Bump rails from 5.2.3 to 5.2.4.1 (!1087) · Merge requests · David Rodríguez / nipanipa

NipaNipa requested to merge dependabot/bundler/rails-5.2.4.1 into master Dec 19, 2019

Bumps rails from 5.2.3 to 5.2.4.1.

Release notes

5.2.4.1

Active Support

No changes.

Active Model

No changes.

Active Record

No changes.

Action View

No changes.

Action Pack

Fix possible information leak / session hijacking vulnerability.

The ActionDispatch::Session::MemcacheStore is still vulnerable given it requires the gem dalli to be updated as well.

CVE-2019-16782.

Active Job

No changes.

Action Mailer

No changes.

Action Cable
... (truncated)

Commits

ac30e38 Preparing for 5.2.4.1 release
2a52a38 Fix possible information leak / session hijacking vulnerability.
8bec77c Preparing for 5.2.4 release
9e2a341 Preparing for 5.2.4.rc1 release
c192bc3 Work with old versions of sidekiq
21cdceb Support Ruby 2.2
0e54ed1 Make the tests pass in versions of ruby that don't support sprockets 4
c11581e Use rails() instead of system()
606cd4f Sprockets uses debug. not self. now
f3993f9 Link .js from manifest.js in assets_test
Additional commits viewable in compare view

Bump rails from 5.2.3 to 5.2.4.1

5.2.4.1

Active Support

Active Model

Active Record

Action View

Action Pack

Active Job

Action Mailer

Action Cable

Merge request reports