 by @dependabot[bot] in #852
- Bump rubocop-rails from 2.33.3 to 2.33.4 by @dependabot[bot] in #865
- Bump selenium-webdriver from 4.35.0 to 4.36.0 by @dependabot[bot] in #866
- Bump rdoc from 6.14.2 to 6.15.0 by @dependabot[bot] in #867
- Bump selenium-webdriver from 4.36.0 to 4.38.0 by @dependabot[bot] in #874
- Rack v3.1.18 to address CVE-2025-61780 & CVE-2025-61919 by @jefferya in #876
Security
- CVE-2025-61780 Improper handling of headers in Rack::Sendfile may allow proxy bypass.
- CVE-2025-61919 Unbounded read in Rack::Request form parsing can lead to memory exhaustion.
Full Changelog: 2.2.1...2.2.2
Contributors
jefferya and dependabot
Assets 2
2.2.1
What's Changed
- Bump rack from 3.2.0 to 3.2.2 by @dependabot[bot] in #868
Security:
CVE-2025-61772 Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)
CVE-2025-61771 Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
CVE-2025-61770 Unbounded multipart preamble buffering enables DoS (memory exhaustion)
Full Changelog: 2.2.0...2.2.1
Contributors
dependabot
Assets 2
2.2.0
What's Changed
- Bump actions/checkout from 4 to 5 by @dependabot[bot] in #832
- Bump nokogiri from 1.18.8 to 1.18.9 by @dependabot[bot] in #824
- Bump thor from 1.3.2 to 1.4.0 by @dependabot[bot] in #825
- Bump brace-expansion from 1.1.11 to 1.1.12 by @dependabot[bot] in #833
- Bump esbuild from 0.25.5 to 0.25.9 by @dependabot[bot] in #836
- Bump sass from 1.89.1 to 1.90.0 by @dependabot[bot] in #827
- Bump bootstrap from 5.3.6 to 5.3.7 by @dependabot[bot] in #816
- Bump postcss from 8.5.4 to 8.5.6 by @dependabot[bot] in #815
- Bump rubocop-rails from 2.32.0 to 2.33.1 by @dependabot[bot] in #831
- Bump rdoc from 6.14.0 to 6.14.2 by @dependabot[bot] in #821
- Bump selenium-webdriver from 4.33.0 to 4.35.0 by @dependabot[bot] in #834
- Bump jbuilder from 2.13.0 to 2.14.1 by @dependabot[bot] in #835
- Bump puma from 6.6.0 to 6.6.1 by @dependabot[bot] in #826
- Bump spring from 4.3.0 to 4.4.0 by @dependabot[bot] in #828
- Bump rails from 7.1.5.1 to 7.1.5.2 by @dependabot[bot] in #837
- Bump sass from 1.90.0 to 1.91.0 by @dependabot[bot] in #841
- Bump rubocop-minitest from 0.38.1 to 0.38.2 by @dependabot[bot] in #843
- Bump bootstrap from 5.3.7 to 5.3.8 by @dependabot[bot] in #842
- Bump actions/setup-node from 4 to 5 by @dependabot[bot] in #847
- Bump rexml from 3.4.1 to 3.4.2 by @dependabot[bot] in #855
- Add Config Gem as a replacement for deprecated secrets.yml by @jefferya in #845
New Contributors
Full Changelog: 2.1.2...2.2.0
Contributors
jefferya and dependabot
Assets 2
2.1.2
What's Changed
- Bump puma from 6.5.0 to 6.6.0 by @dependabot in #725
- Bump net-imap from 0.4.12 to 0.4.19 by @dependabot in #731
- Bump rack from 3.1.8 to 3.1.10 by @dependabot in #736
- Bump esbuild from 0.24.2 to 0.25.0 by @dependabot in #729
- Bump nokogiri from 1.16.8 to 1.18.3 by @dependabot in #740
- Bump selenium-webdriver from 4.27.0 to 4.28.0 by @dependabot in #723
- Bump rubocop-rails from 2.28.0 to 2.29.1 by @dependabot in #724
- Bump rdoc from 6.10.0 to 6.12.0 by @dependabot in #728
- Bump rollbar from 3.6.0 to 3.6.1 by @dependabot in #730
- Bump rubocop-minitest from 0.36.0 to 0.37.0 by @dependabot in #739
- Bump postcss from 8.5.1 to 8.5.3 by @dependabot in #741
- Bump image_processing from 1.13.0 to 1.14.0 by @dependabot in #733
- Bump rubocop from 1.70.0 to 1.71.2 by @dependabot in #734
