dependabot[bot]
ed5e862aa3
Bump rouge from 4.4.0 to 4.5.0 in the all-gems group across 1 directory ( #5316 )
...
Bumps the all-gems group with 1 update in the / directory: [rouge](https://github.com/rouge-ruby/rouge ).
Updates `rouge` from 4.4.0 to 4.5.0
- [Release notes](https://github.com/rouge-ruby/rouge/releases )
- [Changelog](https://github.com/rouge-ruby/rouge/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rouge-ruby/rouge/compare/v4.4.0...v4.5.0 )
---
updated-dependencies:
- dependency-name: rouge
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: all-gems
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-14 15:14:44 +01:00
Andreas Dangel
3ed370f61d
Bump gems and bundler ( #5301 )
...
- Bump bundler from 2.5.3 to 2.5.22
- Bump activesupport from 7.2.1 to 7.2.2
- Bump execjs from 2.9.1 to 2.10.0
- Bump faraday from 2.11.0 to 2.12.0
- Bump i18n from 1.14.5 to 1.14.6
- Bump json from 2.7.2 to 2.7.5
- Bump logger from 1.6.0 to 1.6.1
- Bump rexml from 3.3.6/3.3.8 to 3.3.9
- Bump rufus-scheduler from 3.9.2 to 3.9.2
- Fixes https://github.com/pmd/pmd/security/dependabot/69
- Fixes https://github.com/pmd/pmd/security/dependabot/70
2024-10-31 15:07:25 +01:00
dependabot[bot]
7df70ea7c1
Bump danger from 9.5.0 to 9.5.1 in the all-gems group across 1 directory
...
Bumps the all-gems group with 1 update in the / directory: [danger](https://github.com/danger/danger ).
Updates `danger` from 9.5.0 to 9.5.1
- [Release notes](https://github.com/danger/danger/releases )
- [Changelog](https://github.com/danger/danger/blob/master/CHANGELOG.md )
- [Commits](https://github.com/danger/danger/compare/v9.5.0...v9.5.1 )
---
updated-dependencies:
- dependency-name: danger
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: all-gems
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-10-21 03:18:38 +00:00
dependabot[bot]
b03a46fa8c
Bump rouge from 4.3.0 to 4.4.0 in the all-gems group across 1 directory ( #5226 )
...
Bumps the all-gems group with 1 update in the / directory: [rouge](https://github.com/rouge-ruby/rouge ).
Updates `rouge` from 4.3.0 to 4.4.0
- [Release notes](https://github.com/rouge-ruby/rouge/releases )
- [Changelog](https://github.com/rouge-ruby/rouge/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rouge-ruby/rouge/compare/v4.3.0...v4.4.0 )
---
updated-dependencies:
- dependency-name: rouge
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: all-gems
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-26 12:08:39 +02:00
Andreas Dangel
cd33eb621e
Update gems
...
Fixes https://github.com/pmd/pmd/security/dependabot/64
Fixes CVE-2024-43380
Fixes https://github.com/advisories/GHSA-2m96-52r3-2f3g
Fixes https://github.com/pmd/pmd/security/dependabot/65
Fixes https://github.com/pmd/pmd/security/dependabot/66
Fixes CVE-2024-43398
Fixes https://github.com/advisories/GHSA-vmwr-mc7x-5vc3
2024-08-27 19:16:38 +02:00
dependabot[bot]
c5de5d67a0
Bump danger from 9.4.3 to 9.5.0 in the all-gems group across 1 directory
...
Bumps the all-gems group with 1 update in the / directory: [danger](https://github.com/danger/danger ).
Updates `danger` from 9.4.3 to 9.5.0
- [Release notes](https://github.com/danger/danger/releases )
- [Changelog](https://github.com/danger/danger/blob/master/CHANGELOG.md )
- [Commits](https://github.com/danger/danger/commits )
---
updated-dependencies:
- dependency-name: danger
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: all-gems
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-08-05 03:57:58 +00:00
Andreas Dangel
607684c6cb
Update gems
...
Fixes https://github.com/pmd/pmd/security/dependabot/58
Fixes https://github.com/pmd/pmd/security/dependabot/59
Fixes CVE-2024-39908
Fixes https://github.com/advisories/GHSA-4xqq-m2hx-25v8
2024-07-23 19:36:53 +02:00
Andreas Dangel
ec30fe1b01
Update gems
...
- Bump nokogiri from 1.16.2 to 1.16.5
- Bump rexml from 3.2.6 to 3.2.8
Fixes https://github.com/pmd/pmd/security/dependabot/52
Fixes https://github.com/pmd/pmd/security/dependabot/53
Fixes https://github.com/advisories/GHSA-r95h-9x8f-r3f7
Fixes https://github.com/pmd/pmd/security/dependabot/56
Fixes https://github.com/pmd/pmd/security/dependabot/57
Fixes https://github.com/advisories/GHSA-vg3r-rm7w-2xgh
Fixes CVE-2024-35176
2024-05-23 08:43:31 +02:00
Andreas Dangel
2dc91b3de5
Update gems
...
