Skip to content

dep: bump bootsnap from 1.15.0 to 1.16.0

George Koltsov requested to merge dependabot-bundler-bootsnap-1.16.0 into main

Bumps bootsnap from 1.15.0 to 1.16.0.

Changelog

Sourced from bootsnap's changelog.

1.16.0

  • Use RbConfig::CONFIG["rubylibdir"] instead of RbConfig::CONFIG["libdir"] to check for stdlib files. See #431.
  • Fix the cached version of YAML.load_file being slightly more permissive than the default Psych one. See #434. Date and Time values are now properly rejected, as well as aliases. If this causes a regression in your application, it is recommended to load trusted YAML files with YAML.unsafe_load_file.
Commits
  • 88548cc Release 1.16.0
  • a00bce2 Merge pull request #435 from Shopify/stricter-yaml-load-file
  • 566dd18 Fix the YAML.load_file decorator to be as strict as regular YAML.load_file
  • a79a163 Merge pull request #433 from simi/patch-1
  • f0df353 Update README.md
  • 72202aa Use RbConfig::CONFIG["rubylibdir"] to check for stdlib files
  • b6107b8 Merge pull request #430 from adamzapasnik/adamzapasnik-patch-1
  • 0a1990e Fix a typo
  • See full diff in compare view

Dependabot commands
You can trigger Dependabot actions by commenting on this MR
  • @dependabot-bot rebase will rebase this MR
  • @dependabot-bot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

Merge request reports