- Bump standard from 1.44.0 to 1.45.0 by @dependabot in #735
- Bump sass from 1.83.4 to 1.85.0 by @dependabot in #738
- Bump nokogiri from 1.18.3 to 1.18.8 by @dependabot in #780
- Bump rack from 3.1.10 to 3.1.12 by @dependabot in #753
- Bump net-imap from 0.4.19 to 0.4.20 by @dependabot in #786
- Bump Ruby 3.3 and add Passenger to Gemfile by @pgwillia in #781
- Bump rack from 3.1.12 to 3.1.14 by @dependabot in #793
- Bump rack-session from 2.0.0 to 2.1.1 by @dependabot in #792
- Bump selenium-webdriver from 4.28.0 to 4.32.0 by @dependabot in #787
- Bump standard from 1.45.0 to 1.50.0 by @dependabot in #796
- Bump rubocop-rails from 2.29.1 to 2.32.0 by @dependabot in #799
- Bump rubocop-minitest from 0.37.0 to 0.38.1 by @dependabot in #805
- Bump turbo-rails from 2.0.11 to 2.0.16 by @dependabot in #808
- Bump @hotwired/turbo-rails from 8.0.12 to 8.0.16 by @dependabot in #807
- Bump sass from 1.85.0 to 1.89.1 by @dependabot in #806
- Bump postcss from 8.5.3 to 8.5.4 by @dependabot in #804
- Bump esbuild from 0.25.0 to 0.25.5 by @dependabot in #801
- Bump bootstrap-icons from 1.11.3 to 1.13.1 by @dependabot in #795
- Bump bootstrap from 5.3.3 to 5.3.6 by @dependabot in #789
- Bump nodemon from 3.1.9 to 3.1.10 by @dependabot in #783
- Bump autoprefixer from 10.4.20 to 10.4.21 by @dependabot in #752
- Bump postcss-cli from 11.0.0 to 11.0.1 by @dependabot in #762
- Bump bootsnap from 1.18.4 to 1.18.6 by @dependabot in #809
- Bump rdoc from 6.13.1 to 6.14.0 by @dependabot in #810
- Bump rack from 3.1.15 to 3.1.16 by @dependabot in #812
Full Changelog: 2.0.2...2.1.2
Contributors
pgwillia and dependabot
Assets 2
2.1.1 - for ruby 3.3 with passenger
What's Changed
- Bump puma from 6.5.0 to 6.6.0 by @dependabot in #725
- Bump net-imap from 0.4.12 to 0.4.19 by @dependabot in #731
- Bump rack from 3.1.8 to 3.1.10 by @dependabot in #736
- Bump esbuild from 0.24.2 to 0.25.0 by @dependabot in #729
- Bump nokogiri from 1.16.8 to 1.18.3 by @dependabot in #740
- Bump selenium-webdriver from 4.27.0 to 4.28.0 by @dependabot in #723
- Bump rubocop-rails from 2.28.0 to 2.29.1 by @dependabot in #724
- Bump rdoc from 6.10.0 to 6.12.0 by @dependabot in #728
- Bump rollbar from 3.6.0 to 3.6.1 by @dependabot in #730
- Bump rubocop-minitest from 0.36.0 to 0.37.0 by @dependabot in #739
- Bump postcss from 8.5.1 to 8.5.3 by @dependabot in #741
- Bump image_processing from 1.13.0 to 1.14.0 by @dependabot in #733
- Bump rubocop from 1.70.0 to 1.71.2 by @dependabot in #734
- Bump standard from 1.44.0 to 1.45.0 by @dependabot in #735
- Bump sass from 1.83.4 to 1.85.0 by @dependabot in #738
- Bump ruby 3.3 and add passenger to Gemfile by @pgwillia in #781
Contributors
pgwillia and dependabot
Assets 2
2.1.0 - for ruby 3.3
What's Changed
- Bump puma from 6.5.0 to 6.6.0 by @dependabot in #725
- Bump net-imap from 0.4.12 to 0.4.19 by @dependabot in #731
- Bump rack from 3.1.8 to 3.1.10 by @dependabot in #736
- Bump esbuild from 0.24.2 to 0.25.0 by @dependabot in #729
- Bump nokogiri from 1.16.8 to 1.18.3 by @dependabot in #740
- Bump selenium-webdriver from 4.27.0 to 4.28.0 by @dependabot in #723
- Bump rubocop-rails from 2.28.0 to 2.29.1 by @dependabot in #724
- Bump rdoc from 6.10.0 to 6.12.0 by @dependabot in #728
- Bump rollbar from 3.6.0 to 3.6.1 by @dependabot in #730
- Bump rubocop-minitest from 0.36.0 to 0.37.0 by @dependabot in #739
