Update russian_central_bank: 0.2.1 → 1.1.3 (major)

[depfu]

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ russian_central_bank (0.2.1 → 1.1.3) · Repo

Commits

See the full diff on Github. The new version differs by 2 commits:

• Update money dependency to >= 6.13.5 (#22)
• Fix undefined method index for #<Money::RatesStore::Memory:xxx> after updating money gem to 6.13.6 (#19)

↗️ builder (indirect, 3.2.3 → 3.2.4) · Repo · Changelog

↗️ i18n (indirect, 0.7.0 → 0.9.5) · Repo · Changelog

Release Notes

0.9.5

• #404 reported a regression in 0.9.3, which wasn't fixed by 0.9.4. #408 fixes this issue.

Thanks @wjordan!

0.9.4

• Fixed a regression with chained backends introduced in v0.9.3 (#402) - #405 - bug report / #407 - PR to fix
• Optimize Backend::Simple#available_locales - reports are that this is now 4x faster than previously - #406

0.9.3

(For those wondering where v0.9.2 went: I got busy after I pushed the commit for the release, so there was no gem release that day. I am not busy today, so here is v0.9.3 in its stead. This changelog contains changes from v0.9.1 -> v0.9.3)

• I18n no longer stores translations for unavailable locales. #391.
• Added the ability to interpolate with arrays #395.
• Documentation for lambda has been corrected. #396
• I18n will use oj -- a faster JSON library -- but only if it is available. #398
• Fixed an issue with translate and default: [false] as an option. #399
• Fixed an issue with translate with nil and empty keys. #400
• Fix issue with disabled subtrees and pluralization for KeyValue backend #402

Thank you to @stereobooster, @fatkodima and @lulalala for the patches that went towards this release. We appreciate your efforts!

0.9.1

• Reverted Hash#slice behaviour introduced with #250 - See #390.
• Fixed a regression caused by #387, where translations may have returned a not-helpful error message - See #389

0.9.0

• Made Backend::Memoize threadsafe. See #51 and #352.
• Added a middleware I18n::Middleware that should be used to ensure that i18n config is reset correctly between requests. See #381 and #382.

0.8.6

Fixed a small regression introduced in v0.8.5 when using fallbacks - See #378

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ money (indirect, 6.5.0 → 6.13.7) · Repo · Changelog

Release Notes

6.13.7 (from changelog)

• Improve deprecation warnings for the upcoming major release

6.13.6 (from changelog)

• Fix a regression introduced in 6.13.5 that broken RatesStore::Memory subclasses

6.13.5 (from changelog)

• Raise warning on using Money.default_currency
• Raise warning on using default Money.rounding_mode
• Add Second Ouguiya MRU 929 to currency iso file
• Add symbol for UZS
• Use monitor for recursive mutual exclusion in RatesStore::Memory
• Allow passing store as a string to Money::Bank::VariableExchange (to support Rails 6)

6.13.4 (from changelog)

• Update currency config for Zambian Kwacha (ZMW)
• Do not modify options passed to FormattingRules

6.13.3 (from changelog)

• Remove specs from the packaged gem
• Use Currency::Loader directly without extending
• Add Money.with_rounding_mode as a replacement for calling Money.roudning_mode with a block
• Fix currency search for two digit ISO numbers
• Add description to TypeError raised by +/- operations

6.13.2 (from changelog)

• Prevent Money initialization with non-finite amounts
• Convert the fractional value of a Money object to BigDecimal when initializing
• Offer replacements for currency position deprecations
• Fix Peruvian Sol symbol
• Lock i18n to <= 1.2.0 for older (< 2.3) rubies
• Prevent Divide By Zero in Money#allocate

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ nokogiri (indirect, 1.10.1 → 1.10.7) · Repo · Changelog

Release Notes

1.10.7

1.10.7 / 2019-12-03

Bug

• [MRI] Ensure the patch applied in v1.10.6 works with GNU patch. [#1954]

1.10.6

1.10.6 / 2019-12-03

Bug

• [MRI] Fix FreeBSD installation of vendored libxml2. [#1941, #1953] (Thanks, @nurse!)

1.10.5

1.10.5 / 2019-10-31

Dependencies

• [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
• [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34

1.10.4

1.10.4 / 2019-08-11

Security

Address CVE-2019-5477 (#1915)

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being passed untrusted user input.

This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

This CVE's public notice is #1915

1.10.3

1.10.3 / 2019-04-22

Security Notes

[MRI] Pulled in upstream patch from libxslt that addresses CVE-2019-11068. Full details are available in #1892. Note that this patch is not yet (as of 2019-04-22) in an upstream release of libxslt.

1.10.2

1.10.2 / 2019-03-24

Security

• [MRI] Remove support from vendored libxml2 for future script macros. [#1871]
• [MRI] Remove support from vendored libxml2 for server-side includes within attributes. [#1877]

Bug fixes

• [JRuby] Fix node ownership in duplicated documents. [#1060]
• [JRuby] Rethrow exceptions caught by Java SAX handler. [#1847, #1872] (Thanks, @adjam!)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rack (indirect, 1.6.11 → 1.6.12) · Repo · Changelog

Release Notes

1.6.12 (from changelog)

• [CVE-2019-16782] Prevent timing attacks targeted at session ID lookup. (@tenderlove, @rafaelfranca)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 19 commits:

• Merge branch '1-6-sec' into 1-6-stable
• Bump version
• making diff smaller
• fix memcache tests on 1.6
• fix tests on 1.6
• Introduce a new base class to avoid breaking when upgrading
• Add a version prefix to the private id to make easier to migrate old values
• Fallback to the public id when reading the session in the pool adapter
• Also drop the session with the public id when destroying sessions
• Fallback to the legacy id when the new id is not found
• Add the private id
• revert conditionals to master
• remove NullSession
• remove || raise and get closer to master
• store hashed id, send public id
• use session id objects
• remove more nils
• try to ensure we always have some kind of object
• Fix assertion on bacon

🗑️ akami (removed)

🗑️ gyoku (removed)

🗑️ httpi (removed)

🗑️ nori (removed)

🗑️ rubyntlm (removed)

🗑️ savon (removed)

🗑️ wasabi (removed)

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)