This repository has been archived by the owner on Apr 30, 2024. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bump activesupport from 6.1.6.1 to 6.1.7.1 in /sdk/react-native (#24422)
Bumps [activesupport](https://github.com/rails/rails) from 6.1.6.1 to 6.1.7.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rails/rails/releases">activesupport's releases</a>.</em></p> <blockquote> <h2>v6.1.7.1</h2> <h2>Active Support</h2> <ul> <li> <p>Avoid regex backtracking in Inflector.underscore</p> <p>[CVE-2023-22796]</p> </li> </ul> <h2>Active Model</h2> <ul> <li>No changes.</li> </ul> <h2>Active Record</h2> <ul> <li> <p>Make sanitize_as_sql_comment more strict</p> <p>Though this method was likely never meant to take user input, it was attempting sanitization. That sanitization could be bypassed with carefully crafted input.</p> <p>This commit makes the sanitization more robust by replacing any occurrances of "/<em>" or "</em>/" with "/ <em>" or "</em> /". It also performs a first pass to remove one surrounding comment to avoid compatibility issues for users relying on the existing removal.</p> <p>This also clarifies in the documentation of annotate that it should not be provided user input.</p> <p>[CVE-2023-22794]</p> </li> <li> <p>Added integer width check to PostgreSQL::Quoting</p> <p>Given a value outside the range for a 64bit signed integer type PostgreSQL will treat the column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan.</p> <p>This behavior is configurable via ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true.</p> <p>[CVE-2022-44566]</p> </li> </ul> <h2>Action View</h2> <ul> <li>No changes.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rails/rails/commit/c443466a99f8ed951605fb4993a01de5e41349a4"><code>c443466</code></a> Version 6.1.7.1</li> <li><a href="https://github.com/rails/rails/commit/a7cda7e6aa5334ab41b1f4b0f671be931be946ef"><code>a7cda7e</code></a> Avoid regex backtracking in Inflector.underscore</li> <li><a href="https://github.com/rails/rails/commit/9ab33753b6bab1809fc73d35b98a5c1d0c96ba1b"><code>9ab3375</code></a> Version 6.1.7</li> <li><a href="https://github.com/rails/rails/commit/ad24aa5b68db8d9dd9323d472f2d0c157c08c510"><code>ad24aa5</code></a> add test for keyword arguments in ActiveSupport::CurrentAttributes.method_mis...</li> <li><a href="https://github.com/rails/rails/commit/11e0b892d3c88ffe7f9b6bae7bd6f2ae9ce06966"><code>11e0b89</code></a> fix ActiveSupport::CurrentAttributes.method_missing for Ruby 3</li> <li><a href="https://github.com/rails/rails/commit/f05ac78bfc9d172abaa86a9da139c7933e4e79c5"><code>f05ac78</code></a> Merge branch '6-1-sec' into 6-1-stable</li> <li><a href="https://github.com/rails/rails/commit/d42b549de66988eecfca36e5581885e82d1b6d87"><code>d42b549</code></a> Preparing for 6.1.6 release</li> <li>See full diff in <a href="https://github.com/rails/rails/compare/v6.1.6.1...v6.1.7.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/nabla/health/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Loading branch information
1 parent
837e2ab
commit 644c75d