Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump rack from 2.2.9 to 3.1.7 in /pkgs/applications/misc/gollum #3

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

build(deps): bump rack from 2.2.9 to 3.1.7 in /pkgs/applications/misc/gollum #3

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jul 16, 2024

Bumps rack from 2.2.9 to 3.1.7.

Release notes

Sourced from rack's releases.

v3.0.9.1

What's Changed

Full Changelog: rack/rack@v3.0.9...v3.0.9.1

v3.0.9

What's Changed

  • Fix content-length calcuation in Rack:Response#write #2150

Full Changelog: rack/rack@v3.0.8...v3.0.9

v3.0.8

What's Changed

New Contributors

Full Changelog: rack/rack@v3.0.7...v3.0.8

v3.0.7

What's Changed

Full Changelog: rack/rack@v3.0.6.1...v3.0.7

v3.0.6.1

No release notes provided.

v3.0.4.1

Full Changelog: rack/rack@v3.0.4...v3.0.4.1

v3.0.4

Full Changelog: rack/rack@v3.0.3...v3.0.4

v3.0.3

What's Changed

Full Changelog: rack/rack@v3.0.2...v3.0.3

v3.0.2

Full Changelog: rack/rack@v3.0.1...v3.0.2

Changelog

Sourced from rack's changelog.

[3.1.7] - 2024-07-11

Fixed

[3.1.6] - 2024-07-03

Fixed

  • Fix several edge cases in Rack::Request#parse_http_accept_header's implementation. (#2226, [@​ioquatix])

[3.1.5] - 2024-07-02

Security

[3.1.4] - 2024-06-22

Fixed

  • Fix Rack::Lint matching some paths incorrectly as authority form. (#2220, [@​ioquatix])

[3.1.3] - 2024-06-12

Fixed

[3.1.2] - 2024-06-11

  • Rack::Response will take in to consideration chunked encoding responses (#2204, [@​tenderlove])

[3.1.1] - 2024-06-11

  • Oops! I shouldn't have shipped that

[3.1.0] - 2024-06-11

⚠️ This release includes several breaking changes. Refer to the Removed section below for the list of deprecated methods that have been removed in this release.

Rack v3.1 is primarily a maintenance release that removes features deprecated in Rack v3.0. Alongside these removals, there are several improvements to the Rack SPEC, mainly focused on enhancing input and output handling. These changes aim to make Rack more efficient and align better with the requirements of server implementations and relevant HTTP specifications.

SPEC Changes

... (truncated)

Commits
  • 4bb2f72 Bump patch version.
  • 1c1e413 Ignore external tests directory.
  • b4a1036 Prepare for 3.1.7 release.
  • d0da91b Add more external tests.
  • f6f1510 Improve Rack::Response content-length header generation. (#2219)
  • fb339e0 Fix encoding setting for non-binary IO-like objects in MockRequest#env_for
  • e21872d Do not remove escaped opening/closing quotes for content-disposition filenames
  • 5c3d79f Synchronize changelog with HEAD.
  • bca33b4 Allow empty PATH_INFO. (#2214) (#2234)
  • 98aa947 Bump patch version.
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump rack in /pkgs/applications/misc/gollum
94226e1 
Bumps [rack](https://github.com/rack/rack) from 2.2.9 to 3.1.7.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](rack/rack@v2.2.9...v3.1.7)

---
updated-dependencies:
- dependency-name: rack
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Jul 16, 2024
Guanran928 pushed a commit that referenced this pull request Aug 16, 2024
@eclairevoyant
ffmpeg-headless: enable additional encoders by default
193b980 
This adds some extremely helpful and popular encoders in by default:
* openjpeg
* celt
* libwebp
* libaom

On the `master` branch, closure size for ffmpeg-headless went up 18.5 MiB.
```
$ nix store diff-closures nixpkgs#ffmpeg-headless^bin .#ffmpeg-headless^bin
celt: ∅ → 0.11.3, +168.4 KiB
ffmpeg-headless: +70.0 KiB
giflib: ∅ → 5.2.2, +398.7 KiB
lcms2: ∅ → 2.16, +466.2 KiB
lerc: ∅ → 4.0.0, +840.2 KiB
libaom: ∅ → 3.9.0, +8047.8 KiB
libdeflate: ∅ → 1.20, +427.0 KiB
libtiff: ∅ → 4.6.0, +655.9 KiB
libvmaf: ∅ → 3.0.0, +2665.0 KiB
libwebp: ∅ → 1.4.0, +2559.7 KiB
openjpeg: ∅ → 2.5.2, +1525.1 KiB
zstd: ∅ → 1.5.6, +1158.0 KiB

$ nvd diff $(nix build nixpkgs#ffmpeg-headless^bin --print-out-paths --no-link) $(nix build .#ffmpeg-headless^bin --print-out-paths --no-link)
<<< /nix/store/4n60lnj3zkjpasd4c56bzhpx2m8lc1sx-ffmpeg-headless-6.1.1-bin
>>> /nix/store/884f487w5hac6rs94jq6hq5zqkxdv666-ffmpeg-headless-6.1.1-bin
Added packages:
[A.]  #1  celt        0.11.3
[A.]  #2  giflib      5.2.2
[A.]  #3  lcms2       2.16
[A.]  #4  lerc        4.0.0
[A.]  #5  libaom      3.9.0
[A.]  NixOS#6  libdeflate  1.20
[A.]  NixOS#7  libtiff     4.6.0
[A.]  NixOS#8  libvmaf     3.0.0
[A.]  NixOS#9  libwebp     1.4.0 x2
[A.]  NixOS#10  openjpeg    2.5.2
[A.]  NixOS#11  zstd        1.5.6
Closure size: 66 -> 78 (15 paths added, 3 paths removed, delta +12, disk usage +18.5MiB).
```
Guanran928 pushed a commit that referenced this pull request Aug 26, 2024
@Ma27
gitea: drop PAM support
b395692 
Strongly inspired by the forgejo counterpart[1], for the following
reasons:

* The feature is broken with the current module and crashes on
  authentication with the following stacktrace (with a PAM service
  `gitea` added):

      server # Stack trace of thread 1008:
      server # #0  0x00007f3116917dfb __nptl_setxid (libc.so.6 + 0x8ddfb)
      server # #1  0x00007f3116980ae6 setuid (libc.so.6 + 0xf6ae6)
      server # #2  0x00007f30cc80f420 _unix_run_helper_binary (pam_unix.so + 0x5420)
      server # #3  0x00007f30cc8108c9 _unix_verify_password (pam_unix.so + 0x68c9)
      server # #4  0x00007f30cc80e1b5 pam_sm_authenticate (pam_unix.so + 0x41b5)
      server # #5  0x00007f3116a84e5b _pam_dispatch (libpam.so.0 + 0x3e5b)
      server # NixOS#6  0x00007f3116a846a3 pam_authenticate (libpam.so.0 + 0x36a3)
      server # NixOS#7  0x00000000029b1e7a n/a (.gitea-wrapped + 0x25b1e7a)
      server # NixOS#8  0x000000000047c7e4 n/a (.gitea-wrapped + 0x7c7e4)
      server # ELF object binary architecture: AMD x86-64
      server #
      server # [   42.420827] gitea[897]: pam_unix(gitea:auth): unix_chkpwd abnormal exit: 159
      server # [   42.423142] gitea[897]: pam_unix(gitea:auth): authentication failure; logname= uid=998 euid=998 tty= ruser= rhost=  user=snenskek

  It only worked after turning off multiple sandbox settings and adding
  `shadow` as supplementary group to `gitea.service`.

  I'm not willing to maintain additional multiple sandbox settings for
  different features, especially given that it was probably not used for
  quite a long time:

  * There was no PR or bugreport about sandboxing issues related to
    PAM.

  * Ever since the module exists, it used the user `gitea`, i.e. it had
    never read-access to `/etc/shadow`.

* Upstream has it disabled by default[2].

If somebody really needs it, it can still be brought back by an overlay
updating `tags` accordingly and modifying the systemd service config.

[1] 07641a9
[2] https://docs.gitea.com/usage/authentication#pam-pluggable-authentication-module
@Guanran928 Guanran928 force-pushed the master branch 3 times, most recently from e130eea to b13ff4f Compare November 8, 2024 05:09
@Guanran928 Guanran928 force-pushed the master branch 8 times, most recently from eab3007 to ca9b66d Compare November 22, 2024 08:22
@Guanran928 Guanran928 force-pushed the master branch 6 times, most recently from 1542c5f to 1b047ef Compare November 28, 2024 09:07
@Guanran928 Guanran928 force-pushed the master branch 4 times, most recently from 23c75eb to 78bad0f Compare December 6, 2024 05:04
@Guanran928 Guanran928 force-pushed the master branch 3 times, most recently from a322c03 to 1b13e1d Compare December 13, 2024 08:35
@Guanran928 Guanran928 force-pushed the master branch 3 times, most recently from 2bd2c5e to 0e97a6f Compare December 30, 2024 12:40
@Guanran928 Guanran928 force-pushed the master branch 2 times, most recently from 006038c to 1f02806 Compare January 4, 2025 03:05
@Guanran928 Guanran928 force-pushed the master branch 5 times, most recently from 7fc1893 to d722f69 Compare January 17, 2025 01:24
@Guanran928 Guanran928 force-pushed the master branch 5 times, most recently from f5885eb to 796b363 Compare January 26, 2025 17:59
@Guanran928 Guanran928 force-pushed the master branch 4 times, most recently from db4d672 to ced71fd Compare February 2, 2025 17:23
@Guanran928 Guanran928 force-pushed the master branch 2 times, most recently from 8efd03f to 8f704fb Compare February 6, 2025 14:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants