Bump rails from 7.0.4.2 to 7.0.4.3 (!2028) · Merge requests · multiple-projects / imported-project-fe3943d781f2a90b · GitLab

Do not update/delete: Banner broadcast message test data

Do not update/delete: Notification broadcast message test data

George Koltsov requested to merge dependabot-bundler-rails-7.0.4.3 into main Mar 13, 2023

Bumps rails from 7.0.4.2 to 7.0.4.3.

Release notes

Sourced from rails's releases.

v7.0.4.3

Active Support

Implement SafeBuffer#bytesplice

[CVE-2023-28120]

Active Model

No changes.

Active Record

No changes.

Action View

Ignore certain data-* attributes in rails-ujs when element is contenteditable

[CVE-2023-23913]

Action Pack

No changes.

Active Job

No changes.

Action Mailer

No changes.

Action Cable

... (truncated)

Commits

c15ee6e Preparing for 7.0.4.3 release
73009ea Ignore certain data-* attributes in rails-ujs when element is contenteditable
3468503 Implement SafeBuffer#bytesplice
See full diff in compare view

Dependabot commands

You can trigger Dependabot actions by commenting on this MR

@dependabot-bot rebase will rebase this MR
@dependabot-bot recreate will recreate this MR rewriting all the manual changes and resolving conflicts