- Bump postcss from 8.5.1 to 8.5.3 by @dependabot in #741
- Bump image_processing from 1.13.0 to 1.14.0 by @dependabot in #733
- Bump rubocop from 1.70.0 to 1.71.2 by @dependabot in #734
- Bump standard from 1.44.0 to 1.45.0 by @dependabot in #735
- Bump sass from 1.83.4 to 1.85.0 by @dependabot in #738
Full Changelog: 2.0.2...2.1.0
Contributors
dependabot
Assets 2
Maintenance
What's Changed
- Bump rails-html-sanitizer from 1.6.0 to 1.6.1 by @dependabot in #698
- Bump nanoid from 3.3.7 to 3.3.8 by @dependabot in #709
- Bump rubocop-rails from 2.27.0 to 2.28.0 by @dependabot in #713
- Bump rubocop-performance from 1.22.1 to 1.23.1 by @dependabot in #714
- Bump esbuild from 0.23.1 to 0.24.2 by @dependabot in #712
- Bump rubocop from 1.66.1 to 1.70.0 by @dependabot in #719
- Bump rdoc from 6.7.0 to 6.10.0 by @dependabot in #711
- Bump selenium-webdriver from 4.25.0 to 4.27.0 by @dependabot in #697
- Bump puma from 6.4.3 to 6.5.0 by @dependabot in #696
- Bump nodemon from 3.1.7 to 3.1.9 by @dependabot in #707
- Bump sass from 1.80.4 to 1.83.4 by @dependabot in #720
- Bump postcss from 8.4.47 to 8.5.1 by @dependabot in #718
Full Changelog: 2.0.1...2.0.2
Contributors
dependabot
Assets 2
2.0.1
What's Changed
- Bump sprockets-rails from 3.4.2 to 3.5.2 by @dependabot in #620
- Bump cssbundling-rails from 1.4.0 to 1.4.1 by @dependabot in #621
- Bump jsbundling-rails from 1.3.0 to 1.3.1 by @dependabot in #622
- Bump rubocop from 1.64.1 to 1.65.1 by @dependabot in #623
- Bump standard from 1.39.2 to 1.40.0 by @dependabot in #624
- Bump stimulus-rails from 1.3.3 to 1.3.4 by @dependabot in #628
- Bump esbuild from 0.23.0 to 0.23.1 by @dependabot in #629
- Bump rexml from 3.3.5 to 3.3.6 by @dependabot in #631
- Bump micromatch from 4.0.7 to 4.0.8 by @dependabot in #633
- Bump rubocop-rails from 2.25.1 to 2.26.0 by @dependabot in #634
- Bump selenium-webdriver from 4.23.0 to 4.24.0 by @dependabot in #635
- bring in and enforce inclusive language cops by @ConnorSheremeta in #630
- Bump puma from 6.4.2 to 6.4.3 by @dependabot in #653
- Bump webrick from 1.8.1 to 1.8.2 by @dependabot in #667
- Bump actiontext from 7.1.3.4 to 7.1.4.1 by @dependabot in #668
- Bump rexml from 3.3.6 to 3.3.9 by @dependabot in #681
- Bump standard from 1.40.0 to 1.41.1 by @dependabot in #675
- Bump sass from 1.77.8 to 1.80.4 by @dependabot in #678
- Bump rollbar from 3.5.2 to 3.6.0 by @dependabot in #638
- Bump selenium-webdriver from 4.24.0 to 4.25.0 by @dependabot in #658
- Bump turbo-rails from 2.0.6 to 2.0.11 by @dependabot in #672
- Bump @hotwired/turbo-rails from 8.0.5 to 8.0.12 by @dependabot in #670
- Bump nodemon from 3.1.4 to 3.1.7 by @dependabot in #661
- Bump uglifier from 4.2.0 to 4.2.1 by @dependabot in #659
- Bump jbuilder from 2.12.0 to 2.13.0 by @dependabot in #648
- Bump postcss from 8.4.41 to 8.4.47 by @dependabot in #646
- Bump rubocop-minitest from 0.35.1 to 0.36.0 by @dependabot in #639
- Bump rubocop-rails from 2.26.0 to 2.27.0 by @dependabot in #680
Full Changelog: 2.0.0...2.0.1
Contributors
ConnorSheremeta and dependabot
Assets 2
Bumping release version
Merge pull request #617 from ualbertalib/webpacker-removal Remove webpacker and cleanup unusued CSS/JS
Webpacker clean-up, fixing error pages
Merge pull request #617 from ualbertalib/webpacker-removal Remove webpacker and cleanup unusued CSS/JS