2022-06-07 17:05:23 by Takahiro Kambe | Files touched by this commit (15) | |
Log message:
www/ruby-rails61: update to 6.1.6
Ruby on Rails 6.1.6 (2022-05-12)
Active Support
* Fix and add protections for XSS in ActionView::Helpers and ERB::Util.
Add the method ERB::Util.xml_name_escape to escape dangerous characters in
names of tags and names of attributes, following the specification of XML.
Action View
* Fix and add protections for XSS in ActionView::Helpers and ERB::Util.
Escape dangerous characters in names of tags and names of attributes in
the tag helpers, following the XML specification. Rename the option
:escape_attributes to :escape, to simplify by applying the option to the
whole tag.
Action Pack
* Allow Content Security Policy DSL to generate for API responses.
|
2022-05-05 05:28:21 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
devel/ruby-activesupport61: update to 6.1.5.1
## Rails 6.1.5.1 (April 26, 2022) ##
* Fix and add protections for XSS in `ActionView::Helpers` and `ERB::Util`.
Add the method `ERB::Util.xml_name_escape` to escape dangerous characters
in names of tags and names of attributes, following the specification of XML.
*Álvaro Martín Fraguas*
## Rails 6.1.5 (March 09, 2022) ##
* Fix `ActiveSupport::Duration.build` to support negative values.
The algorithm to collect the `parts` of the `ActiveSupport::Duration`
ignored the sign of the `value` and accumulated incorrect part values. This
impacted `ActiveSupport::Duration#sum` (which is dependent on `parts`) but
not `ActiveSupport::Duration#eql?` (which is dependent on `value`).
*Caleb Buxton*, *Braden Staudacher*
* `Time#change` and methods that call it (eg. `Time#advance`) will now
return a `Time` with the timezone argument provided, if the caller was
initialized with a timezone argument.
Fixes [#42467](https://github.com/rails/rails/issues/42467).
*Alex Ghiculescu*
* Clone to keep extended Logger methods for tagged logger.
*Orhan Toy*
* `assert_changes` works on including `ActiveSupport::Assertions` module.
*Pedro Medeiros*
|
2022-03-27 08:31:56 by Thomas Klausner | Files touched by this commit (4) |
Log message:
*: fix typo in comment
|
2022-03-27 08:30:00 by Thomas Klausner | Files touched by this commit (24) |
Log message:
ruby*: fix rails version in COMMENT
|
2022-03-13 16:11:52 by Takahiro Kambe | Files touched by this commit (14) | |
Log message:
www/ruby-rails61: update to 6.1.4.7
Ruby on Rails 6.1.4.7 is not latest version but it should be easy to pull-up
to pkgsrc-2021Q4.
Changes are in devel/ruby-activestorage61 only.
## Rails 6.1.4.7 (March 08, 2022) ##
* Added image transformation validation via configurable allow-list.
Variant now offers a configurable allow-list for
transformation methods in addition to a configurable deny-list for arguments.
[CVE-2022-21831]
|
2022-02-13 08:35:06 by Takahiro Kambe | Files touched by this commit (14) | |
Log message:
www/ruby-rails61: update to 6.1.4.6
This update contains security fix for CVE-2022-23633 in ruby-actionpack61.
Active Support 6.1.4.6 (2022-02-11)
* Fix Reloader method signature to work with the new Executor signature.
Action Pack 6.1.4.5 (2022-02-11)
* Under certain circumstances, the middleware isn't informed that the
response body has been fully closed which result in request state
not being fully reset before the next request.
[CVE-2022-23633]
Other packages have no change.
|
2021-12-19 06:23:00 by Takahiro Kambe | Files touched by this commit (1) | |
Log message:
devel/ruby-activesupport61: update to 6.1.4.4
No change except version.
|
2021-10-26 12:20:11 by Nia Alarie | Files touched by this commit (3016) |
Log message:
archivers: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Could not be committed due to merge conflict:
devel/py-traitlets/distinfo
The following distfiles were unfetchable (note: some may be only fetched
conditionally):
./devel/pvs/distinfo pvs-3.2-solaris.tgz
./devel/eclipse/distinfo eclipse-sourceBuild-srcIncluded-3.0.1.zip
|
2021-10-07 15:44:44 by Nia Alarie | Files touched by this commit (3017) |
Log message:
devel: Remove SHA1 hashes for distfiles
|
2021-07-04 09:58:17 by Takahiro Kambe | Files touched by this commit (1) | |
Log message:
devel/ruby-activesupport61: update to 6.0.4
Active Support
* MemCacheStore: convert any underlying value (including false) to an
Entry. See #42559. (Alex Ghiculescu)
* Fix bug in number_with_precision when using large BigDecimal values.
Fixes #42302. (Federico Aldunate, Zachary Scott)
* Check byte size instead of length on secure_compare. (Tietew)
* Fix Time.at to not lose :in option. (Ryuta Kamizono)
* Require a path for config.cache_store = :file_store. (Alex
Ghiculescu)
* Avoid having to store complex object in the default translation
file. (Rafael Mendonça França)
|