profile
viewpoint
János Rusiczki janosrusiczki Baia Mare, Romania https://www.rusiczki.net Mostly Ruby.

janosrusiczki/japr 52

Jekyll Asset Pipeline Reborn - Powerful asset pipeline for Jekyll that collects, converts and compresses JavaScript and CSS assets.

catsky/administrate-field-shrine 6

Shrine field plugin for Administrate

haiafara/haiafara-ro 2

A web application to showcase hiking, biking and running trails as well as other types of tourist attractions.

janosrusiczki/janosrusiczki 2

My blog on Jekyll.

janosrusiczki/allmet-jekyll 1

Allmet Trading site.

janosrusiczki/backbonedemo 1

Backbone.js demo application written to accompany my presentation at CodeCamp Iasi.

janosrusiczki/rails-romanian-counties-localities 1

Active Record migrations for Romanian counties and localities.

janosrusiczki/annotate_models 0

Annotate Rails classes with schema and routes info

push eventjanosrusiczki/janosrusiczki

Janos Rusiczki

commit sha 3e3fe0cbfbddd573b6a8cc5e7958f62be4c0ffad

update

view details

push time in 5 days

push eventjanosrusiczki/janosrusiczki

János Rusiczki

commit sha 127f4952518c06dcde3c99616419137e40c3b858

correct pipe character and links

view details

push time in 5 days

push eventjanosrusiczki/janosrusiczki

János Rusiczki

commit sha 95e878f5fc23037eedb8a7399753f2628ee6b667

update

view details

János Rusiczki

commit sha 7ee2253e753c15cc6f2bdbf3952c63a3925855fa

Merge branch 'drafts' of https://github.com/janosrusiczki/janosrusiczki into drafts

view details

push time in 5 days

push eventjanosrusiczki/janosrusiczki

Janos Rusiczki

commit sha 5565791c1eb570e6a0d8ec12c2b4db8549fc174e

update draft

view details

push time in 6 days

push eventjanosrusiczki/janosrusiczki

János Rusiczki

commit sha 1bdcc397bae4ef39f28c378d64a9e83f472956f0

update and a new article

view details

push time in 9 days

push eventjanosrusiczki/janosrusiczki

János Rusiczki

commit sha 2dc891e00f39216de98493b11d67bf8db06a4721

Update cronici-calculatoricesti-pc.markdown

view details

push time in 9 days

push eventjanosrusiczki/janosrusiczki

János Rusiczki

commit sha b0811e6adf4254163331ef9e199cba665cccb6b5

Update cronici-calculatoricesti-pc.markdown

view details

push time in 9 days

push eventhaiafara/vue-it-bigger

Deployment Bot (from Travis CI)

commit sha 353d4d819c3fe2f1f91bac2c4df70c31190e43f7

Deploy haiafara/vue-it-bigger to github.com/haiafara/vue-it-bigger.git:gh-pages

view details

push time in 11 days

push eventjanosrusiczki/janosrusiczki

János Rusiczki

commit sha 98af38ce4b6fd473a07fe19d0a7db432702cb1f1

updates

view details

push time in 11 days

push eventhaiafara/vue-it-bigger

Deployment Bot (from Travis CI)

commit sha 32dcefaecc1cc6e343cf88e8214ba5080c4cd404

Deploy haiafara/vue-it-bigger to github.com/haiafara/vue-it-bigger.git:gh-pages

view details

push time in 12 days

push eventjanosrusiczki/janosrusiczki

János Rusiczki

commit sha 878f8aa6f8c526c3f34debde64b6caacf94ed19a

Update cronici-calculatoricesti-pc.markdown

view details

push time in 12 days

push eventhaiafara/vue-it-bigger

Deployment Bot (from Travis CI)

commit sha 357ff404b37a4fd5f231140744a354c6e0d5e81b

Deploy haiafara/vue-it-bigger to github.com/haiafara/vue-it-bigger.git:gh-pages

view details

push time in 17 days

push eventjanosrusiczki/janosrusiczki

János Rusiczki

commit sha 50fe2fa8eaaf35d65e3e2d3a6c3128a74a2a722e

Update cronici-calculatoricesti-pc.markdown

view details

push time in 18 days

push eventjanosrusiczki/janosrusiczki

János Rusiczki

commit sha 4f9191268aa873fb7db139c95131c350a9804085

Update cronici-calculatoricesti-pc.markdown

view details

push time in 18 days

issue commentevan-buss/openbooks

Please contact fruitloops at #ebooks

Just my luck, I download this and it doesn't work. Find out it was banned 10 hours ago... I hope you guys reach an agreement.

ricktoronto

comment created time in 18 days

push eventjanosrusiczki/janosrusiczki

János Rusiczki

commit sha 01c79c6dda587638729ba1d8a9c2ba5e6e1aba54

Update cronici-calculatoricesti-limbo.markdown

view details

push time in 24 days

push eventjanosrusiczki/janosrusiczki

János Rusiczki

commit sha 664398225a3ec883374f78762df4f95ee654f3ee

Typo

view details

push time in 24 days

push eventjanosrusiczki/janosrusiczki

János Rusiczki

commit sha 78590be8fd9d5a700570b6d558c978672aec6e59

Ghiță

view details

push time in 24 days

push eventjanosrusiczki/janosrusiczki

János Rusiczki

commit sha aeb12e3108bfc1b2ed326c28f6b7600dcab68878

Update Computer Chronicles drafts

view details

push time in 24 days

push eventhaiafara/vue-it-bigger

Deployment Bot (from Travis CI)

commit sha 9284992f10923cd821c5f00d7249ce3e15382443

Deploy haiafara/vue-it-bigger to github.com/haiafara/vue-it-bigger.git:gh-pages

view details

push time in a month

push eventjanosrusiczki/janosrusiczki

Janos Rusiczki

commit sha 6dcf51d89aa95b161c575199f2c970b6c61e2c9d

Update About page

view details

push time in a month

push eventjanosrusiczki/janosrusiczki

Janos Rusiczki

commit sha efbc559b5a291b503b2fc4d45367e9f40e67f27d

update some drafts [skip ci]

view details

push time in a month

push eventhaiafara/vue-it-bigger

Deployment Bot (from Travis CI)

commit sha 4710996fcbe938437974dab6f6cd869b85e46eca

Deploy haiafara/vue-it-bigger to github.com/haiafara/vue-it-bigger.git:gh-pages

view details

push time in a month

PR closed janosrusiczki/janosrusiczki

Add comment

Dear human,

Here's a new entry for your approval. :tada:

Merge the pull request to accept it, or close it to send it away.

:heart: Your friend Staticman :muscle:

--- redacted spam ---

+6 -0

0 comment

1 changed file

janosrusiczki-staticman[bot]

pr closed time in a month

push eventjanosrusiczki/janosrusiczki

Janos Rusiczki

commit sha 2f5d4c7213b924e73a6150fd2100f2d7420c6f69

Enable Akismet for Staticman

view details

push time in a month

push eventjanosrusiczki/janosrusiczki

Janos Rusiczki

commit sha 2aa63a701157dc73bf46a2ab92769275d6dc2a45

Handling comments with staticman

view details

push time in a month

push eventjanosrusiczki/janosrusiczki

Janos Rusiczki

commit sha 73ac9c6ff5c68d00623cb8fb5aa32788ccec7c27

Move staticman.yml

view details

push time in a month

push eventjanosrusiczki/janosrusiczki

Janos Rusiczki

commit sha a218003fcb13f84b7997622ea2af7815128d3ba8

Staticman, the first steps

view details

push time in a month

push eventjanosrusiczki/photonia

depfu[bot]

commit sha e86beb313a1a05a8505b276447d07fbdc6ae659f

Update all of rails to version 6.1.4.3

view details

János Rusiczki

commit sha ab40a1d5dc0f6f1960597627efc1540c2df30ed4

Merge pull request #270 from janosrusiczki/depfu/update/group/rails-6.1.4.3 🚨 [security] [ruby] Update all of rails: 6.1.4.1 → 6.1.4.3 (patch)

view details

push time in a month

PR merged janosrusiczki/photonia

🚨 [security] [ruby] Update all of rails: 6.1.4.1 → 6.1.4.3 (patch) depfu

<hr>

🚨 <b>Your current dependencies have known security vulnerabilities</b> 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible! <hr>

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ rails (6.1.4.1 → 6.1.4.3) · Repo

<details> <summary>Commits</summary> <p><a href="https://github.com/rails/rails/compare/90357af08048ef5076730505f6e7b14a81f33d0c...ac2e12a0fd1ff17de5021d4150df7feb864fc83d">See the full diff on Github</a>. The new version differs by more commits than we can show here.</p> </details>

↗️ actioncable (indirect, 6.1.4.1 → 6.1.4.3) · Repo · Changelog

<details> <summary>Release Notes</summary>

<h4>6.1.4.2 (from changelog)</h4> <blockquote><ul dir="auto"> <li>No changes.</li> </ul></blockquote> <p><em>Does any of this look wrong? <a href="https://depfu.com/packages/rubygem/actioncable/feedback">Please let us know.</a></em></p> </details>

<details> <summary>Commits</summary> <p><a href="https://github.com/rails/rails/compare/90357af08048ef5076730505f6e7b14a81f33d0c...ac2e12a0fd1ff17de5021d4150df7feb864fc83d">See the full diff on Github</a>. The new version differs by more commits than we can show here.</p> </details>

↗️ actionmailbox (indirect, 6.1.4.1 → 6.1.4.3) · Repo · Changelog

↗️ actionmailer (indirect, 6.1.4.1 → 6.1.4.3) · Repo · Changelog

<details> <summary>Release Notes</summary>

<h4>6.1.4.2 (from changelog)</h4> <blockquote><ul dir="auto"> <li>No changes.</li> </ul></blockquote> <p><em>Does any of this look wrong? <a href="https://depfu.com/packages/rubygem/actionmailer/feedback">Please let us know.</a></em></p> </details>

<details> <summary>Commits</summary> <p><a href="https://github.com/rails/rails/compare/90357af08048ef5076730505f6e7b14a81f33d0c...ac2e12a0fd1ff17de5021d4150df7feb864fc83d">See the full diff on Github</a>. The new version differs by more commits than we can show here.</p> </details>

