Releases: ualbertalib/library-cms
Releases · ualbertalib/library-cms
2.3.6
What's Changed
- Bump postcss from 8.5.6 to 8.5.9 by @dependabot[bot] in #939
- Bump yaml from 2.5.0 to 2.8.3 by @dependabot[bot] in #935
- Bump brace-expansion from 1.1.12 to 1.1.14 by @dependabot[bot] in #942
- Security updates 2026 04 13 by @jefferya in #943
- Bump actions/cache from 4 to 5 by @dependabot[bot] in #903
- Bump actions/checkout from 5 to 6 by @dependabot[bot] in #897
- Bump autoprefixer from 10.4.21 to 10.5.0 by @dependabot[bot] in #944
- Bump nodemon from 3.1.10 to 3.1.14 by @dependabot[bot] in #922
- Bump rubocop-rails from 2.33.4 to 2.34.0 by @dependabot[bot] in #892
- Bump htmlentities from 4.3.4 to 4.4.0 by @dependabot[bot] in #891
- Bump rollbar from 3.6.2 to 3.7.0 by @dependabot[bot] in #886
- Bump bootsnap from 1.18.6 to 1.19.0 by @dependabot[bot] in #893
- Bump mysql2 from 0.5.6 to 0.5.7 by @dependabot[bot] in #859
Full Changelog: 2.3.5...2.3.6
Contributors
jefferya and dependabot
Assets 2
2.3.5
What's Changed
- Bump activesupport from 7.2.2.2 to 7.2.3.1 by @dependabot[bot] in #933
- Above also bumped Rails and dependencies from 7.2.2.2 to 7.2.3.1
Full Changelog: 2.3.4...2.3.5
Contributors
dependabot
Assets 2
2.3.4
What's Changed
- Bump json from 2.15.2 to 2.15.2.1 by @dependabot[bot] in #930
Full Changelog: 2.3.3...2.3.4
Contributors
dependabot
Assets 2
2.3.3
What's Changed
- Bump immutable from 5.0.3 to 5.1.5 by @dependabot[bot] in #927
- Bump minimatch from 3.1.3 to 3.1.5 by @dependabot[bot] in #926
Full Changelog: 2.3.2...2.3.3
Contributors
dependabot
Assets 2
2.3.2
What's Changed
- Bump nokogiri from 1.18.9 to 1.19.1 by @dependabot[bot] in #920
- Bump minimatch from 3.1.2 to 3.1.3 by @dependabot[bot] in #923
Full Changelog: 2.3.1...2.3.2
Contributors
dependabot
Assets 2
2.3.1
What's Changed
- Update to ruby 3.3.10 by @jefferya in #910
- Bump @hotwired/turbo from 8.0.13 to 8.0.21 by @dependabot[bot] in #911
- Bump rack from 3.1.18 to 3.1.20 by @dependabot[bot] in #919
Full Changelog: 2.3.0...2.3.1
Contributors
jefferya and dependabot
Assets 2
2.3.0
What's Changed
- Bump Rails from 7.1.x to 7.2.x by @jefferya in #840
- Bump actions/setup-node from 5 to 6 by @dependabot[bot] in #869
Full Changelog: 2.2.2...2.3.0
Contributors
jefferya and dependabot
Assets 2
2.2.2
What's Changed
- Bump rubocop from 1.75.8 to 1.80.2 by @dependabot[bot] in #852
- Bump rubocop-rails from 2.33.3 to 2.33.4 by @dependabot[bot] in #865
- Bump selenium-webdriver from 4.35.0 to 4.36.0 by @dependabot[bot] in #866
- Bump rdoc from 6.14.2 to 6.15.0 by @dependabot[bot] in #867
- Bump selenium-webdriver from 4.36.0 to 4.38.0 by @dependabot[bot] in #874
- Rack v3.1.18 to address CVE-2025-61780 & CVE-2025-61919 by @jefferya in #876
Security
- CVE-2025-61780 Improper handling of headers in Rack::Sendfile may allow proxy bypass.
- CVE-2025-61919 Unbounded read in Rack::Request form parsing can lead to memory exhaustion.
Full Changelog: 2.2.1...2.2.2
Contributors
jefferya and dependabot
Assets 2
2.2.1
What's Changed
- Bump rack from 3.2.0 to 3.2.2 by @dependabot[bot] in #868
Security:
CVE-2025-61772 Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)
CVE-2025-61771 Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
CVE-2025-61770 Unbounded multipart preamble buffering enables DoS (memory exhaustion)
Full Changelog: 2.2.0...2.2.1
Contributors
dependabot
Assets 2
2.2.0
What's Changed
- Bump actions/checkout from 4 to 5 by @dependabot[bot] in #832
- Bump nokogiri from 1.18.8 to 1.18.9 by @dependabot[bot] in #824
- Bump thor from 1.3.2 to 1.4.0 by @dependabot[bot] in #825
- Bump brace-expansion from 1.1.11 to 1.1.12 by @dependabot[bot] in #833
- Bump esbuild from 0.25.5 to 0.25.9 by @dependabot[bot] in #836
- Bump sass from 1.89.1 to 1.90.0 by @dependabot[bot] in #827
- Bump bootstrap from 5.3.6 to 5.3.7 by @dependabot[bot] in #816
- Bump postcss from 8.5.4 to 8.5.6 by @dependabot[bot] in #815
- Bump rubocop-rails from 2.32.0 to 2.33.1 by @dependabot[bot] in #831
- Bump rdoc from 6.14.0 to 6.14.2 by @dependabot[bot] in #821
- Bump selenium-webdriver from 4.33.0 to 4.35.0 by @dependabot[bot] in #834
- Bump jbuilder from 2.13.0 to 2.14.1 by @dependabot[bot] in #835
- Bump puma from 6.6.0 to 6.6.1 by @dependabot[bot] in #826
- Bump spring from 4.3.0 to 4.4.0 by @dependabot[bot] in #828
- Bump rails from 7.1.5.1 to 7.1.5.2 by @dependabot[bot] in #837
- Bump sass from 1.90.0 to 1.91.0 by @dependabot[bot] in #841
- Bump rubocop-minitest from 0.38.1 to 0.38.2 by @dependabot[bot] in #843
- Bump bootstrap from 5.3.7 to 5.3.8 by @dependabot[bot] in #842
- Bump actions/setup-node from 4 to 5 by @dependabot[bot] in #847
- Bump rexml from 3.4.1 to 3.4.2 by @dependabot[bot] in #855
- Add Config Gem as a replacement for deprecated secrets.yml by @jefferya in #845
New Contributors
Full Changelog: 2.1.2...2.2.0
Contributors
jefferya and dependabot