Update ruby-actionpack60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* [CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a per-form token
* [CVE-2020-8164] Return self when calling #each, #each_pair, and #each_value instead of the raw @parameters hash
Update ruby-actionview60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs
Update ruby-actionpack52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* [CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a per-form token
* [CVE-2020-8164] Return self when calling #each, #each_pair, and #each_value instead of the raw @parameters hash
Update ruby-actionview52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs
Upstream says...
You'll find below the changes of this bugfixes version:
- (security) Prevent execution of SQL injection while assigning a technician,
- (security) Permit to change key used to store passwords,
- (security) Improve CSRF token,
- (security) Fix several possible XSS,
- (security) Fix a few possible SQL injections,
- Fix SCSS caching issues,
- Fix inline images handling on item update,
- Fix PHP 7.4 compatibility,
- Connect to database using socket,
- and more!
The full changelog is available:
<https://github.com/glpi-project/glpi/milestone/39?closed=1>
2.1.0:
Fix DurationWidget handling of zero value
Make import diff view only show headers for user visible fields
Make confirm_form accessible in get_import_resource_kwargs and get_import_data_kwargs
Initialize Decimal with text value
Adds meta flag ‘skip_diff’ to enable skipping of diff operations
Update docs
2.0.2:
Add support for tablib >= 1.0
Add ability to install a subset of tablib supported formats and save some automatic dependency installations (needs tablib >= 1.0)
Use column_name when checking row for fields
2.0.1:
Fix deprecated Django 3.0 function usage
Pin tablib version to not use new major version
Format field is always shown on Django 2.2
2.0:
[django2.2] Add real support of Django 2.2 before 3.0 is out
fix: DateTimeWidget not timezone sensitive
Move actions definition to ExportActionMixin
Add language support: Turkish
Fix exception import for Django 3
Fix potential header / row column mismatches for invalid rows in…
Assume user is importing new data if id fields not included
Fix bug with spaces in export filename, pass request and queryset
Simplify Django version in TravisCI
Align error in rtl mode
Add dutch translations
Add 3.8-dev to travis ci
Fix style in getting_started docs
Update documentation to show that mixins must be referenced before admin.ModelAdmin.
JSONWidget updated with null value fix
Import rows have background color
Use resource get_queryset in ModelInstanceLoader
Simplify coerce to text type
More flexibility in ConfirmImportForm, forms and resource kwargs
Add JSON B type field mapping
Scale back stale bot’s time-to-stale
test: explicitly order qs in ManyToManyWidget
Add mysql to travis
Expand doc strings to include Mixin superclasses
Remove python2 compatibility decorator
chore: fix Imports are incorrectly sorted.
Use global env vars for postgres
Used non-fixed id for test. Database is not torn down after each run, which means that the id is incrementing
Fix warning from assertEquals
Add psycopg2 as postgres driver to test requirements
Add django version to the matrix
Add matrix for sqlite and postgres testing
Correct mistaken assertTrue() -> assertEquals()
chore: add package long_description
chore: add python wheels to dev requirements
Add github directory with PR and issue templates
Isort all the things
Use coveralls master branch tag in the readme
Remove support for Django < 2.0 and Python < 3.5
1.6.0:
* Python 3.4 is no longer supported
* New ``Selector.remove()`` and ``SelectorList.remove()`` methods to remove
selected elements from the parsed document tree
* Improvements to error reporting, test coverage and documentation, and code
cleanup
5.0.6
=====
- nbformat.read() function has a better duck-type interface and will raise more
meaningful error messages if it can't parse a notebook document.
5.0.5
=====
- Allow notebook format 4.0 and 4.1 to have the arbitrary JSON mimebundles
from format 4.2 for pragmatic purposes.
- Support reading/writing path-like objects has been added to read operations.
5.0.4
=====
- Fixed issue causing python 2 to pick up 5.0.x releases.
5.0.3
=====
- Removed debug print statements from project.
5.0.2
=====
- Added schema validation files for older versions. This was breaking notebook generation.
5.0
===
`5.0 on GitHub <https://github.com/jupyter/nbformat/milestone/5>`__
- Starting with 5.0, ``nbformat`` is now Python 3 only (>= 3.5)
- Add execution timings in code cell metadata for v4 spec.