↗️ actionpack (indirect, 6.1.4.1 → 6.1.4.3) · Repo · Changelog

<details> <summary>Security Advisories 🚨</summary> <h4><a href="https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ">🚨 Possible Open Redirect in Host Authorization Middleware</a></h4> <blockquote><p dir="auto">There is a possible open redirect vulnerability in the Host Authorization<br> middleware in Action Pack.</p> <p dir="auto">Specially crafted "X-Forwarded-Host" headers in combination with certain<br> "allowed host" formats can cause the Host Authorization middleware in Action<br> Pack to redirect users to a malicious website.</p> <p dir="auto">Impacted applications will have allowed hosts with a leading dot. For example,<br> configuration files that look like this:</p> <pre><code>config.hosts << '.EXAMPLE.com' </code></pre> <p dir="auto">When an allowed host contains a leading dot, a specially crafted Host header<br> can be used to redirect to a malicious website.</p> <p dir="auto">This vulnerability is similar to <a href="https://bounce.depfu.com/github.com/advisories/GHSA-8877-prq4-9xfw">CVE-2021-22881</a> and <a href="https://bounce.depfu.com/github.com/advisories/GHSA-2rqw-v265-jf8c">CVE-2021-22942</a>.</p> <h2 dir="auto">Releases</h2> <p dir="auto">The fixed releases are available at the normal locations.</p> <h2 dir="auto">Patches</h2> <p dir="auto">To aid users who aren't able to upgrade immediately we have provided patches for<br> the two supported release series. They are in git-am format and consist of a<br> single changeset.</p> <ul dir="auto"> <li>6-0-host-authorzation-open-redirect.patch - Patch for 6.0 series</li> <li>6-1-host-authorzation-open-redirect.patch - Patch for 6.1 series</li> <li>7-0-host-authorzation-open-redirect.patch - Patch for 7.0 series</li> </ul> <p dir="auto">Please note that only the 6.1.Z, 6.0.Z, and 5.2.Z series are supported at<br> present. Users of earlier unsupported releases are advised to upgrade as soon<br> as possible as we cannot guarantee the continued availability of security<br> fixes for unsupported releases.</p></blockquote> </details>

<details> <summary>Release Notes</summary>

<h4>6.1.4.2 (from changelog)</h4> <blockquote><ul dir="auto"> <li>Fix X_FORWARDED_HOST protection. [<a href="https://bounce.depfu.com/github.com/advisories/GHSA-qphc-hf5q-v8fc">CVE-2021-44528</a>]</li> </ul></blockquote> <p><em>Does any of this look wrong? <a href="https://depfu.com/packages/rubygem/actionpack/feedback">Please let us know.</a></em></p> </details>

<details> <summary>Commits</summary> <p><a href="https://github.com/rails/rails/compare/90357af08048ef5076730505f6e7b14a81f33d0c...ac2e12a0fd1ff17de5021d4150df7feb864fc83d">See the full diff on Github</a>. The new version differs by more commits than we can show here.</p> </details>

↗️ actiontext (indirect, 6.1.4.1 → 6.1.4.3) · Repo · Changelog

<details> <summary>Release Notes</summary>

<h4>6.1.4.2 (from changelog)</h4> <blockquote><ul dir="auto"> <li>No changes.</li> </ul></blockquote> <p><em>Does any of this look wrong? <a href="https://depfu.com/packages/rubygem/actiontext/feedback">Please let us know.</a></em></p> </details>

<details> <summary>Commits</summary> <p><a href="https://github.com/rails/rails/compare/90357af08048ef5076730505f6e7b14a81f33d0c...ac2e12a0fd1ff17de5021d4150df7feb864fc83d">See the full diff on Github</a>. The new version differs by more commits than we can show here.</p> </details>

↗️ actionview (indirect, 6.1.4.1 → 6.1.4.3) · Repo · Changelog

<details> <summary>Release Notes</summary>

<h4>6.1.4.2 (from changelog)</h4> <blockquote><ul dir="auto"> <li>No changes.</li> </ul></blockquote> <p><em>Does any of this look wrong? <a href="https://depfu.com/packages/rubygem/actionview/feedback">Please let us know.</a></em></p> </details>

<details> <summary>Commits</summary> <p><a href="https://github.com/rails/rails/compare/90357af08048ef5076730505f6e7b14a81f33d0c...ac2e12a0fd1ff17de5021d4150df7feb864fc83d">See the full diff on Github</a>. The new version differs by more commits than we can show here.</p> </details>

↗️ activejob (indirect, 6.1.4.1 → 6.1.4.3) · Repo · Changelog

<details> <summary>Release Notes</summary>

<h4>6.1.4.2 (from changelog)</h4> <blockquote><ul dir="auto"> <li>No changes.</li> </ul></blockquote> <p><em>Does any of this look wrong? <a href="https://depfu.com/packages/rubygem/activejob/feedback">Please let us know.</a></em></p> </details>

<details> <summary>Commits</summary> <p><a href="https://github.com/rails/rails/compare/90357af08048ef5076730505f6e7b14a81f33d0c...ac2e12a0fd1ff17de5021d4150df7feb864fc83d">See the full diff on Github</a>. The new version differs by more commits than we can show here.</p> </details>

↗️ activemodel (indirect, 6.1.4.1 → 6.1.4.3) · Repo · Changelog

<details> <summary>Release Notes</summary>

<h4>6.1.4.2 (from changelog)</h4> <blockquote><ul dir="auto"> <li>No changes.</li> </ul></blockquote> <p><em>Does any of this look wrong? <a href="https://depfu.com/packages/rubygem/activemodel/feedback">Please let us know.</a></em></p> </details>

<details> <summary>Commits</summary> <p><a href="https://github.com/rails/rails/compare/90357af08048ef5076730505f6e7b14a81f33d0c...ac2e12a0fd1ff17de5021d4150df7feb864fc83d">See the full diff on Github</a>. The new version differs by more commits than we can show here.</p> </details>

↗️ activerecord (indirect, 6.1.4.1 → 6.1.4.3) · Repo · Changelog

<details> <summary>Release Notes</summary>

<h4>6.1.4.2 (from changelog)</h4> <blockquote><ul dir="auto"> <li>No changes.</li> </ul></blockquote> <p><em>Does any of this look wrong? <a href="https://depfu.com/packages/rubygem/activerecord/feedback">Please let us know.</a></em></p> </details>

<details> <summary>Commits</summary> <p><a href="https://github.com/rails/rails/compare/90357af08048ef5076730505f6e7b14a81f33d0c...ac2e12a0fd1ff17de5021d4150df7feb864fc83d">See the full diff on Github</a>. The new version differs by more commits than we can show here.</p> </details>

↗️ activestorage (indirect, 6.1.4.1 → 6.1.4.3) · Repo · Changelog

<details> <summary>Release Notes</summary>

<h4>6.1.4.2 (from changelog)</h4> <blockquote><ul dir="auto"> <li>No changes.</li> </ul></blockquote> <p><em>Does any of this look wrong? <a href="https://depfu.com/packages/rubygem/activestorage/feedback">Please let us know.</a></em></p> </details>

<details> <summary>Commits</summary> <p><a href="https://github.com/rails/rails/compare/90357af08048ef5076730505f6e7b14a81f33d0c...ac2e12a0fd1ff17de5021d4150df7feb864fc83d">See the full diff on Github</a>. The new version differs by more commits than we can show here.</p> </details>

↗️ activesupport (indirect, 6.1.4.1 → 6.1.4.3) · Repo · Changelog

<details> <summary>Release Notes</summary>

<h4>6.1.4.2 (from changelog)</h4> <blockquote><ul dir="auto"> <li>No changes.</li> </ul></blockquote> <p><em>Does any of this look wrong? <a href="https://depfu.com/packages/rubygem/activesupport/feedback">Please let us know.</a></em></p> </details>

<details> <summary>Commits</summary> <p><a href="https://github.com/rails/rails/compare/90357af08048ef5076730505f6e7b14a81f33d0c...ac2e12a0fd1ff17de5021d4150df7feb864fc83d">See the full diff on Github</a>. The new version differs by more commits than we can show here.</p> </details>

↗️ globalid (indirect, 0.5.2 → 1.0.0) · Repo · Changelog

<details> <summary>Release Notes</summary> <h4><a href="https://github.com/rails/globalid/releases/tag/v1.0.0">1.0.0</a></h4>

<blockquote><p dir="auto">Stable API release.</p> <p dir="auto"><em>The code is the same as the 0.6.0 release.</em></p></blockquote> <h4><a href="https://github.com/rails/globalid/releases/tag/v0.6.0">0.6.0</a></h4>

<blockquote><ul dir="auto"> <li>Add <code>ActiveRecord::FixtureSet.signed_global_id</code> helper to generate signed ids inside fixtures.</li> </ul></blockquote> <p><em>Does any of this look wrong? <a href="https://depfu.com/packages/rubygem/globalid/feedback">Please let us know.</a></em></p> </details>

<details> <summary>Commits</summary> <p><a href="https://github.com/rails/globalid/compare/0ed21fb86ed2ad5fc6c78b10d799155558bf55b7...42f5ea6b4c638024c8865c1e4a4dbeb991198557">See the full diff on Github</a>. The new version differs by more commits than we can show here.</p> </details>

↗️ i18n (indirect, 1.8.10 → 1.8.11) · Repo · Changelog

<details> <summary>Release Notes</summary> <h4><a href="https://github.com/ruby-i18n/i18n/releases/tag/v1.8.11">1.8.11</a></h4>

<blockquote><h2>What's Changed</h2> <ul> <li>Fix typo in documentation by <a href="https://bounce.depfu.com/github.com/rkh">@rkh</a> in <a href="https://bounce.depfu.com/github.com/ruby-i18n/i18n/pull/565">#565</a> </li> <li>Improve available locale check in Simple backend by <a href="https://bounce.depfu.com/github.com/codealchemy">@codealchemy</a> in <a href="https://bounce.depfu.com/github.com/ruby-i18n/i18n/pull/566">#566</a> </li> <li>Fix typo in Simple backend JSON test by <a href="https://bounce.depfu.com/github.com/codealchemy">@codealchemy</a> in <a href="https://bounce.depfu.com/github.com/ruby-i18n/i18n/pull/572">#572</a> </li> <li>Fix a build error when using Psych 4.0 by <a href="https://bounce.depfu.com/github.com/koic">@koic</a> in <a href="https://bounce.depfu.com/github.com/ruby-i18n/i18n/pull/569">#569</a> </li> </ul> <h2>New Contributors</h2> <ul> <li> <a href="https://bounce.depfu.com/github.com/rkh">@rkh</a> made their first contribution in <a href="https://bounce.depfu.com/github.com/ruby-i18n/i18n/pull/565">#565</a> </li> <li> <a href="https://bounce.depfu.com/github.com/codealchemy">@codealchemy</a> made their first contribution in <a href="https://bounce.depfu.com/github.com/ruby-i18n/i18n/pull/566">#566</a> </li> <li> <a href="https://bounce.depfu.com/github.com/koic">@koic</a> made their first contribution in <a href="https://bounce.depfu.com/github.com/ruby-i18n/i18n/pull/569">#569</a> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://bounce.depfu.com/github.com/ruby-i18n/i18n/compare/v1.8.10...v1.8.11"><tt>v1.8.10...v1.8.11</tt></a></p></blockquote> <p><em>Does any of this look wrong? <a href="https://depfu.com/packages/rubygem/i18n/feedback">Please let us know.</a></em></p> </details>

<details> <summary>Commits</summary> <p><a href="https://github.com/ruby-i18n/i18n/compare/0888807ab2fe4f4c8a4b780f5654a8175df61feb...cb4a4be9a13ae03b7b6d0678a3ad00dd790ee240">See the full diff on Github</a>. The new version differs by more commits than we can show here.</p> </details>

↗️ loofah (indirect, 2.12.0 → 2.13.0) · Repo · Changelog

<details> <summary>Release Notes</summary> <h4><a href="https://github.com/flavorjones/loofah/releases/tag/v2.13.0">2.13.0</a></h4>

<blockquote><h2 dir="auto">2.13.0 / 2021-12-10</h2> <h3 dir="auto">Bug fixes</h3> <ul dir="auto"> <li>Loofah::HTML::DocumentFragment#text no longer serializes top-level comment children. [<a href="https://bounce.depfu.com/github.com/flavorjones/loofah/issues/221">#221</a>]</li> </ul></blockquote> <p><em>Does any of this look wrong? <a href="https://depfu.com/packages/rubygem/loofah/feedback">Please let us know.</a></em></p> </details>

<details> <summary>Commits</summary> <p><a href="https://github.com/flavorjones/loofah/compare/08cc49f43073ce71b2eab4e00f95e62dd0150fdd...e595467bfe88c8a5b45d557a8e943bfb27bc2c1c">See the full diff on Github</a>. The new version differs by more commits than we can show here.</p> </details>

↗️ marcel (indirect, 1.0.1 → 1.0.2) · Repo

<details> <summary>Release Notes</summary> <h4><a href="https://github.com/rails/marcel/releases/tag/v1.0.2">1.0.2</a></h4>

<blockquote><ul> <li>Include Apache license in gem release. (<a href="https://bounce.depfu.com/github.com/rails/marcel/commit/a525d5b38f287ca0511c8eb26e657a1d46686e5f"><tt>a525d5b</tt></a>)</li> <li>Prefer <code>audio/x-wav</code> for WAV audio files. (<a href="https://bounce.depfu.com/github.com/rails/marcel/pull/45">#45</a>)</li> <li>Prefer <code>application/x-x509-ca-cert</code> for Privacy-Enhanced Mail certificates. (<a href="https://bounce.depfu.com/github.com/rails/marcel/pull/46">#46</a>)</li> <li>Prefer <code>audio/flac</code> for FLAC audio files. (<a href="https://bounce.depfu.com/github.com/rails/marcel/pull/47">#47</a>)</li> <li>Prefer <code>audio/aac</code> for Advanced Audio Coding audio files. (<a href="https://bounce.depfu.com/github.com/rails/marcel/pull/49">#49</a>)</li> <li>Prefer <code>application/vnd.ms-access</code> for Microsodt Access DB files. (<a href="https://bounce.depfu.com/github.com/rails/marcel/pull/50">#50</a>)</li> <li>Support <code>text/x-scss</code> and <code>text/x-sass</code> stylesheets. (<a href="https://bounce.depfu.com/github.com/rails/marcel/pull/52">#52</a>)</li> <li>Support encrypted Microsoft Access DB files. (<a href="https://bounce.depfu.com/github.com/rails/marcel/pull/53">#53</a>)</li> <li>Prefer <code>application/x-ole-storage</code> for Microsoft Office files. (<a href="https://bounce.depfu.com/github.com/rails/marcel/pull/54">#54</a>)</li> <li>Prefer <code>text/markdown</code> for Markdown files. (<a href="https://bounce.depfu.com/github.com/rails/marcel/pull/55">#55</a>)</li> <li>Prefer <code>audio/mpc</code> for Musepack audio files. (<a href="https://bounce.depfu.com/github.com/rails/marcel/pull/56">#56</a>)</li> <li>Support <code>audio/webm</code> audio files. (<a href="https://bounce.depfu.com/github.com/rails/marcel/pull/58">#58</a>)</li> <li>Support <code>image/avif</code> images files. (<a href="https://bounce.depfu.com/github.com/rails/marcel/pull/63">#63</a>)</li> </ul></blockquote> <p><em>Does any of this look wrong? <a href="https://depfu.com/packages/rubygem/marcel/feedback">Please let us know.</a></em></p> </details>

<details> <summary>Commits</summary> <p><a href="https://github.com/rails/marcel/compare/949e9d6890d0ed52b75962280634670d102aa8dd...fc69a19d17de4fedca354b2404b04834b16eacd8">See the full diff on Github</a>. The new version differs by more commits than we can show here.</p> </details>

↗️ mini_mime (indirect, 1.1.0 → 1.1.2) · Repo · Changelog

<details> <summary>Commits</summary> <p><a href="https://github.com/discourse/mini_mime/compare/33c00743f59619641b768655b2ba769c825838cd...2ca79cb0f82cea337ec5f463207519650e9ca3cc">See the full diff on Github</a>. The new version differs by more commits than we can show here.</p> </details>

↗️ nokogiri (indirect, 1.12.4 → 1.12.5) · Repo · Changelog

<details> <summary>Security Advisories 🚨</summary> <h4><a href="https://bounce.depfu.com/github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h">🚨 Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby</a></h4> <blockquote><h3>Severity</h3> <p>The Nokogiri maintainers have evaluated this as <a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C/MAV:N/MAC:L"><strong>High Severity</strong> 7.5 (CVSS3.0)</a> for JRuby users. (This security advisory does not apply to CRuby users.)</p> <h3>Impact</h3> <p>In Nokogiri v1.12.4 and earlier, <strong>on JRuby only</strong>, the SAX parser resolves external entities by default.</p> <p>Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected:</p> <ul> <li>Nokogiri::XML::SAX::Parser</li> <li>Nokogiri::HTML4::SAX::Parser or its alias Nokogiri::HTML::SAX::Parser</li> <li>Nokogiri::XML::SAX::PushParser</li> <li>Nokogiri::HTML4::SAX::PushParser or its alias Nokogiri::HTML::SAX::PushParser</li> </ul> <h3>Mitigation</h3> <p>JRuby users should upgrade to Nokogiri v1.12.5 or later. There are no workarounds available for v1.12.4 or earlier.</p> <p>CRuby users are not affected.</p></blockquote> </details>

<details> <summary>Release Notes</summary> <h4><a href="https://github.com/sparklemotion/nokogiri/releases/tag/v1.12.5">1.12.5</a></h4>

