2022-03-27 08:30:00 by Thomas Klausner | Files touched by this commit (24) |
Log message:
ruby*: fix rails version in COMMENT
|
2022-03-13 16:11:52 by Takahiro Kambe | Files touched by this commit (14) | |
Log message:
www/ruby-rails61: update to 6.1.4.7
Ruby on Rails 6.1.4.7 is not latest version but it should be easy to pull-up
to pkgsrc-2021Q4.
Changes are in devel/ruby-activestorage61 only.
## Rails 6.1.4.7 (March 08, 2022) ##
* Added image transformation validation via configurable allow-list.
Variant now offers a configurable allow-list for
transformation methods in addition to a configurable deny-list for arguments.
[CVE-2022-21831]
|
2022-02-13 08:35:06 by Takahiro Kambe | Files touched by this commit (14) | |
Log message:
www/ruby-rails61: update to 6.1.4.6
This update contains security fix for CVE-2022-23633 in ruby-actionpack61.
Active Support 6.1.4.6 (2022-02-11)
* Fix Reloader method signature to work with the new Executor signature.
Action Pack 6.1.4.5 (2022-02-11)
* Under certain circumstances, the middleware isn't informed that the
response body has been fully closed which result in request state
not being fully reset before the next request.
[CVE-2022-23633]
Other packages have no change.
|
2021-12-19 06:26:37 by Takahiro Kambe | Files touched by this commit (1) | |
Log message:
databases/ruby-activerecord61: update to 6.1.4.4
No change except version.
|
2021-10-26 12:10:08 by Nia Alarie | Files touched by this commit (417) |
Log message:
databases: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
The following distfiles could not be fetched (some may be only fetched
conditionally):
./databases/cstore/distinfo D6.data.ros.gz
./databases/cstore/distinfo cstore0.2.tar.gz
./databases/cstore/distinfo data4.tar.gz
|
2021-10-07 15:35:53 by Nia Alarie | Files touched by this commit (417) |
Log message:
databases: Remove SHA1 distfile hashes
|
2021-07-04 10:02:13 by Takahiro Kambe | Files touched by this commit (1) | |
Log message:
databases/ruby-activerecord61: update to 6.1.4
Active Record
* Do not try to rollback transactions that failed due to a
ActiveRecord::TransactionRollbackError. (Jamie McCarthy)
* Raise an error if pool_config is nil in set_pool_config. (Eileen
M. Uchitelle)
* Fix compatibility with psych >= 4.
Starting in Psych 4.0.0 YAML.load behaves like YAML.safe_load. To
preserve compatibility Active Record's schema cache loader and
YAMLColumn now uses YAML.unsafe_load if available. (Jean Boussier)
* Support using replicas when using rails dbconsole. (Christopher
Thornton)
* Restore connection pools after transactional tests. (Eugene Kenny)
* Change upsert_all to fails cleanly for MySQL when :unique_by is
used. (Bastian Bartmann)
* Fix user-defined self.default_scope to respect table alias. (Ryuta
Kamizono)
* Clear @cache_keys cache after update_all, delete_all, destroy_all.
(Ryuta Kamizono)
* Changed Arel predications contains and overlaps to use quoted_node
so that PostgreSQL arrays are quoted properly. (Bradley Priest)
* Fix merge when the where clauses have string contents. (Ryuta
Kamizono)
* Fix rollback of parent destruction with nested dependent: :destroy.
(Jacopo Beschi)
* Fix binds logging for "WHERE ... IN ..." statements. (Ricardo Díaz)
* Handle false in relation strict loading checks.
Previously when a model had strict loading set to true and then had
a relation set strict_loading to false the false wasn't considered
when deciding whether to raise/warn about strict loading.
class Dog < ActiveRecord::Base
self.strict_loading_by_default = true
has_many :treats, strict_loading: false
end
In the example, dog.treats would still raise even though
strict_loading was set to false. This is a bug effecting more than
Active Storage which is why I made this PR superceeding #41461. We
need to fix this for all applications since the behavior is a little
surprising. I took the test from ##41461 and the code suggestion
from #41453 with some additions. (Eileen M. Uchitelle, Radamés Roriz)
* Fix numericality validator without precision. (Ryuta Kamizono)
* Fix aggregate attribute on Enum types. (Ryuta Kamizono)
* Fix CREATE INDEX statement generation for PostgreSQL. (eltongo)
* Fix where clause on enum attribute when providing array of strings.
(Ryuta Kamizono)
* Fix unprepared_statement to work it when nesting. (Ryuta Kamizono)
|
2021-05-08 16:08:57 by Takahiro Kambe | Files touched by this commit (14) | |
Log message:
www/ruby-rails61: update to 6.1.3.2
Real changes are in www/ruby-actionpack61 only.
## Rails 6.1.3.2 (May 05, 2021) ##
* Prevent open redirects by correctly escaping the host allow list
CVE-2021-22903
* Prevent catastrophic backtracking during mime parsing
CVE-2021-22902
* Prevent regex DoS in HTTP token authentication
CVE-2021-22904
* Prevent string polymorphic route arguments.
`url_for` supports building polymorphic URLs via an array
of arguments (usually symbols and records). If a developer passes a
user input array, strings can result in unwanted route helper calls.
CVE-2021-22885
*Gannon McGibbon*
|
2021-04-11 15:28:02 by Takahiro Kambe | Files touched by this commit (15) | |
Log message:
www/ruby-rails61: update to 6.1.3.1
Real changes are in devel/devel/ruby-activestorage61 only.
## Rails 6.1.3.1 (March 26, 2021) ##
* Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
mime types data.
*George Claghorn*
|
2021-02-28 16:42:41 by Takahiro Kambe | Files touched by this commit (13) | |
Log message:
www/ruby-rails61: update to 6.1.3
Rails 6.1.3 (February 17, 2021)
[ActionPack]
* Re-define routes when not set correctly via inheritance.
*John Hawthorn*
[ActiveRecord]
* Fix the MySQL adapter to always set the right collation and charset
to the connection session.
*Rafael Mendonça França*
* Fix MySQL adapter handling of time objects when prepared statements
are enabled.
*Rafael Mendonça França*
* Fix scoping in enum fields using conditions that would generate
an IN clause.
*Ryuta Kamizono*
* Skip optimised #exist? query when #include? is called on a relation
with a having clause
Relations that have aliased select values AND a having clause that
references an aliased select value would generate an error when
#include? was called, due to an optimisation that would generate
call #exists? on the relation instead, which effectively alters
the select values of the query (and thus removes the aliased select
values), but leaves the having clause intact. Because the having
clause is then referencing an aliased column that is no longer
present in the simplified query, an ActiveRecord::InvalidStatement
error was raised.
An sample query affected by this problem:
Author.select('COUNT(*) as total_posts', 'authors.*')
.joins(:posts)
.group(:id)
.having('total_posts > 2')
.include?(Author.first)
This change adds an addition check to the condition that skips the
simplified #exists? query, which simply checks for the presence of
a having clause.
Fixes #41417
*Michael Smart*
* Increment postgres prepared statement counter before making a
prepared statement, so if the statement is aborted without Rails
knowledge (e.g., if app gets kill -9d during long-running query or
due to Rack::Timeout), app won't end up in perpetual crash state for
being inconsistent with Postgres.
*wbharding*, *Martin Tepper*
|