Skip to content

Bump the bundler group across 1 directory with 9 updates #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the bundler group across 1 directory with 9 updates #1

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Dec 29, 2025

Bumps the bundler group with 8 updates in the / directory:

Package From To
rake 0.9.2 12.3.3
rack 1.3.2 2.2.20
json 1.5.3 2.3.0
nokogiri 1.4.7 1.18.9
ffi 1.0.9 1.9.24
i18n 0.6.0 0.8.0
mail 2.3.0 2.4.4
rubyzip 0.9.4 1.3.0

Updates rake from 0.9.2 to 12.3.3

Release notes

Sourced from rake's releases.

rake-10.1.1

Full Changelog: ruby/rake@rake-10.1.0.beta.3...rake-10.1.1

rake-10.1.0

Full Changelog: ruby/rake@rake-10.0.4...rake-10.1.0

rake-10.1.0.beta.3

Full Changelog: ruby/rake@rake-10.1.0.beta.2...rake-10.1.0.beta.3

rake-10.1.0.beta.2

Full Changelog: ruby/rake@rake-10.1.0.beta.1...rake-10.1.0.beta.2

rake-10.1.0.beta.1

Full Changelog: ruby/rake@rake-10.0.4...rake-10.1.0.beta.1

rake-10.0.4

Full Changelog: ruby/rake@rake-10.0.3...rake-10.0.4

rake-10.0.3

Full Changelog: ruby/rake@rake-10.0.2...rake-10.0.3

rake-10.0.2

Full Changelog: ruby/rake@rake-10.0.1...rake-10.0.2

rake-10.0.1

Full Changelog: ruby/rake@rake-10.0.0.beta.2...rake-10.0.1

rake-10.0.0

Full Changelog: ruby/rake@rake-0.9.3.beta.3...rake-10.0.0

rake-10.0.0.beta.2

Full Changelog: ruby/rake@rake-0.9.3.beta.3...rake-10.0.0.beta.2

rake-0.9.6

Full Changelog: ruby/rake@rake-0.9.5...rake-0.9.6

rake-0.9.5

Full Changelog: ruby/rake@rake-0.9.4...rake-0.9.5

rake-0.9.4

Full Changelog: ruby/rake@rake-0.9.3.beta.3...rake-0.9.4

rake-0.9.3

Full Changelog: ruby/rake@rake-0.9.2...rake-0.9.3

rake-0.9.3.beta.3

Full Changelog: ruby/rake@rake-0.9.3.beta.2...rake-0.9.3.beta.3

rake-0.9.3.beta.2

Full Changelog: ruby/rake@rake-0.9.3.beta.1...rake-0.9.3.beta.2

... (truncated)

Changelog

Sourced from rake's changelog.

=== 12.3.3

==== Bug fixes

  • Use the application's name in error message if a task is not found. Pull Request #303 by tmatilai

==== Enhancements:

  • Use File.open explicitly.

=== 12.3.2

==== Bug fixes

  • Fixed test fails caused by 2.6 warnings. Pull Request #297 by hsbt

==== Enhancements:

  • Rdoc improvements. Pull Request #293 by colby-swandale
  • Improve multitask performance. Pull Request #273 by jsm
  • Add alias prereqs. Pull Request #268 by take-cheeze

=== 12.3.1

==== Bug fixes

  • Support did_you_mean >= v1.2.0 which has a breaking change on formatters. Pull request #262 by FUJI Goro.

==== Enhancements:

  • Don't run task if it depends on already invoked but failed task. Pull request #252 by Gonzalo Rodriguez.
  • Make space trimming consistent for all task arguments. Pull request #259 by Gonzalo Rodriguez.
  • Removes duplicated inclusion of Rake::DSL in tests. Pull request #254 by Gonzalo Rodriguez.
  • Re-raise a LoadError that didn't come from require in the test loader. Pull request #250 by Dylan Thacker-Smith.

