Skip to content

Bump sinatra, rails, puma_worker_killer, sprockets, prawn, sentry-raven, derailed_benchmarks, dotenv-rails and rubocop-performance #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump sinatra, rails, puma_worker_killer, sprockets, prawn, sentry-raven, derailed_benchmarks, dotenv-rails and rubocop-performance #5

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Nov 18, 2024
edited by sourcery-ai bot
Loading

Bumps sinatra, rails, puma_worker_killer, sprockets, prawn, sentry-raven, derailed_benchmarks, dotenv-rails and rubocop-performance. These dependencies needed to be updated together.
Updates sinatra from 3.1.0 to 4.1.0

Changelog

Sourced from sinatra's changelog.

4.1.0 / 2024-11-18

  • New: Add host_authorization setting (#2053)
    • Defaults to .localhost, .test and any IP address in development mode.
    • Security: addresses CVE-2024-21510.
  • Fix: Return an instance of Sinatra::IndifferentHash when calling #except (#2044)
  • Fix: Address warning from URI for Ruby 3.4 (#2060)
  • Fix: rackup no longer depends on WEBrick, recommend Puma instead (4a558503)
  • Fix: Zeitwerk 2.7.0+ compatibility (#2050)
  • Fix: Address warning about Hash construction for Ruby 3.4 (#2028)
  • Fix: Declare missing dependencies for Ruby 3.5 (#2032)
  • Fix: Compatibility with --enable-frozen-string-literal (#2033)
  • Fix: Rack 3.1 compatibility (#2035)
    • Don't depend on Rack::Logger
    • Don't delete content-length header when Rack::Files is used

4.0.0. / 2024-01-19

  • New: Add support for Rack 3 (#1857)

    • Note: you may want to read the [Rack 3 Upgrade Guide]

  • Require Ruby 2.7.8 as minimum Ruby version (#1993)

  • Breaking change: Drop support for Rack 2 (#1857)

    • Note: when using Sinatra to start the web server, you now need the rackup gem installed

  • Breaking change: Remove the IndifferentHash initializer (#1982)

  • Breaking change: Disable session_hijacking protection by default (#1984)

  • Breaking change: Remove Rack::Protection::EncryptedCookie (#1989)

    • Note: cookies are still encrypted (by [Rack::Session::Cookie])

#1857: sinatra/sinatra#1857 #1993: sinatra/sinatra#1993 #1982: sinatra/sinatra#1982 #1984: sinatra/sinatra#1984 #1989: sinatra/sinatra#1989 [Rack::Session::Cookie]: https://github.com/rack/rack-session [Rack 3 Upgrade Guide]: https://github.com/rack/rack/blob/main/UPGRADE-GUIDE.md

3.2.0 / 2023-12-29

  • New: Add #except method to Sinatra::IndifferentHash (#1940)

  • New: Use Exception#detailed_message to show backtrace (#1952)

  • New: Add Sinatra::HamlHelpers to sinatra-contrib (#1960)

  • Fix: Add base64 to rack-protection runtime dependencies (#1946)

... (truncated)

Commits

Updates rails from 7.0.8 to 8.0.0

Release notes

Sourced from rails's releases.

8.0.0

Active Support

  • Remove deprecated support to passing an array of strings to ActiveSupport::Deprecation#warn.

    Rafael Mendonça França

  • Remove deprecated support to setting attr_internal_naming_format with a @ prefix.

    Rafael Mendonça França

  • Remove deprecated ActiveSupport::ProxyObject.

    Rafael Mendonça França

  • Don't execute i18n watcher on boot. It shouldn't catch any file changes initially, and unnecessarily slows down boot of applications with lots of translations.

    Gannon McGibbon, David Stosik

  • Fix ActiveSupport::HashWithIndifferentAccess#stringify_keys to stringify all keys not just symbols.

    Previously:

    { 1 => 2 }.with_indifferent_access.stringify_keys[1] # => 2

    After this change:

    { 1 => 2 }.with_indifferent_access.stringify_keys["1"] # => 2

    This change can be seen as a bug fix, but since it behaved like this for a very long time, we're deciding to not backport the fix and to make the change in a major release.