``"metadata": { "execution": {...}}`` should be populated with kernel-specific
timing information.
- Documentation for how markup is used in notebooks added
- Link to json schema docs from format page added
- Documented the editable metadata flag
- Update description for collapsed field
- Documented notebook format versions 4.0-4.3 with accurate json schema specification files
- Clarified info about :ref:`name`'s meaning for cells
- Added a default execution_count of None for new_output_cell('execute_result')
- Added support for handling nbjson kwargs
- Wheels now correctly have a LICENSE file
- Travis builds now have a few more execution environments
Update to ruby-rack-contrib to 2.2.0.
2.2.0 (2020-03-31)
A healthy crop of fixes and new features in this release. Thanks to
everyone who contributed, and welcome to Andrew Konchin, as the newest
recipient of a commit bit.
* New middleware Rack::JSONBodyParser: a better-designed replacement for
Rack::PostBodyContentTypeParser, with a more appropriate name (given that
they both only handle JSON natively, having JSON in the name seems like a
good idea), and with a better set of default behaviours and knobs. It is
also significantly faster than PostBodyContentTypeParser.
* Rack::PostBodyContentTypeParser: this middleware's interface is a bit of a
mess, which makes it nearly impossible to improve in a
backwards-compatible manner. As a result, its use has been deprecated, in
favour of Rack::JSONBodyParser.
* Several middlewares that set Content-Length headers were fixed to use
String#bytesize, instead of String#size, which makes multibyte characters
much happier. (Chris Frank)
* Rack::ResponseCache: Make header detection case-insensitive. (Chris Frank)
* A lot of broken tests and deprecation warnings in the test suite were
fixed. (Andrew Konchin)
* Rack::Locale: significant correctness fixes, including q=0 handling, case
insensitivity where appropriate, and better handling of whitespace.
(Andrew Konchin)
* Rack::StaticCache: several correctness fixes, such as setting a Date
response header, use UTC in timestamps, and improving the robustness of
the date rendering.
Share and enjoy!
Update ruby-rack-cache to 1.11.1.
1.11.1 (2020-04-07)
* when ignoring parts of the query, remove query in key when all
params are ignored
1.11.0 (2020-01-06)
* Add a proc to allow ignoring parts of the query string in the key
CVS: ----------------------------------------------------------------------
Update ruby-net-http-persistent to 4.0.0.
=== 4.0.0 / 2020-04-30
Breaking changes:
* Removed built-in support for retrying failed requests as Net::HTTP has this
built-in for all supported versions. Pull request #100 by Michael Grosser.
* Dropped support for EoL ruby versions (< 2.4). Future feature releases may
drop support for ruby versions that are at end-of-life or in security-only
maintenance mode with any release. Pull request #113 by David Rodríguez
New features:
* Added Net::HTTP::Persistent#max_retries= to configure the number of retries
performed on a request for ruby versions that support it (2.5+).
* URI-ness is determined through #respond_to? to allow compatibility with
Addressable::URI. Pull request #67 by Ryan McKern.
* Use require_relative to reduce patch burden for vendored versions. Pull
Request #106 by David Rodríguez
Bug fixes:
* Stop wasting a connection when the keep-alive timeout is less than the idle
timeout. Pull request #115 by Yap Sok Ann.
* Improved use of URI#hostname for IPv6 connections. Pull request #76 by
Tomas Koutsky.
* Improved check for Process::RLIMIT_NOFILE support. Pull request #109 by Vít
Ondruch.
* Fix namespace in comments for escape/unescape wrappers. Pull request #114
by David Rodríguez.
* Fix History.txt timestamp for 3.0.0 release. Pull request #107 by Joe Van
Dyk.
* Fix link to PR #98 in 3.1.0 release notes. Pull request #110 by Justin
Reid.
Other:
* Updated Net::HTTP::Persistent#reconnect documentation to indicate that all
connections are reset. Issue #117 by Taisuke Miyazaki.
Update ruby-jquery-rails to 4.4.0.
## 4.4.0
- update jquery to 3.5.1 (note: [3.5.0 contains important security updates](https://github.com/advisories/GHSA-jpcq-cgw6-v4j6))
- unescape dollar signs and backticks in `assert_select_jquery` to match
Rails updated behavior.
Update ruby-css-parser to 1.7.1.
Version 1.7.1 (2019-12-01)
Force UTF-8 encoding; do not strip out UTF-8 chars. #106
Version 1.7.0 (2019-02-11)
No longer support ruby versions 1.9 2.0 2.1
Memory allocation improvements
Update ruby-crass to 1.0.6.
1.0.6 (2020-01-12)
------------------
* Number values are now limited to a maximum of `Float::MAX` and a minimum of
negative `Float::MAX`. (#11)
* Added project metadata to the gemspec. (#9 - @orien)
1.0.5 (2019-10-15)
------------------
* Removed test files from the gem. [@t-richards - #8][8]
[8]:https://github.com/rgrove/crass/pull/8
1.0.4 (2018-04-08)
------------------
* Fixed whitespace warnings. (#7 - @yahonda)
## [1.11.5](https://github.com/go-gitea/gitea/releases/tag/v1.11.5) - 2020-05-09
* BUGFIXES
* Prevent timer leaks in Workerpool and others (#11333) (#11340)
* Fix tracked time issues (#11349) (#11354)
* Add NotifySyncPushCommits to indexer notifier (#11309) (#11338)
* Allow X in addition to x in tasks (#10979) (#11335)
* When delete tracked time through the API return 404 not 500 (#11319) (#11326)
* Prevent duplicate records in organizations list when creating a repository (#11303) (#11325)
* Manage port in submodule refurl (#11305) (#11323)
* api.Context.NotFound(...) should tolerate nil (#11288) (#11306)
* Show pull request selection even when unrelated branches (#11239) (#11283)
* Repo: milestone: make /milestone/:id endpoint accessible (#11264) (#11282)
* Fix GetContents(): Dont't ignore Executables (#11192) (#11209)
* Fix submodule paths when AppSubUrl is not root (#11098) (#11176)
* Prevent clones and pushes to disabled wiki (#11131) (#11134)
* Remove errant third closing curly-bracket from account.tmpl and send account ID in account.tmpl (#11130)
* On Repo Deletion: Delete related TrackedTimes too (#11110) (#11125)
* Refresh codemirror on show pull comment tab (#11100) (#11122)
* Fix merge dialog on protected branch with missing required statuses (#11074) (#11084)
* Load pr Issue Poster on API too (#11033) (#11039)
* Fix release counter on API repository info (#10968) (#10996)
* Generate Diff and Patch direct from Pull head (#10936) (#10938)
* Fix rebase conflict detection in git 2.26 (#10929) (#10930)
* ENHANCEMENT
* Fix 404 and 500 image size in small size screen (#11043) (#11049)
* Multiple Gitea Doctor improvements (#10943) (#10990) (#10064) (#9095) (#10991)
Build with clang, but with pkgsrc libstdc++ instead of from base.
This is needed because base doesn't have the necessary C++17 STL headers.
We don't really have any infrastructure to manage this properly so
kludge it manually into the package.
Missed in 0.7.2 update, caught by bulk build.
Also add py-pygments to test dependencies, and depend on py-flask>1.0
instead of >=1.0 (per setup.cfg). The latter does not imply a dependency
change within pkgsrc, as py-flask had been >1.0 for 1+ year when this
was actually introduced at py-flask-flatpages 0.7.1.
The -O3 does not exist anymore in the Makefile, at least since 2003.
Replacing gcc with the actual compiler name is not necessary since pkgsrc
provides compiler wrappers in WRKDIR/.compiler.
Update ruby-actionpack60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* Include child session assertion count in ActionDispatch::IntegrationTest
`IntegrationTest#open_session` uses `dup` to create the new session, which
meant it had its own copy of `@assertions`. This prevented the assertions
from being correctly counted and reported.
Child sessions now have their `attr_accessor` overriden to delegate to the
root session.
Fixes#32142
*Sam Bostock*
Update ruby-actionview60 to 6.0.3.
## Rails 6.0.3 (May 06, 2020) ##
* annotated_source_code returns an empty array so TemplateErrors without a
template in the backtrace are surfaced properly by DebugExceptions.
*Guilherme Mansur*, *Kasper Timm Hansen*
* Add autoload for SyntaxErrorInTemplate so syntax errors are correctly raised by DebugExceptions.
*Guilherme Mansur*, *Gannon McGibbon*