=== 12.3.0

==== Compatibility Changes

  • Bump required_ruby_version to Ruby 2.0.0. Rake has already

... (truncated)

Commits
  • 5c87c46 Bump version to 12.3.3.
  • 5b8f8fc Use File.open explicitly.
  • 6497ba4 Merge pull request #317 from ruby/ignore-gitignore
  • be62efb Removed gitignore from gemspec files.
  • 1c22b49 Merge pull request #309 from RDIL/patch-1
  • 496944a Remove deprecated travis ci option
  • 489c7d8 Merge pull request #307 from ruby/azure-pipelines
  • 77eb6d8 Only enabled macOS environment
  • 72ffa2e use realpath
  • 7744872 Do not specify ruby version of macOS
  • Additional commits viewable in compare view

Updates rack from 1.3.2 to 2.2.20

Release notes

Sourced from rack's releases.

v2.2.8.1

What's Changed

Full Changelog: rack/rack@v2.2.8...v2.2.8.1

v2.2.8

What's Changed

New Contributors

Full Changelog: rack/rack@v2.2.7...v2.2.8

v2.2.7

What's Changed

New Contributors

Full Changelog: rack/rack@v2.2.6.4...v2.2.7

v2.2.6.4

No release notes provided.

v2.1.4.4

What's Changed

Full Changelog: rack/rack@v2.1.4.3...v2.1.4.4

v2.0.9.4

What's Changed

Full Changelog: rack/rack@v2.0.9.3...v2.0.9.4

Changelog

Sourced from rack's changelog.

[2.2.20] - 2025-10-10

Security

  • CVE-2025-61780 Improper handling of headers in Rack::Sendfile may allow proxy bypass.
  • CVE-2025-61919 Unbounded read in Rack::Request form parsing can lead to memory exhaustion.

[2.2.19] - 2025-10-07

Security

  • CVE-2025-61772 Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)
  • CVE-2025-61771 Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
  • CVE-2025-61770 Unbounded multipart preamble buffering enables DoS (memory exhaustion)

[2.2.18] - 2025-09-25

Security

  • CVE-2025-59830 Unbounded parameter parsing in Rack::QueryParser can lead to memory exhaustion via semicolon-separated parameters.

[2.2.17] - 2025-06-03

[2.2.16] - 2025-05-22

[2.2.15] - 2025-05-18

[2.2.14] - 2025-05-06

⚠️ This release includes a security fix that may cause certain routes in previously working applications to fail if query parameters exceed 4,096 in count or 4 MB in total size. See rack/rack#2356 for more details.

Security

  • CVE-2025-46727 Unbounded parameter parsing in Rack::QueryParser can lead to memory exhaustion.

[2.2.13] - 2025-03-11

Security

[2.2.12] - 2025-03-04

Security

... (truncated)

Commits
  • 6ef5915 Bump patch version.
  • 4e2c903 Unbounded read in Rack::Request form parsing can lead to memory exhaustion.
  • fba2c8b Improper handling of proxy headers in Rack::Sendfile may allow proxy bypass.
  • ed3d834 Normalize adivsories links.
  • 4c4ea29 Bump patch version.
  • c370dcd Limit amount of retained data when parsing multipart requests
  • d869fed Fix denial of service vulnerbilties in multipart parsing
  • 0f76d43 Bump patch version.
  • 493a411 Fix thin integration.
  • 54e4ffd Unbounded parameter parsing in Rack::QueryParser.
  • Additional commits viewable in compare view

Updates sinatra from 1.2.6 to 3.2.0

Changelog

Sourced from sinatra's changelog.

3.2.0 / 2023-12-29

  • New: Add #except method to Sinatra::IndifferentHash (#1940)

  • New: Use Exception#detailed_message to show backtrace (#1952)

  • New: Add Sinatra::HamlHelpers to sinatra-contrib (#1960)

  • Fix: Add base64 to rack-protection runtime dependencies (#1946)

  • Fix: Avoid open-ended dependencies for sinatra-contrib and rack-protection (#1949)

  • Fix: Helpful message when Sinatra::Runner times out (#1975)

  • Fix: Ruby 3.3 + Bundler 2.5 compatibility (#1975)

#1940: sinatra/sinatra#1940 #1946: sinatra/sinatra#1946 #1949: sinatra/sinatra#1949 #1952: sinatra/sinatra#1952 #1960: sinatra/sinatra#1960 #1975: sinatra/sinatra#1975