    Jean Boussier

  • Include options when instrumenting ActiveSupport::Cache::Store#delete and ActiveSupport::Cache::Store#delete_multi.

    Adam Renberg Tamm

  • Print test names when running rails test -v for parallel tests.

    John Hawthorn, Abeid Ahmed

  • Deprecate Benchmark.ms core extension.

    The benchmark gem will become bundled in Ruby 3.5

... (truncated)

Commits
  • dd8f718 Preparing for 8.0.0 release
  • f88e6ae Merge pull request #53550 from tysongach/devcontainer-links
  • 43425c8 Bump deprecation message to 8.1
  • 38bf52d Add yarn.lock to allowed dirty files
  • 3de9afc Merge pull request #53546 from matthewd/dst_deprecation_fix
  • ebcb66e Merge pull request #53542 from Uaitt/remove-redundant-period-in-security-guides
  • 4f042a8 Merge pull request #53520 from Earlopain/fix-backtrace-env-gem-paths
  • 74608e5 Merge pull request #53533 from Earlopain/no-docs-for-rackup
  • 8ee2d3e Merge pull request #53504 from SleeplessByte/fix/anchor-scroll-mobile
  • 473f2b2 Merge pull request #53515 from k-tsuchiya-jp/fix-53467
  • Additional commits viewable in compare view

Updates puma_worker_killer from 0.3.1 to 1.0.0

Changelog

Sourced from puma_worker_killer's changelog.

1.0.0

Commits

Updates sprockets from 4.1.1 to 4.2.1

Release notes

Sourced from sprockets's releases.

4.2.1

What's Changed

New Contributors

Full Changelog: rails/sprockets@v4.2.0...v4.2.1

4.2.0

What's Changed

New Contributors

Full Changelog: rails/sprockets@v4.1.1...v4.2.0

Changelog

Sourced from sprockets's changelog.

4.2.1

  • Fix for precompile issues when multiple extensions map to the same MIME type (eg. .jpeg / .jpg). #781
  • Fix application/css-sourcemap+json charset #764
  • Fix compatibility with Rack 2 applications. #790

4.2.0

  • Rack 3 compatibility. #758
  • Fix thread safety of Sprockets::CachedEnvironment and Sprockets::Cache::MemoryStore. #771
  • Add support for Rack 3.0. Headers set by sprockets will now be lower case. #758
  • Make Sprockets::Utils.module_include thread safe on JRuby. #759
  • Fix typo in asset.rb file. #768
Commits
  • 5b040f3 Prepare for 4.2.1
  • 0a5879d Remove check CHANGELOG action
  • 8ee21cf Use Ruby LSP instead of rebornix.Ruby
  • 5d26375 Merge pull request #764 from chadlwilson/fix-css-sourcemap-default-charset
  • 572235a Merge branch 'main' into fix-css-sourcemap-default-charset
  • 42f7d5e Merge pull request #790 from skipkayhil/hm-fix-rails-7-compat
  • d0de178 Merge pull request #768 from jpbalarini/patch-1
  • 5d795a7 Fix header casing compatibility with Rails 7
  • 6554b6d Merge pull request #791 from skipkayhil/hm-fix-minitest-casing
  • 4be779f Fix Minitest constant name in tests
  • Additional commits viewable in compare view

Updates prawn from 2.4.0 to 2.5.0

Changelog

Sourced from prawn's changelog.

PrawnPDF 2.5.0

Full font embedding

Fonts can be embedded in their original form without subsetting or any other modification.

(Alexander Mankuta, #1322)

Fixed keyword arguments in Prawn::View

(Kim Burgestrand, 1284)

Look for glyph in correct font

Take the font style into account when looking for a glyph and fallback fonts are enabled.

(Dan Allen, #1147)

Fixed font caching

It's a subtle bug that could result in use of incorrect fonts.

(maerch, #924, Alexander Mankuta)

Fixed line spacing in text boxes with indentation

(Jakub Stasiak, #1079)

Commits

Updates sentry-raven from 2.13.0 to 3.1.2

Commits

Updates derailed_benchmarks from 2.1.1 to 2.2.1

Changelog

Sourced from derailed_benchmarks's changelog.

2.2.1

2.2.0

2.1.2

Commits

Updates dotenv-rails from 2.8.1 to 3.1.4

Release notes

Sourced from dotenv-rails's releases.

3.1.4

What's Changed

New Contributors

Full Changelog: bkeepers/dotenv@v3.1.3...v3.1.4

3.1.3

What's Changed

New Contributors

Full Changelog: bkeepers/dotenv@v3.1.2...v3.1.3

3.1.2

What's Changed

Full Changelog: bkeepers/dotenv@v3.1.1...v3.1.2

3.1.1

What's Changed

New Contributors

Full Changelog: bkeepers/dotenv@v3.1.0...v3.1.1

3.1.0

What's Changed

... (truncated)

Changelog

Sourced from dotenv-rails's changelog.

3.1.4

New Contributors

Full Changelog: bkeepers/dotenv@v3.1.3...v3.1.4

3.1.3

New Contributors

Full Changelog: bkeepers/dotenv@v3.1.2...v3.1.3

3.1.2

Full Changelog: bkeepers/dotenv@v3.1.1...v3.1.2

3.1.1

What's Changed

New Contributors

Full Changelog: bkeepers/dotenv@v3.1.0...v3.1.1

3.1.0

What's Changed

... (truncated)

Commits

Updates rubocop-performance from 1.19.1 to 1.22.1

Release notes

Sourced from rubocop-performance's releases.

RuboCop Performance 1.22.1

Bug fixes

  • #468: Fix false positives for Performance/BigDecimalWithNumericArgument when using float argument for BigDecimal. (@​koic)

RuboCop Performance 1.22.0

Bug fixes

  • #454: Fix false positives for Performance/BigDecimalWithNumericArgument when using BigDecimal 3.1+. (@​koic)

Changes

RuboCop Performance 1.21.1

Bug fixes

  • #452: Fix an error for Performance/RedundantEqualityComparisonBlock when the block is empty. (@​earlopain)

RuboCop Performance 1.21.0

New features

  • #446: Support Prism as a Ruby parser (experimental). (@​koic)

Bug fixes

  • #437: Fix a false positive for Performance/ChainArrayAllocation when using select with block argument after select. (@​koic)
  • #448: Fix a false positive for Performance/RedundantBlockCall when using block.call with block argument. (@​koic)

Changes

RuboCop Performance 1.20.2

Bug fixes

  • #425: Fix a false positive for Performance/StringIdentifierArgument when using string interpolation with methods that don't support symbols with :: inside them. (@​earlopain)

... (truncated)

Changelog

Sourced from rubocop-performance's changelog.

1.22.1 (2024-09-17)

Bug fixes

  • #468: Fix false positives for Performance/BigDecimalWithNumericArgument when using float argument for BigDecimal. ([@​koic][])

1.22.0 (2024-09-16)

Bug fixes

  • #454: Fix false positives for Performance/BigDecimalWithNumericArgument when using BigDecimal 3.1+. ([@​koic][])

Changes

  • #385: Disable Performance/BlockGivenWithExplicitBlock by default. ([@​earlopain][])
  • #407: Make Performance/DoubleStartEndWith aware of safe navigation. ([@​earlopain][])

1.21.1 (2024-06-16)

Bug fixes

  • #452: Fix an error for Performance/RedundantEqualityComparisonBlock when the block is empty. ([@​earlopain][])

1.21.0 (2024-03-30)

New features

  • #446: Support Prism as a Ruby parser (experimental). ([@​koic][])

Bug fixes

  • #437: Fix a false positive for Performance/ChainArrayAllocation when using select with block argument after select. ([@​koic][])
  • #448: Fix a false positive for Performance/RedundantBlockCall when using block.call with block argument. ([@​koic][])

Changes

1.20.2 (2024-01-08)

Bug fixes

  • #425: Fix a false positive for Performance/StringIdentifierArgument when using string interpolation with methods that don't support symbols with :: inside them. ([@​earlopain][])

1.20.1 (2023-12-25)

Bug fixes

  • #428: Fix false negatives for Performance/StringIdentifierArgument when using multiple string arguments. ([@​koic][])

... (truncated)

Commits
  • 69c5abc Cut 1.22.1
  • 3188974 Update Changelog
  • 100cdfe Merge pull request #469 from koic/fix_false_positives_for_performance_big_dec...
  • 6bb06b2 [Fix #468] Fix false positives for Performance/BigDecimalWithNumericArgument
  • f74a890 Switch back docs version to master
  • bf5f64f Cut 1.22.0
  • d26b441 Update Changelog
  • 7233005 Merge pull request #465 from Earlopain/start-end-safe-navigation
  • 767f2c9 [Fix #407] Make Performance/DoubleStartEndWith aware of safe navigation
  • f28d18d Merge pull request #466 from Earlopain/block-given-disable
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Summary by Sourcery

Update multiple dependencies including Sinatra, Rails, Puma Worker Killer, Sprockets, Prawn, Sentry-Raven, Derailed Benchmarks, Dotenv-Rails, and Rubocop-Performance to their latest versions, addressing security vulnerabilities, improving compatibility, and enhancing performance.

Build:

  • Update Sinatra from 3.1.0 to 4.1.0, addressing several security and compatibility issues, including CVE-2024-21510.
  • Upgrade Rails from 7.0.8 to 8.0.0, removing deprecated features and improving performance.
  • Bump Puma Worker Killer from 0.3.1 to 1.0.0, adding bigdecimal as a dependency and dropping support for Ruby versions prior to 3.1.
  • Update Sprockets from 4.1.1 to 4.2.1, fixing precompile issues and improving compatibility with Rack 3.
  • Upgrade Prawn from 2.4.0 to 2.5.0, introducing full font embedding and fixing several bugs.
  • Update Sentry-Raven from 2.13.0 to 3.1.2, refining the readme and fixing configuration issues.
  • Upgrade Derailed Benchmarks from 2.1.1 to 2.2.1, adding support for new environment variables and Rails versions.
  • Update Dotenv-Rails from 2.8.1 to 3.1.4, fixing errors related to Spring and improving documentation.
  • Upgrade Rubocop-Performance from 1.19.1 to 1.22.1, fixing false positives and improving performance checks.

@dependabot
Bump sinatra, rails, puma_worker_killer, sprockets, prawn, sentry-rav…
65f1f89 
…en, derailed_benchmarks, dotenv-rails and rubocop-performance

Bumps [sinatra](https://github.com/sinatra/sinatra), [rails](https://github.com/rails/rails), [puma_worker_killer](https://github.com/schneems/puma_worker_killer), [sprockets](https://github.com/rails/sprockets), [prawn](https://github.com/prawnpdf/prawn), [sentry-raven](https://github.com/getsentry/raven-ruby), [derailed_benchmarks](https://github.com/zombocom/derailed_benchmarks), [dotenv-rails](https://github.com/bkeepers/dotenv) and [rubocop-performance](https://github.com/rubocop/rubocop-performance). These dependencies needed to be updated together.

Updates `sinatra` from 3.1.0 to 4.1.0
- [Changelog](https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md)
- [Commits](sinatra/sinatra@v3.1.0...v4.1.0)

Updates `rails` from 7.0.8 to 8.0.0
- [Release notes](https://github.com/rails/rails/releases)
- [Commits](rails/rails@v7.0.8...v8.0.0)

Updates `puma_worker_killer` from 0.3.1 to 1.0.0
- [Changelog](https://github.com/zombocom/puma_worker_killer/blob/main/CHANGELOG.md)
- [Commits](zombocom/puma_worker_killer@v0.3.1...v1.0.0)

Updates `sprockets` from 4.1.1 to 4.2.1
- [Release notes](https://github.com/rails/sprockets/releases)
- [Changelog](https://github.com/rails/sprockets/blob/main/CHANGELOG.md)
- [Commits](rails/sprockets@v4.1.1...v4.2.1)

Updates `prawn` from 2.4.0 to 2.5.0
- [Release notes](https://github.com/prawnpdf/prawn/releases)
- [Changelog](https://github.com/prawnpdf/prawn/blob/master/CHANGELOG.md)
- [Commits](prawnpdf/prawn@2.4.0...2.5.0)

Updates `sentry-raven` from 2.13.0 to 3.1.2
- [Release notes](https://github.com/getsentry/raven-ruby/releases)
- [Changelog](https://github.com/getsentry/sentry-ruby/blob/master/CHANGELOG.md)
- [Commits](getsentry/sentry-ruby@v2.13.0...sentry-raven-v3.1.2)

Updates `derailed_benchmarks` from 2.1.1 to 2.2.1
- [Changelog](https://github.com/zombocom/derailed_benchmarks/blob/main/CHANGELOG.md)
- [Commits](zombocom/derailed_benchmarks@v2.1.1...v2.2.1)

Updates `dotenv-rails` from 2.8.1 to 3.1.4
- [Release notes](https://github.com/bkeepers/dotenv/releases)
- [Changelog](https://github.com/bkeepers/dotenv/blob/main/Changelog.md)
- [Commits](bkeepers/dotenv@v2.8.1...v3.1.4)

Updates `rubocop-performance` from 1.19.1 to 1.22.1
- [Release notes](https://github.com/rubocop/rubocop-performance/releases)
- [Changelog](https://github.com/rubocop/rubocop-performance/blob/master/CHANGELOG.md)
- [Commits](rubocop/rubocop-performance@v1.19.1...v1.22.1)

---
updated-dependencies:
- dependency-name: sinatra
  dependency-type: direct:production
- dependency-name: rails
  dependency-type: direct:production
- dependency-name: puma_worker_killer
  dependency-type: direct:production
- dependency-name: sprockets
  dependency-type: direct:production
- dependency-name: prawn
  dependency-type: direct:production
- dependency-name: sentry-raven
  dependency-type: direct:production
- dependency-name: derailed_benchmarks
  dependency-type: direct:development
- dependency-name: dotenv-rails
  dependency-type: direct:development
- dependency-name: rubocop-performance
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Nov 18, 2024
@sourcery-ai Sourcery AI
Copy link

sourcery-ai bot commented Nov 18, 2024
edited
Loading

Reviewer's Guide by Sourcery

This PR updates multiple gem dependencies to their latest versions, with significant version jumps for Rails (7.0.8 to 8.0.0) and Sinatra (3.1.0 to 4.1.0). The changes include breaking changes, security fixes, and performance improvements across the updated dependencies.

No diagrams generated as the changes look simple and do not need a visual representation.

File-Level Changes

Change Details Files
Major Rails upgrade with breaking changes
  • Removes deprecated support for passing array of strings to ActiveSupport::Deprecation#warn
  • Changes HashWithIndifferentAccess#stringify_keys behavior to stringify all keys
  • Deprecates Benchmark.ms core extension
  • Removes several deprecated ActiveSupport features
 Gemfile
Gemfile.lock
Major Sinatra upgrade with security improvements
  • Adds host_authorization setting for improved security (CVE-2024-21510)
  • Adds support for Rack 3
  • Disables session_hijacking protection by default
  • Removes Rack::Protection::EncryptedCookie
 Gemfile.lock
Performance and security updates to supporting gems
  • Updates puma_worker_killer to support Ruby 3.1+ and adds bigdecimal dependency
  • Improves thread safety in Sprockets CachedEnvironment and Cache::MemoryStore
  • Adds full font embedding support in Prawn
  • Updates dotenv-rails with Spring integration improvements
 Gemfile.lock
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time. You can also use
    this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai bot reviewed Nov 18, 2024
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have skipped reviewing this pull request. It seems to have been created by a bot (hey, dependabot[bot]!). We assume it knows what it's doing!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants