Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign up🚨 [security] [ruby] Update all of rails: 5.2.4.1 → 5.2.4.2 (patch) #381
+38
−38
Conversation
This comment has been minimized.
This comment has been minimized.
codecov
bot
commented
Mar 19, 2020
•
Codecov Report
@@ Coverage Diff @@
## master #381 +/- ##
=======================================
Coverage 89.15% 89.15%
=======================================
Files 35 35
Lines 636 636
=======================================
Hits 567 567
Misses 69 69 Continue to review full report at Codecov.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
depfu bot commentedMar 19, 2020
Advisory: CVE-2020-5267
Disclosed: March 19, 2020
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8
Possible XSS vulnerability in ActionView
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
Commits
See the full diff on Github. The new version differs by 2 commits:
update version
Fix possible XSS vector in JS escape helper
Commits
See the full diff on Github. The new version differs by 2 commits:
update version
Fix possible XSS vector in JS escape helper
Commits
See the full diff on Github. The new version differs by 2 commits:
update version
Fix possible XSS vector in JS escape helper
Commits
See the full diff on Github. The new version differs by 2 commits:
update version
Fix possible XSS vector in JS escape helper
Commits
See the full diff on Github. The new version differs by 2 commits:
update version
Fix possible XSS vector in JS escape helper
Commits
See the full diff on Github. The new version differs by 2 commits:
update version
Fix possible XSS vector in JS escape helper
Commits
See the full diff on Github. The new version differs by 2 commits:
update version
Fix possible XSS vector in JS escape helper
Commits
See the full diff on Github. The new version differs by 2 commits:
update version
Fix possible XSS vector in JS escape helper
Commits
See the full diff on Github. The new version differs by 2 commits:
update version
Fix possible XSS vector in JS escape helper
Commits
See the full diff on Github. The new version differs by 17 commits:
Merge pull request #64 from banister/release-1-0-0
Release v1.0.0
Merge pull request #63 from banister/travis-removal
Test solely on CircleCI, remove Travis
Merge pull request #62 from banister/circleci
Test on CircleCI
Merge pull request #61 from jasonkarns/patch-1
More closely match MIT License text verbatim
Merge pull request #59 from casperisfine/fix-ruby-2.7
Test against Ruby 2.7 on CI
Handle new message for unterminated lists on MRI 2.7
Merge pull request #60 from casperisfine/fix-ci
Fix ruby warning in spec_helper
Add MRI 2.5 and 2.6
Fix CI build
Merge pull request #56 from nisusam/fix_documentation_link
Fix `documentation` link
Release Notes
1.10.9
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 5 commits:
version bump to v1.10.9
update CHANGELOG
Change return type to RubyArray
update CHANGELOG for #1985
Work around a bug in libxml2
Commits
See the full diff on Github. The new version differs by 2 commits:
update version
Fix possible XSS vector in JS escape helper
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase
.All Depfu comment commands