Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(deps): bump activesupport from 6.1.4.4 to 7.0.4.3 in /FabricExa…
…mple (#1740) Bumps [activesupport](https://github.com/rails/rails) from 6.1.4.4 to 7.0.4.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rails/rails/releases">activesupport's releases</a>.</em></p> <blockquote> <h2>v7.0.4.3</h2> <h2>Active Support</h2> <ul> <li> <p>Implement SafeBuffer#bytesplice</p> <p>[CVE-2023-28120]</p> </li> </ul> <h2>Active Model</h2> <ul> <li>No changes.</li> </ul> <h2>Active Record</h2> <ul> <li>No changes.</li> </ul> <h2>Action View</h2> <ul> <li> <p>Ignore certain data-* attributes in rails-ujs when element is contenteditable</p> <p>[CVE-2023-23913]</p> </li> </ul> <h2>Action Pack</h2> <ul> <li>No changes.</li> </ul> <h2>Active Job</h2> <ul> <li>No changes.</li> </ul> <h2>Action Mailer</h2> <ul> <li>No changes.</li> </ul> <h2>Action Cable</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rails/rails/blob/v7.0.4.3/activesupport/CHANGELOG.md">activesupport's changelog</a>.</em></p> <blockquote> <h2>Rails 7.0.4.3 (March 13, 2023)</h2> <ul> <li> <p>Implement SafeBuffer#bytesplice</p> <p>[CVE-2023-28120]</p> </li> </ul> <h2>Rails 7.0.4.2 (January 24, 2023)</h2> <ul> <li>No changes.</li> </ul> <h2>Rails 7.0.4.1 (January 17, 2023)</h2> <ul> <li> <p>Avoid regex backtracking in Inflector.underscore</p> <p>[CVE-2023-22796]</p> </li> </ul> <h2>Rails 7.0.4 (September 09, 2022)</h2> <ul> <li> <p>Redis cache store is now compatible with redis-rb 5.0.</p> <p><em>Jean Boussier</em></p> </li> <li> <p>Fix <code>NoMethodError</code> on custom <code>ActiveSupport::Deprecation</code> behavior.</p> <p><code>ActiveSupport::Deprecation.behavior=</code> was supposed to accept any object that responds to <code>call</code>, but in fact its internal implementation assumed that this object could respond to <code>arity</code>, so it was restricted to only <code>Proc</code> objects.</p> <p>This change removes this <code>arity</code> restriction of custom behaviors.</p> <p><em>Ryo Nakamura</em></p> </li> </ul> <h2>Rails 7.0.3.1 (July 12, 2022)</h2> <ul> <li>No changes.</li> </ul> <h2>Rails 7.0.3 (May 09, 2022)</h2> <ul> <li>No changes.</li> </ul> <h2>Rails 7.0.2.4 (April 26, 2022)</h2> <ul> <li>Fix and add protections for XSS in <code>ActionView::Helpers</code> and <code>ERB::Util</code>.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rails/rails/commit/c15ee6e7b5065db3c46afa1f025b8e45f443604e"><code>c15ee6e</code></a> Preparing for 7.0.4.3 release</li> <li><a href="https://github.com/rails/rails/commit/3468503513c8f87a6ea1bd709a5c114cc2eb332a"><code>3468503</code></a> Implement SafeBuffer#bytesplice</li> <li><a href="https://github.com/rails/rails/commit/7c70791470fc517deb7c640bead9f1b47efb5539"><code>7c70791</code></a> Version 7.0.4.2</li> <li><a href="https://github.com/rails/rails/commit/23e0345fe900dfd7edd6e8e5a7a6bd54b2a7d2ed"><code>23e0345</code></a> Version 7.0.4.1</li> <li><a href="https://github.com/rails/rails/commit/2164d4f6a1bde74b911fe9ba3c8df1b5bf345bf8"><code>2164d4f</code></a> Avoid regex backtracking in Inflector.underscore</li> <li><a href="https://github.com/rails/rails/commit/8015c2c2cf5c8718449677570f372ceb01318a32"><code>8015c2c</code></a> Version 7.0.4</li> <li><a href="https://github.com/rails/rails/commit/ff277583e22ddfbcfbd2131789a7cb7c2f868d68"><code>ff27758</code></a> Revert "Merge pull request <a href="https://github.com/rails/rails/issues/44695">#44695</a> from Edouard-chin/ec-tagger-logger-broadcast"</li> <li><a href="https://github.com/rails/rails/commit/4a1f22474bde75f74093547223937f4b6516b077"><code>4a1f224</code></a> Merge pull request <a href="https://github.com/rails/rails/issues/45882">#45882</a> from rails/short-inspect-on-test-case</li> <li><a href="https://github.com/rails/rails/commit/a3bd3b5ec6448db4f7f30771a2b1aa519b6c21e9"><code>a3bd3b5</code></a> Backport Redis 5.0 compatibility</li> <li><a href="https://github.com/rails/rails/commit/67f37acc3a8660e15448b7f764fdb12eaba6fec2"><code>67f37ac</code></a> Fix flaky tests for RedisCacheStore</li> <li>Additional commits viewable in <a href="https://github.com/rails/rails/compare/v6.1.4.4...v7.0.4.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=activesupport&package-manager=bundler&previous-version=6.1.4.4&new-version=7.0.4.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/software-mansion/react-native-screens/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Loading branch information