Add bigdecimal and csv module, to be ruby 3.4 ready
2024-03-12 19:33:10 +01:00
Andreas Dangel
aa6851e2d2
Update gems
...
Fixes https://github.com/pmd/pmd/security/dependabot/49
Fixes https://github.com/pmd/pmd/security/dependabot/50
2024-02-15 20:31:17 +01:00
Andreas Dangel
a558fd17eb
[ci] Use bundler 2.4.22, which is still compatible with ruby 2.7
2023-12-16 13:03:32 +01:00
Andreas Dangel
1c8c5cf434
Bump pmdtester from 1.5.4 to 1.5.5
2023-11-16 10:27:54 +01:00
Andreas Dangel
94d374acaa
Update gems
...
* Bump commonmarker from 0.23.9 to 0.23.10
** Fixes https://github.com/pmd/pmd/security/dependabot/43
** Fixes https://github.com/advisories/GHSA-7vh7-fw88-wj87
* Bump activesupport from 7.0.5 to 7.0.8
** Fixes https://github.com/pmd/pmd/security/dependabot/45
** Fixes CVE-2023-38037
** Fixes https://github.com/advisories/GHSA-cr5q-6q9f-rq6q
* Bump addressable from 2.8.4 to 2.8.5
* Bump danger from 9.2.0 to 9.3.2
* Bump execjs from 2.8.1 to 2.9.1
* Bump faraday from 2.7.5 to 2.7.11
* Bump ffi from 1.15.5 to 1.16.2
* Bump i18n from 1.13.0 to 1.14.1
* Bump mini_portile2 from 2.8.2 to 2.8.4
* Bump minitest from 5.18.0 to 5.20.0
* Bump nokogiri from 1.15.2 to 1.15.4
* Bump octokit from 5.6.1 to 6.1.1
* Bump public_suffix from 5.0.1 to 5.0.3
* Bump racc from 1.6.2 to 1.7.1
* Bump rexml from 3.2.5 to 3.2.6
* Bump rouge from 4.1.1 to 4.1.3
* Bump rufus-schedule from 3.8.2 to 3.9.1
2023-09-28 12:17:26 +02:00
Andreas Dangel
f147c76577
Update gems - use pmdtester 1.5.4
2023-05-28 09:04:46 +02:00
Andreas Dangel
ae766de203
Update gems
...
Fixes https://github.com/pmd/pmd/security/dependabot/38
Fixes https://github.com/pmd/pmd/security/dependabot/39
Fixes https://github.com/pmd/pmd/security/dependabot/40
2023-04-28 10:28:17 +02:00
Andreas Dangel
11e2a8687e
Update gems
...
Fixes https://github.com/pmd/pmd/security/dependabot/37
Fixes CVE-2023-28120
Fixes https://github.com/advisories/GHSA-pj73-v5mw-pm9j
2023-03-17 10:40:15 +01:00
Andreas Dangel
c3b1317a77
Update gems
2023-02-02 09:37:17 +01:00
Andreas Dangel
9d92528587
Update bundler
2023-01-25 08:56:17 +01:00
Andreas Dangel
6b2f1be14e
Update gems
...
Fixes https://github.com/pmd/pmd/security/dependabot/35
Fixes CVE-2023-22796
Fixes https://github.com/advisories/GHSA-j6gc-792m-qgm2
Fixes https://github.com/pmd/pmd/security/dependabot/36
Fixes https://github.com/advisories/GHSA-636f-xm5j-pj9m
2023-01-25 08:48:34 +01:00
Andreas Dangel
89b947bec5
Update gems
...
Fixes https://github.com/pmd/pmd/security/dependabot/34
Fixes CVE-2022-46648
Fixes https://github.com/advisories/GHSA-pfpr-3463-c6jh
2023-01-10 12:21:27 +01:00
Andreas Dangel
9f5bd42d43
Update gems
...
Fixes https://github.com/pmd/pmd/security/dependabot/31
Fixes CVE-2022-23476
Fixes https://github.com/advisories/GHSA-qv4q-mr5r-qprj
2022-12-08 11:41:02 +01:00
Andreas Dangel
edcfe21131
Update pmdtester and other gems
2022-11-25 15:15:10 +01:00
Andreas Dangel
f54ca8b364
Update gems
2022-10-20 15:53:51 +02:00
Andreas Dangel
241e1e140a
Bump pmdtester from 1.5.1 to 1.5.2
2022-10-20 15:53:32 +02:00
Andreas Dangel
0dcff72455
Update gems
...
Fixes https://github.com/pmd/pmd/security/dependabot/26
Fixes https://github.com/advisories/GHSA-4qw4-jpp4-8gvp
2022-09-24 17:52:56 +02:00
Andreas Dangel
4308aafe92
Update gems
...
Fixes https://github.com/pmd/pmd/security/dependabot/22
TZInfo relative path traversal vulnerability allows loading of arbitrary files
CVE-2022-31163
https://github.com/advisories/GHSA-5cm2-9h8c-rvfx
2022-07-22 14:14:12 +02:00
Andreas Dangel
dc512e8a04
[ci] Update gems
...
- update pmdtester from 1.5.0 to 1.5.1
- update nokogiri from 1.13.5 to 1.13.6
- update activesupport from 6.0.4.8 to 6.0.5
2022-05-12 17:33:54 +02:00
Andreas Dangel
d3880443f7
[ci] Update gems
...
- update pmtester from 1.4.1 to 1.5.0
- update nokogiri from 1.13.4 to 1.13.5
2022-05-06 15:05:20 +02:00
Andreas Dangel
4eb2471939
Update gems
...
Fixes Command injection in ruby-git
(https://github.com/pmd/pmd/security/dependabot/21 )
2022-04-29 12:01:29 +02:00
Andreas Dangel
d09a48ad5f
Update regression-tester and other gems
...
pmd-tester 1.4.1
nokogiri 1.13.4
Fixes the following security alerts:
- Out-of-bounds Write in zlib affects Nokogiri
- XML Injection in Xerces Java affects Nokogiri
- Inefficient Regular Expression Complexity in Nokogiri
- Denial of Service (DoS) in Nokogiri on JRuby
2022-04-12 12:17:01 +02:00
Andreas Dangel
0081e61cfd
Update pmdtester to 1.4.0
2022-03-24 16:46:42 +01:00
Andreas Dangel
b1f85585d4
Revert "REVERT ME - Use pmtester from pmd/pmd-regression-tester#103"
...
This reverts commit 67928910df25574ec41821b60d352e5f32bfe971.
2022-03-24 16:18:51 +01:00
Andreas Dangel
67928910df
REVERT ME - Use pmtester from pmd/pmd-regression-tester#103
...
And also make a change in core to run it
2022-03-18 15:51:15 +01:00
Andreas Dangel
c421e7e646
Update gems
...
Fixes https://github.com/pmd/pmd/security/dependabot/12
2022-03-10 10:58:16 +01:00
Andreas Dangel
691887af00
Update gems (nokogiri and others)
...
Fixes https://github.com/pmd/pmd/security/dependabot/11
Fixes https://github.com/pmd/pmd/security/dependabot/10
2022-02-26 10:39:00 +01:00
Andreas Dangel
ffe8893a3d
Update pmdtester from 1.2.0 to 1.3.0
2021-12-20 19:02:28 +01:00
Andreas Dangel
740968461a
Bump danger from 5.16.1 to 8.4.0
2021-10-15 22:37:23 +02:00
Andreas Dangel
c9077e19ea
Update gems
...
Fixes https://github.com/advisories/GHSA-2rr5-8q37-2w7h
2021-09-30 15:48:48 +02:00
Andreas Dangel
4a519be2d9
Update gems
...
Fixes CVE-2021-32740
Regular Expression Denial of Service in Addressable templates
https://github.com/advisories/GHSA-jxhc-q857-3j6g
2021-07-15 10:43:38 +02:00
Andreas Dangel
d79c2d1a0f
[ci] Bump pmd-regression-tester from 1.1.2 to 1.2.0
2021-06-20 18:43:17 +02:00
Andreas Dangel
0dab8818af
Update gems
2021-05-20 14:26:47 +02:00
Andreas Dangel
c2955e3aa9
Update gems
...
Fixes CVE-2021-28965
https://github.com/advisories/GHSA-8cr8-4vfw-mr7h
2021-05-06 10:12:13 +02:00
Andreas Dangel
9937aed5dc
Update gems, use pmdtester 1.1.2
2021-04-23 11:51:52 +02:00
Andreas Dangel
bbec003287
Update gems
2021-04-01 12:01:18 +02:00
Andreas Dangel
9158c9f439
[ci] Update pmdtester to 1.1.1, disable debug
2021-01-16 10:12:32 +01:00
Andreas Dangel
5ed003c686
Update gems
...
CVE-2020-26247
https://github.com/advisories/GHSA-vr8q-g5c7-m54m
2021-01-07 15:28:06 +01:00
Andreas Dangel
5fffaa90f5
[ci] Update pmdtester to 1.1.0
2020-12-05 15:09:11 +01:00
Andreas Dangel
ff030d1d2d
[ci] Update regression tester
...
* Remove workaround for pre-downloading baseline
and add baseline-download-url option
* Remove unnecessary travis_wait
* Add error-recovery flag
2020-11-25 11:26:16 +01:00
Andreas Dangel
cac03fdb29
[ci] Switch back to pmd/pmd-regression-tester@master
2020-10-28 16:17:11 +01:00
Andreas Dangel
ff6e5278f3
[ci] Update pmd-tester, use auxclasspath
...
This will test pmd/pmd-regression-tester#72
checkstyle:
Add exclude patterns for checkstyle: after compilation,
testresources appear now under target/test-classes
and they don't need to be analyzed again.
Also exclude generated-sources.
2020-10-28 11:49:57 +01:00