<blockquote><h2>1.12.5 / 2021-09-27</h2> <h3>Security</h3> <p>[JRuby] Address <a href="https://bounce.depfu.com/github.com/advisories/GHSA-2rr5-8q37-2w7h">CVE-2021-41098</a> (<a href="https://bounce.depfu.com/github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h">GHSA-2rr5-8q37-2w7h</a>).</p> <p>In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parsers resolve external entities (XXE) by default. This fix turns off entity-resolution-by-default in the JRuby SAX parsers to match the CRuby SAX parsers' behavior.</p> <p>CRuby users are not affected by this CVE.</p> <h3>Fixed</h3> <ul> <li>[CRuby] <code>Document#to_xhtml</code> properly serializes self-closing tags in libxml > 2.9.10. A behavior change introduced in libxml 2.9.11 resulted in emitting start and and tags (e.g., <code><br></br></code>) instead of a self-closing tag (e.g., <code><br/></code>) in previous Nokogiri versions. [<a href="https://bounce.depfu.com/github.com/sparklemotion/nokogiri/issues/2324">#2324</a>]</li> </ul> <hr> <p>SHA256 checksums:</p> <pre><code>36bfa3a07aced069b3f3c9b39d9fb62cb0728d284d02b079404cd55780beaeff nokogiri-1.12.5-arm64-darwin.gem 16b1a9ddbb70a9c998462912a5972097cbc79c3e01eb373906886ef8a469f589 nokogiri-1.12.5-java.gem 218dcc6edd1b49cc6244b5f88afb978739bb2f3f166c271557fe5f51e4bc713c nokogiri-1.12.5-x64-mingw32.gem e33bb919d64c16d931a5f26dc880969e587d225cfa97e6b56e790fb52179f527 nokogiri-1.12.5-x86-linux.gem e13c2ed011b8346fbd589e96fe3542d763158bc2c7ad0f4f55f6d801afd1d9ff nokogiri-1.12.5-x86-mingw32.gem 1ed64f7db7c1414b87fce28029f2a10128611d2037e0871ba298d00f9a00edd6 nokogiri-1.12.5-x86_64-darwin.gem 0868c8d0a147904d4dedaaa05af5f06656f2d3c67e4432601718559bf69d6cea nokogiri-1.12.5-x86_64-linux.gem 2b20905942acc580697c8c496d0d1672ab617facb9d30d156b3c7676e67902ec nokogiri-1.12.5.gem </code></pre></blockquote> <p><em>Does any of this look wrong? <a href="https://depfu.com/packages/rubygem/nokogiri/feedback">Please let us know.</a></em></p> </details>

<details> <summary>Commits</summary> <p><a href="https://github.com/sparklemotion/nokogiri/compare/564ac1787303332e0b2b92311ff6f1b30a893eae...47f6a461fdc3e375b30522259e48569fb578dece">See the full diff on Github</a>. The new version differs by more commits than we can show here.</p> </details>

↗️ racc (indirect, 1.5.2 → 1.6.0) · Repo · Changelog

<details> <summary>Commits</summary> <p><a href="https://github.com/ruby/racc/compare/ce0d7b9cdeef976c3c5cca0638e5817c0db8bc9f...0c5fe2637c0cf1ca9ebf0e1d027142525a9c6fb6">See the full diff on Github</a>. The new version differs by more commits than we can show here.</p> </details>

↗️ railties (indirect, 6.1.4.1 → 6.1.4.3) · Repo · Changelog

<details> <summary>Release Notes</summary>

<h4>6.1.4.2 (from changelog)</h4> <blockquote><ul dir="auto"> <li>No changes.</li> </ul></blockquote> <p><em>Does any of this look wrong? <a href="https://depfu.com/packages/rubygem/railties/feedback">Please let us know.</a></em></p> </details>

<details> <summary>Commits</summary> <p><a href="https://github.com/rails/rails/compare/90357af08048ef5076730505f6e7b14a81f33d0c...ac2e12a0fd1ff17de5021d4150df7feb864fc83d">See the full diff on Github</a>. The new version differs by more commits than we can show here.</p> </details>

↗️ sprockets-rails (indirect, 3.2.2 → 3.4.2) · Repo · Changelog

<details> <summary>Release Notes</summary> <h4><a href="https://github.com/rails/sprockets-rails/releases/tag/v3.4.2">3.4.2</a></h4>

<blockquote><h2 dir="auto">What's Changed</h2> <ul dir="auto"> <li>Fix protocol relative URLs amended accidentally by <a href="https://bounce.depfu.com/github.com/PikachuEXE">@PikachuEXE</a> in <a href="https://bounce.depfu.com/github.com/rails/sprockets-rails/pull/485">#485</a> </li> <li>Add <code>assets.resolve_assets_in_css_urls</code> configuration option to allow disabling <code>AssetUrlProcessor</code> by <a href="https://bounce.depfu.com/github.com/rmacklin">@rmacklin</a> in <a href="https://bounce.depfu.com/github.com/rails/sprockets-rails/pull/489">#489</a> </li> </ul> <h2 dir="auto">New Contributors</h2> <ul dir="auto"> <li> <a href="https://bounce.depfu.com/github.com/PikachuEXE">@PikachuEXE</a> made their first contribution in <a href="https://bounce.depfu.com/github.com/rails/sprockets-rails/pull/485">#485</a> </li> <li> <a href="https://bounce.depfu.com/github.com/rmacklin">@rmacklin</a> made their first contribution in <a href="https://bounce.depfu.com/github.com/rails/sprockets-rails/pull/489">#489</a> </li> </ul> <p dir="auto"><strong>Full Changelog</strong>: <a href="https://bounce.depfu.com/github.com/rails/sprockets-rails/compare/v3.4.1...v3.4.2"><tt>v3.4.1...v3.4.2</tt></a></p></blockquote> <h4><a href="https://github.com/rails/sprockets-rails/releases/tag/v3.4.1">3.4.1</a></h4>

<blockquote><h2 dir="auto">What's Changed</h2> <ul dir="auto"> <li>expose dependencies from AssetUrlProcessor by <a href="https://bounce.depfu.com/github.com/zarqman">@zarqman</a> in <a href="https://bounce.depfu.com/github.com/rails/sprockets-rails/pull/480">#480</a> </li> <li>Fix issues with relative paths from AssetUrlProcessor by <a href="https://bounce.depfu.com/github.com/jcoyne">@jcoyne</a> in <a href="https://bounce.depfu.com/github.com/rails/sprockets-rails/pull/482">#482</a> </li> <li>Fix sourcemapping url replacement by <a href="https://bounce.depfu.com/github.com/dhh">@dhh</a> in <a href="https://bounce.depfu.com/github.com/rails/sprockets-rails/pull/484">#484</a> </li> </ul> <p dir="auto"><strong>Full Changelog</strong>: <a href="https://bounce.depfu.com/github.com/rails/sprockets-rails/compare/v3.4.0...v3.4.1"><tt>v3.4.0...v3.4.1</tt></a></p></blockquote> <h4><a href="https://github.com/rails/sprockets-rails/releases/tag/v3.4.0">3.4.0</a></h4>

<blockquote><h2 dir="auto">What's Changed</h2> <ul dir="auto"> <li>Ensure source mapping URLs set by transpilers are not broken by appending a semicolon to their path and translate the paths to the digested versions for deployment by <a href="https://bounce.depfu.com/github.com/dhh">@dhh</a> in <a href="https://bounce.depfu.com/github.com/rails/sprockets-rails/pull/479">#479</a> </li> </ul> <p dir="auto">This makes <code>sprockets-rails</code> compatible out of the box with sourcemap generation from <code>jsbundling-rails</code>.</p></blockquote> <h4><a href="https://github.com/rails/sprockets-rails/releases/tag/v3.3.0">3.3.0</a></h4>

<blockquote><h2 dir="auto">What's Changed</h2> <ul dir="auto"> <li>Process css files so that they get digested paths for asset files by <a href="https://bounce.depfu.com/github.com/jcoyne">@jcoyne</a> in <a href="https://bounce.depfu.com/github.com/rails/sprockets-rails/pull/476">#476</a>. This allows you to use sprockets-rails together with <a href="https://bounce.depfu.com/github.com/rails/cssbundling-rails/">cssbundling-rails</a> and be able to reference assets in the asset pipeline without additional compilation.</li> <li>Raise the error that includes an error message by <a href="https://bounce.depfu.com/github.com/ghiculescu">@ghiculescu</a> in <a href="https://bounce.depfu.com/github.com/rails/sprockets-rails/pull/472">#472</a> </li> </ul> <p dir="auto"><strong>Full Changelog</strong>: <a href="https://bounce.depfu.com/github.com/rails/sprockets-rails/compare/v3.2.2...v3.3.0"><tt>v3.2.2...v3.3.0</tt></a></p></blockquote> <p><em>Does any of this look wrong? <a href="https://depfu.com/packages/rubygem/sprockets-rails/feedback">Please let us know.</a></em></p> </details>

<details> <summary>Commits</summary> <p><a href="https://github.com/rails/sprockets-rails/compare/1bf94e2a90e0bb315511249db6e080088523a747...582e284bab79ea0663addf6b15f80b19835af351">See the full diff on Github</a>. The new version differs by more commits than we can show here.</p> </details>

↗️ zeitwerk (indirect, 2.4.2 → 2.5.1) · Repo · Changelog

<details> <summary>Release Notes</summary>

<h4>2.5.1 (from changelog)</h4> <blockquote><ul> <li>Restores support for namespaces that are not hashable. For example namespaces that override the <code>hash</code> method with a different arity as shown in <a href="https://bounce.depfu.com/github.com/fxn/zeitwerk/issues/188">#188</a>.</li> </ul></blockquote>

<h4>2.5.0 (from changelog)</h4> <blockquote><h3> <a href="#breaking-changes"></a>Breaking changes</h3> <ul> <li> <p>Requires Ruby 2.5.</p> </li> <li> <p>Deletes the long time deprecated preload API. Instead of:</p> <div><pre><span>loader</span><span>.</span><span>preload</span><span>(</span><span>"app/models/user.rb"</span><span>)</span></pre></div> <p>just reference the constant on setup:</p> <div><pre><span>loader</span><span>.</span><span>on_setup</span> <span>{</span> <span>User</span> <span>}</span></pre></div> <p>If you want to eager load a namespace, use the constants API:</p> <div><pre><span>loader</span><span>.</span><span>on_setup</span> <span>do</span> <span>Admin</span><span>.</span><span>constants</span><span>(</span><span>false</span><span>)</span><span>.</span><span>each</span> <span>{</span> |<span>cname</span>| <span>Admin</span><span>.</span><span>const_get</span><span>(</span><span>cname</span><span>)</span> <span>}</span> <span>end</span></pre></div> </li> </ul> <h3> <a href="#bug-fixes"></a>Bug fixes</h3> <ul> <li> <p>Fixes a bug in which a certain valid combination of overlapping trees managed by different loaders and ignored directories was mistakenly reported as having conflicting directories.</p> </li> <li> <p>Detects external namespaces defined with <code>Module#autoload</code>. If your project reopens a 3rd party namespace, Zeitwerk already detected it and did not consider the namespace to be managed by the loader (automatically descends, ignored for reloads, etc.). However, the loader did not do that if the namespace had only an autoload in the 3rd party code yet to be executed. Now it does.</p> </li> </ul> <h3> <a href="#callbacks"></a>Callbacks</h3> <ul> <li> <p>Implements <code>Zeitwerk::Loader#on_setup</code>, which allows you to configure blocks of code to be executed on setup and on each reload. When the callback is fired, the loader is ready, you can refer to project constants in the block.</p> <p>See the <a href="https://bounce.depfu.com/github.com/fxn/zeitwerk#the-on_setup-callback">documentation</a> for further details.</p> </li> <li> <p>There is a new catch-all <code>Zeitwerk::Loader#on_load</code> that takes no argument and is triggered for all loaded objects:</p> <div><pre><span>loader</span><span>.</span><span>on_load</span> <span>do</span> |<span>cpath</span><span>,</span> <span>value</span><span>,</span> <span>abspath</span>| <span># ...</span> <span>end</span></pre></div> <p>Please, remember that if you want to trace the activity of a loader, <code>Zeitwerk::Loader#log!</code> logs plenty of information.</p> <p>See the <a href="https://bounce.depfu.com/github.com/fxn/zeitwerk#the-on_load-callback">documentation</a> for further details.</p> </li> <li> <p>The block of the existing <code>Zeitwerk::Loader#on_load</code> receives also the value stored in the constant, and the absolute path to its corresponding file or directory:</p> <div><pre><span>loader</span><span>.</span><span>on_load</span><span>(</span><span>"Service::NotificationsGateway"</span><span>)</span> <span>do</span> |<span>klass</span><span>,</span> <span>abspath</span>| <span># ...</span> <span>end</span></pre></div> <p>Remember that blocks can be defined to take less arguments than passed. So this change is backwards compatible. If you had</p> <div><pre><span>loader</span><span>.</span><span>on_load</span><span>(</span><span>"Service::NotificationsGateway"</span><span>)</span> <span>do</span> <span>Service</span>::<span>NotificationsGateway</span><span>.</span><span>endpoint</span> <span>=</span> ... <span>end</span></pre></div> <p>That works.</p> </li> <li> <p>Implements <code>Zeitwerk::Loader#on_unload</code>, which allows you to configure blocks of code to be executed before a certain class or module gets unloaded:</p> <div><pre><span>loader</span><span>.</span><span>on_unload</span><span>(</span><span>"Country"</span><span>)</span> <span>do</span> |<span>klass</span><span>,</span> <span>_abspath</span>| <span>klass</span><span>.</span><span>clear_cache</span> <span>end</span></pre></div> <p>These callbacks are invoked during unloading, which happens in an unspecified order. Therefore, they should not refer to reloadable constants.</p> <p>You can also be called for all unloaded objects:</p> <div><pre><span>loader</span><span>.</span><span>on_unload</span> <span>do</span> |<span>cpath</span><span>,</span> <span>value</span><span>,</span> <span>abspath</span>| <span># ...</span> <span>end</span></pre></div> <p>Please, remember that if you want to trace the activity of a loader, <code>Zeitwerk::Loader#log!</code> logs plenty of information.</p> <p>See the <a href="https://bounce.depfu.com/github.com/fxn/zeitwerk/blob/master/README.md#the-on_unload-callback">documentation</a> for further details.</p> </li> </ul> <h3> <a href="#assorted"></a>Assorted</h3> <ul> <li> <p>Performance improvements.</p> </li> <li> <p>Documentation improvements.</p> </li> <li> <p>The method <code>Zeitwerk::Loader#eager_load</code> accepts a <code>force</code> flag:</p> <div><pre><span>loader</span><span>.</span><span>eager_load</span><span>(</span><span>force</span>: <span>true</span><span>)</span></pre></div> <p>If passed, eager load exclusions configured with <code>do_not_eager_load</code> are not honoured (but ignored files and directories are).</p> <p>This may be handy for test suites that eager load in order to ensure all files define the expected constant.</p> </li> <li> <p>Eliminates internal use of <code>File.realpath</code>. One visible consequence is that in logs root dirs are shown as configured if they contain symlinks.</p> </li> <li> <p>When an autoloaded file does not define the expected constant, Ruby clears state differently starting with Ruby 3.1. Unloading has been revised to be compatible with both behaviours.</p> </li> <li> <p>Logging prints a few new traces.</p> </li> </ul></blockquote> <p><em>Does any of this look wrong? <a href="https://depfu.com/packages/rubygem/zeitwerk/feedback">Please let us know.</a></em></p> </details>

<details> <summary>Commits</summary> <p><a href="https://github.com/fxn/zeitwerk/compare/2a3d73ba81e1b671fa943f63a36e35586da30ce2...14274f498d6994a6ee7094c487a45a084dde852f">See the full diff on Github</a>. The new version differs by more commits than we can show here.</p> </details>


Depfu Status

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

<details><summary>All Depfu comment commands</summary> <blockquote><dl> <dt>@​depfu rebase</dt><dd>Rebases against your default branch and redoes this update</dd> <dt>@​depfu recreate</dt><dd>Recreates this PR, overwriting any edits that you've made to it</dd> <dt>@​depfu merge</dt><dd>Merges this PR once your tests are passing and conflicts are resolved</dd> <dt>@​depfu close</dt><dd>Closes this PR and deletes the branch</dd> <dt>@​depfu reopen</dt><dd>Restores the branch and reopens this PR (if it's closed)</dd> <dt>@​depfu pause</dt><dd>Ignores all future updates for this dependency and closes this PR</dd> <dt>@​depfu pause [minor|major]</dt><dd>Ignores all future minor/major updates for this dependency and closes this PR</dd> <dt>@​depfu resume</dt><dd>Future versions of this dependency will create PRs again (leaves this PR as is)</dd> </dl></blockquote> </details>

+67 -67

0 comment

1 changed file

depfu[bot]

pr closed time in a month

more