3.1.0 / 2023-08-07

  • New: Add sass support via sass-embedded #1911 by なつき

  • New: Add start and stop callbacks #1913 by Jevin Sew

  • New: Warn on dropping sessions #1900 by Jonathan del Strother

  • New: Make Puma the default server #1924 by Patrik Ragnarsson

  • Fix: Remove use of Tilt::Cache #1922 by Jeremy Evans (allows use of Tilt 2.2.0 without deprecation warning)

  • Fix: rack-protection: specify rack version requirement #1932 by Patrik Ragnarsson

#1911: sinatra/sinatra#1911 #1913: sinatra/sinatra#1913 #1900: sinatra/sinatra#1900 #1924: sinatra/sinatra#1924 #1922: sinatra/sinatra#1922 #1932: sinatra/sinatra#1932

3.0.6 / 2023-04-11

  • Fix: Add support to keep open streaming connections with Puma #1858 by Jordan Owens

  • Fix: Avoid crash in uri helper on Integer input #1890 by Patrik Ragnarsson

... (truncated)

Commits
  • 4e8fdb5 3.2.0 release (#1977)
  • 3b75657 Revert "Shorter Sinatra::Runner timeout" (#1976)
  • 1551ef7 Ruby 3.3 + Bundler 2.5 compatibility
  • ca6b71c Helpful message when Sinatra::Runner times out
  • 0e43702 Shorter Sinatra::Runner timeout
  • cadbedd CI: move rack-protection to its own job (#1974)
  • 5d844ee Add workflow for Trusted Publishing to RubyGems (#1970)
  • 11119a8 CI: use latest rack-test release, not trunk (#1969)
  • 2b89659 CI: avoid rdiscount >= 2.2.7.2 on truffleruby
  • dcdebe9 CI: remove sinatra from rack-protection bundle
  • Additional commits viewable in compare view

Updates json from 1.5.3 to 2.3.0

Release notes

Sourced from json's releases.

v2.3.0

What's Changed

New Contributors

Full Changelog: ruby/json@v2.2.0...v2.3.0

v2.2.0

What's Changed

New Contributors

Full Changelog: ruby/json@v2.1.0...v2.2.0

v2.1.0

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from json's changelog.

2019-12-11 (2.3.0)

  • Fix default of create_additions to always be false for JSON(user_input) and JSON.parse(user_input, nil). Note that JSON.load remains with default true and is meant for internal serialization of trusted data. [CVE-2020-10663]
  • Fix passing args all #to_json in json/add/*.
  • Fix encoding issues
  • Fix issues of keyword vs positional parameter
  • Fix JSON::Parser against bigdecimal updates
  • Bug fixes to JRuby port

2019-02-21 (2.2.0)

  • Adds support for 2.6 BigDecimal and ruby standard library Set datetype.

2017-04-18 (2.1.0)

  • Allow passing of decimal_class option to specify a class as which to parse JSON float numbers.

2017-03-23 (2.0.4)

  • Raise exception for incomplete unicode surrogates/character escape sequences. This problem was reported by Daniel Gollahon (dgollahon).
  • Fix arbitrary heap exposure problem. This problem was reported by Ahmad Sherif (ahmadsherif).

2017-01-12 (2.0.3)

  • Set required_ruby_version to 1.9
  • Some small fixes

2016-07-26 (2.0.2)

  • Specify required_ruby_version for json_pure.
  • Fix issue #295 failure when parsing frozen strings.

2016-07-01 (2.0.1)

  • Fix problem when requiring json_pure and Parser constant was defined top level.
  • Add RB_GC_GUARD to avoid possible GC problem via Pete Johns.
  • Store current_nesting on stack by Aaron Patterson.

2015-09-11 (2.0.0)

  • Now complies to newest JSON RFC 7159.
  • Implements compatibility to ruby 2.4 integer unification.
  • Removed support for quirks_mode option.
  • Drops support for old rubies whose life has ended, that is rubies < 2.0. Also see https://www.ruby-lang.org/en/news/2014/07/01/eol-for-1-8-7-and-1-9-2/
  • There were still some mentions of dual GPL licensing in the source, but JSON has just the Ruby license that itself includes an explicit dual-licensing clause that allows covered software to be distributed under the terms of the Simplified BSD License instead for all ruby versions >= 1.9.3. This is however a GPL compatible license according to the Free Software Foundation. I changed these mentions to be consistent with the Ruby license setting in the gemspec files which were already correct now.

... (truncated)

Commits

Updates nokogiri from 1.4.7 to 1.18.9

Release notes

Sourced from nokogiri's releases.

v1.18.9 / 2025-07-20

Security

5bcfdf7aa8d1056a7ad5e52e1adffc64ef53d12d0724fbc6f458a3af1a4b9e32  nokogiri-1.18.9-aarch64-linux-gnu.gem
55e9e6ca46c4ad1715e313f407d8481d15be1e3b65d9f8e52ba1c124d01676a7  nokogiri-1.18.9-aarch64-linux-musl.gem
eea3f1f06463ff6309d3ff5b88033c4948d0da1ab3cc0a3a24f63c4d4a763979  nokogiri-1.18.9-arm64-darwin.gem
fe611ae65880e445a9c0f650d52327db239f3488626df4173c05beafd161d46e  nokogiri-1.18.9-arm-linux-gnu.gem
935605e14c0ba17da18d203922440bf6c0676c602659278d855d4622d756a324  nokogiri-1.18.9-arm-linux-musl.gem
ac5a7d93fd0e3cef388800b037407890882413feccca79eb0272a2715a82fa33  nokogiri-1.18.9.gem
1fe5b7aa4a054eda689a969bb4e03999960a6ea806582d327207d687168bceb5  nokogiri-1.18.9-java.gem
6b4fc1523aa0370c78653e38c94cb50e7f3ab786425de66ba7ad24222c1164a3  nokogiri-1.18.9-x64-mingw-ucrt.gem
e0d2deb03d3d7af8016e8c9df5ff4a7d692159cefb135cbb6a4109f265652348  nokogiri-1.18.9-x86_64-darwin.gem
b52f5defedc53d14f71eeaaf990da66b077e1918a2e13088b6a96d0230f44360  nokogiri-1.18.9-x86_64-linux-gnu.gem
e69359d6240c17e64cc9f43970d54f13bfc7b8cc516b819228f687e953425e69  nokogiri-1.18.9-x86_64-linux-musl.gem

v1.18.8 / 2025-04-21

Security

36badd2eb281fca6214a5188e24a34399b15d89730639a068d12931e2adc210e  nokogiri-1.18.8-aarch64-linux-gnu.gem
664e0f9a77a7122a66d6c03abba7641ca610769a4728db55ee1706a0838b78a2  nokogiri-1.18.8-aarch64-linux-musl.gem
483b5b9fb33653f6f05cbe00d09ea315f268f0e707cfc809aa39b62993008212  nokogiri-1.18.8-arm64-darwin.gem
17de01ca3adf9f8e187883ed73c672344d3dbb3c260f88ffa1008e8dc255a28e  nokogiri-1.18.8-arm-linux-gnu.gem
6e6d7e71fc39572bd613a82d528cf54392c3de1ba5ce974f05c832b8187a040b  nokogiri-1.18.8-arm-linux-musl.gem
8c7464875d9ca7f71080c24c0db7bcaa3940e8be3c6fc4bcebccf8b9a0016365  nokogiri-1.18.8.gem
41002596960ff854198a20aaeb34cff0d445406d5ad85ba7ca9c3fd0c8f03de0  nokogiri-1.18.8-java.gem
11ab0f76772c5f2d718fb253fca5b74c6ef7628b72bbf8deba6ab1ffc93344cf  nokogiri-1.18.8-x64-mingw-ucrt.gem
024cdfe7d9ae3466bba6c06f348fb2a8395d9426b66a3c82f1961b907945cc0c  nokogiri-1.18.8-x86_64-darwin.gem
4a747875db873d18a2985ee2c320a6070c4a414ad629da625fbc58d1a20e5ecc  nokogiri-1.18.8-x86_64-linux-gnu.gem
ddd735fba49475a395b9ea793bb6474e3a3125b89960339604d08a5397de1165  nokogiri-1.18.8-x86_64-linux-musl.gem

v1.18.7 / 2025-03-31

Dependencies

... (truncated)

Changelog

Sourced from nokogiri's changelog.

v1.18.9 / 2025-07-20

Security

v1.18.8 / 2025-04-21

Security

v1.18.7 / 2025-03-31

Dependencies

  • [CRuby] Vendored libxml2 is updated to v2.13.7, which is a bugfix release.

v1.18.6 / 2025-03-24

Fixed

  • [JRuby] In HTML documents, Node#attribute now returns the correct attribute. This has been broken, and returning nil, since v1.17.0. (#3487) @​flavorjones

v1.18.5 / 2025-03-19

Fixed

v1.18.4 / 2025-03-14

Security

v1.18.3 / 2025-02-18

Security

v1.18.2 / 2024-01-19

... (truncated)

Commits
  • 1dcd8ce version bump to v1.18.9
  • a05d2b4 Apply upstream patches to address multiple vulnerabilities (#3526)
  • 947a55e Apply upstream patches to address multiple vulnerabilities
  • 9187f4a version bump to v1.18.8
  • 1deea04 dep: libxml2 to v2.13.8 (branch v1.18.x) (#3509)
  • 6457fe6 dep: libxml2 to v2.13.8
  • 13e8aa4 version bump to v1.18.7
  • 605699d dep: bump libxml2 to 2.13.7 (v1.18.x backport) (#3495)
  • 804e590 dep: bump libxml2 to 2.13.7
  • 52bf15b dep(dev): drop Rubocop from JRuby deps
  • Additional commits viewable in compare view

Updates ffi from 1.0.9 to 1.9.24

Changelog

Sourced from ffi's changelog.

1.9.24 / 2018-06-02

Security Note:

This update addresses vulnerability CVE-2018-1000201: DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String. Found by Matthew Bush.

Added:

  • Added a CHANGELOG file
  • Add mips64(eb) support, and mips r6 support. (#601)

Changed:

  • Update libffi to latest changes on master.
  • Don't search in hardcoded /usr paths on Windows.
  • Don't treat Symbol args different to Strings in ffi_lib.
  • Make sure size_t is defined in Thread.c. Fixes #609

1.9.23 / 2018-02-25

Changed:

  • Fix unnecessary rebuild of configure in darwin multi arch. Fixes #605

1.9.22 / 2018-02-22

Changed:

  • Update libffi to latest changes on master.
  • Update detection of system libffi to match new requirements. Fixes #617
  • Prefer bundled libffi over system libffi on Mac OS.
  • Do closures via libffi. This removes ClosurePool and fixes compat with PaX. #540
  • Use a more deterministic gem packaging.
  • Fix unnecessary update of autoconf files at gem install.

1.9.21 / 2018-02-06

Added:

  • Ruby-2.5 support by Windows binary gems. Fixes #598
  • Add missing win64 types.
  • Added support for Bitmask. (#573)
  • Add support for MSYS2 (#572) and Sparc64 Linux. (#574)

Changed:

  • Fix read_string to not throw an error on length 0.
  • Don't use absolute paths for sh and env. Fixes usage on Adroid #528
  • Use Ruby implementation for which for better compat with Windows. Fixes #315

... (truncated)

Commits
  • 4e1051a Run rspec with dots output only
  • e70b13d Fix integer parameter range specs
  • 55ae232 Fix several specs where raise_error was called without class
  • 8821d4f Specify error class for several raise_error calls
  • bf48d44 Fix missing C declarations causing compiler warnings
  • f569788 Replace symlinks for mips r6 with plain files
  • fedbae0 Update CHANGELOG
  • a4d4d19 Merge branch 'master' of github.com:ffi/ffi
  • 45d8803 Add a CHANGELOG file
  • 2ff1d8f Bump VERSION to 1.9.24
  • Additional commits viewable in compare view

Updates i18n from 0.6.0 to 0.8.0

Release notes

Sourced from i18n's releases.

v0.8.0

This release is the same as the v0.8.0.beta1 gem.

Notable changes

  • You can now set I18n.cache_key_digest to determine how cache keys are calculated. If you were seeing issues where the same value stored in a cache produced a different key, then this fix will interest you. For more information, see #285.
  • You can now override translate_format in I18n::Backend classes to customize how localize will perform. See svenfuchs/i18n#347 for more details.
  • You can now interpolate the value of a key inside another key. See #300 for more information.
  • The exists? method was added to the fallback backend, to match other backend implementations - #326
  • Added N_ to GetText::Helpers - #121
  • Added a :default option for I18n.localize - #251

Bug fixes

  • Reverted a commit which made it so that the great documentation for I18n.translate wasn't made visible through a yard documentation generation. - bc926ebf98a9ae8f2db843ce16a33a5282d18d35
  • I18n.MissingTranslation.new can now be called with two arguments. It will no longer raise a "TypeError: can't dup NilClass" exception - #295
  • I18n's Hash#slice method no longer fails if the hash does not have the specified key - #289
  • I18n::Backend::Metadata will now no longer attempt to set @translation_metadata on frozen objects - #305
  • Added missing many rule to pl translation rules - #346
  • Calling I18n.t(:foo, default: nil) Or I18n.t(:foo, default: false) will now return nil or false, rather than returning a missing translation exception - #144
  • Setting I18n.load_path via I18n.load_path= will now reset the @@available_locales_set setting. - #348 & #173
  • The subclasses of Hash when calling Hash#slice are maintained - #250
  • Fixed I18n.interpolate behaviour when it was passed an ActiveSupport::SafeBuffer object - #216

0.8.0.beta1

Notable changes

  • You can now set I18n.cache_key_digest to determine how cache keys are calculated. If you were seeing issues where the same value stored in a cache produced a different key, then this fix will interest you. For more information, see #285.
  • You can now override translate_format in I18n::Backend classes to customize how localize will perform. See svenfuchs/i18n#347 for more details.
  • You can now interpolate the value of a key inside another key. See #300 for more information.
  • The exists? method was added to the fallback backend, to match other backend implementations - #326
  • Added N_ to GetText::Helpers - #121
  • Added a :default option for I18n.localize - #251

Bug fixes

  • Reverted a commit which made it so that the great documentation for I18n.translate wasn't made visible through a yard documentation generation. - bc926ebf98a9ae8f2db843ce16a33a5282d18d35
  • I18n.MissingTranslation.new can now be called with two arguments. It will no longer raise a "TypeError: can't dup NilClass" exception - #295
  • I18n's Hash#slice method no longer fails if the hash does not have the specified key - #289
  • I18n::Backend::Metadata will now no longer attempt to set @translation_metadata on frozen objects - #305
  • Added missing many rule to pl translation rules - #346
  • Calling I18n.t(:foo, default: nil) Or I18n.t(:foo, default: false) will now return nil or false, rather than returning a missing translation exception - #144
  • Setting I18n.load_path via I18n.load_path= will now reset the @@available_locales_set setting. - #348 & #173
  • The subclasses of Hash when calling Hash#slice are maintained - #250
  • Fixed I18n.interpolate behaviour when it was passed an ActiveSupport::SafeBuffer object - #216
Commits
  • 529fc5b Bump to 0.8.0
  • d5fb5dd fix references to i18n in Gemfiles
  • 5cd5c9f Add link to i18n guide to README
  • 27d7ab7 Remove Gemfile.lock from source control
  • 4f0331d Bump dependencies
  • 210feb6 Update bundler
  • 7b205f2 Add issue template
  • 6f3a5bb Bump to 0.8.0.beta1
  • 5e1af91 Merge pull request #252 from Chipairon/fix-tests-for-stored-procs
  • e532e61 Merge pull request #216 from bogdan/interpolate-rails-safe-buffer
  • Additional commits viewable in compare view

Updates mail from 2.3.0 to 2.4.4

Changelog

Sourced from mail's changelog.

== Version 2.4.4 - Wed Mar 14 22:44:00 +1100 2012 Mikel Lindsaar [email protected]

  • Fix security vulnerability allowing command line exploit when using file delivery method

== Version 2.4.3 - Tue Mar 6 19:38:00 UTC 2012 Mikel Lindsaar [email protected]

  • Fix security vulnerability allowing command line exploit when using exim or sendmail from the command line
  • Change Mail#deliver! to also inform the interceptors
  • Encodings.value_decode(str): Treat lines with mixed encoding correctly when the line ends with a plain text part.

== Version 2.4.1 - Thu Jan 19 13:49:34 UTC 2012 Mikel Lindsaar [email protected]

  • Fix non ascii character folding problems
  • Handle multipart mail in Mail::Message#to_yaml / #from_yaml
  • More warning fixes
  • Normalize the Parse Error class and messages
  • Fix for Mail::Encodings.unquote_and_convert not handling unquoted characters mixed in between quoted strings
  • Updated treetop to latest version, specs now run approximately 25-30% faster!
  • Version bump to 2.4.1 and gem release

== Version 2.4.0 - Sun Jan 15 18:15:56 UTC 2011 Mikel Lindsaar [email protected]

  • Speed up reading of messages by about 12x
  • Added Message#without_attachments! that removes all message's attachments
  • Added shoulda-style RSpec matchers
  • Added support for @ in display name
  • Added support for the :tls and :ssl options
  • Added UTF-16 and UTF-32 support
  • Added Exim as it's own delivery manager
  • Added Ruby 1.9.3 compatibility
  • Fix for Sendmail return-path escaping
  • Fix for alias for SJIS was changed from shift_jis to windows-31J in Ruby 1.9.3
  • Fix for undefined method 'constantize' error when no ActiveSupport loaded
  • Fix Mail::Field#== comparison
  • Fixed Regexp warning: character class has duplicated range
  • Fixed encoding non-latin names in addresses
  • Fixed issue with non-7bit attachment filenames
  • Now define String#blank? only if not defined yet
  • Decoding text parts using charset from Content-Type field
  • Per RFC 5322, do not accept emails with consecutive dots
  • Bunch of bug fixes from contributed pull requests
  • Travis CI setup and passing on 6 rubies
  • Upgrade RSpec to 2.8.0
  • Lots of warnings fixed
  • Version bump to 2.4.0 and gem release
Commits
  • 36b7fa2 Fix security vulnerability allowing command line exploit when using file deli...
  • 29aca25 Preventing file system traversal in file_delivery method
  • 9beb079 Version bump to 2.4.3
  • 39b590d Making sure that destinations are also properly escaped in all version of ruby
  • 0a940f4 Version bump to 2.4.2
  • ac56f03 Fix security vulnerability allowing command line exploit when using exim or s...
  • 47e288e Updating changelog
  • e917ca8 Merge pull request #339 from janv/master
  • cb1df03 Encodings.value_decode(str): Treat lines with mixed encoding correctly when t...
  • f856208 Adding pledgie button back in
  • Additional commits viewable in compare view

Updates rubyzip from 0.9.4 to 1.3.0

Release notes

Sourced from rubyzip's releases.

v1.3.0

Security

  • Add validate_entry_sizes option so that callers can trust an entry's reported size when using extract #403
    • This option defaults to false for backward compatibility in this release, but you are strongly encouraged to set it to true. It will default to true in rubyzip 2.0.

New Feature

  • Add add_stored method to simplify adding entries without compression #366

Tooling / Documentation

  • Add more gem metadata links #402

v1.2.4

  • Do not rewrite zip files opened with open_buffer that have not changed #360

Tooling / Documentation

  • Update example_recursive.rb in README #397
  • Hold CI at trusty for now, automatically pick the latest ruby patch version, use rbx-4 and hold jruby at 9.1 #399

v1.2.3

  • Allow tilde in zip entry names #391 (fixes regression in 1.2.2 from #376)
  • Support frozen string literals in more files #390
  • Require pathname explicitly #388 (fixes regression in 1.2.2 from #376)

Tooling / Documentation:

  • CI updates #392, #394
    • Bump ...

      Description has been truncated

@dependabot
Bump the bundler group across 1 directory with 9 updates
242fef2 
Bumps the bundler group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [rake](https://github.com/ruby/rake) | `0.9.2` | `12.3.3` |
| [rack](https://github.com/rack/rack) | `1.3.2` | `2.2.20` |
| [json](https://github.com/ruby/json) | `1.5.3` | `2.3.0` |
| [nokogiri](https://github.com/sparklemotion/nokogiri) | `1.4.7` | `1.18.9` |
| [ffi](https://github.com/ffi/ffi) | `1.0.9` | `1.9.24` |
| [i18n](https://github.com/ruby-i18n/i18n) | `0.6.0` | `0.8.0` |
| [mail](https://github.com/mikel/mail) | `2.3.0` | `2.4.4` |
| [rubyzip](https://github.com/rubyzip/rubyzip) | `0.9.4` | `1.3.0` |



Updates `rake` from 0.9.2 to 12.3.3
- [Release notes](https://github.com/ruby/rake/releases)
- [Changelog](https://github.com/ruby/rake/blob/master/History.rdoc)
- [Commits](ruby/rake@rake-0.9.2...v12.3.3)

Updates `rack` from 1.3.2 to 2.2.20
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](rack/rack@1.3.2...v2.2.20)

Updates `sinatra` from 1.2.6 to 3.2.0
- [Changelog](https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md)
- [Commits](sinatra/sinatra@1.2.6...v3.2.0)

Updates `json` from 1.5.3 to 2.3.0
- [Release notes](https://github.com/ruby/json/releases)
- [Changelog](https://github.com/ruby/json/blob/master/CHANGES.md)
- [Commits](ruby/json@v1.5.3...v2.3.0)

Updates `nokogiri` from 1.4.7 to 1.18.9
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.4.7...v1.18.9)

Updates `ffi` from 1.0.9 to 1.9.24
- [Changelog](https://github.com/ffi/ffi/blob/master/CHANGELOG.md)
- [Commits](ffi/ffi@1.0.9...1.9.24)

Updates `i18n` from 0.6.0 to 0.8.0
- [Release notes](https://github.com/ruby-i18n/i18n/releases)
- [Changelog](https://github.com/ruby-i18n/i18n/blob/master/CHANGELOG.md)
- [Commits](ruby-i18n/i18n@v0.6.0...v0.8.0)

Updates `mail` from 2.3.0 to 2.4.4
- [Release notes](https://github.com/mikel/mail/releases)
- [Changelog](https://github.com/mikel/mail/blob/2.4.4/CHANGELOG.rdoc)
- [Commits](mikel/mail@2.3.0...2.4.4)

Updates `rubyzip` from 0.9.4 to 1.3.0
- [Release notes](https://github.com/rubyzip/rubyzip/releases)
- [Changelog](https://github.com/rubyzip/rubyzip/blob/main/Changelog.md)
- [Commits](https://github.com/rubyzip/rubyzip/commits/v1.3.0)

---
updated-dependencies:
- dependency-name: rake
  dependency-version: 12.3.3
  dependency-type: direct:production
  dependency-group: bundler
- dependency-name: rack
  dependency-version: 2.2.20
  dependency-type: direct:production
  dependency-group: bundler
- dependency-name: sinatra
  dependency-version: 3.2.0
  dependency-type: direct:production
  dependency-group: bundler
- dependency-name: json
  dependency-version: 2.3.0
  dependency-type: direct:production
  dependency-group: bundler
- dependency-name: nokogiri
  dependency-version: 1.18.9
  dependency-type: direct:development
  dependency-group: bundler
- dependency-name: ffi
  dependency-version: 1.9.24
  dependency-type: indirect
  dependency-group: bundler
- dependency-name: i18n
  dependency-version: 0.8.0
  dependency-type: indirect
  dependency-group: bundler
- dependency-name: mail
  dependency-version: 2.4.4
  dependency-type: indirect
  dependency-group: bundler
- dependency-name: rubyzip
  dependency-version: 1.3.0
  dependency-type: indirect
  dependency-group: bundler
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Dec 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant