Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump ffi from 1.0.11 to 1.9.24 in /_vendor/ruby/2.6.0/gems/http_parser.rb-0.6.0 #60

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Aug 15, 2022

Bumps ffi from 1.0.11 to 1.9.24.

Changelog

Sourced from ffi's changelog.

1.9.24 / 2018-06-02

Security Note:

This update addresses vulnerability CVE-2018-1000201: DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String. Found by Matthew Bush.

Added:

  • Added a CHANGELOG file
  • Add mips64(eb) support, and mips r6 support. (#601)

Changed:

  • Update libffi to latest changes on master.
  • Don't search in hardcoded /usr paths on Windows.
  • Don't treat Symbol args different to Strings in ffi_lib.
  • Make sure size_t is defined in Thread.c. Fixes #609

1.9.23 / 2018-02-25

Changed:

  • Fix unnecessary rebuild of configure in darwin multi arch. Fixes #605

1.9.22 / 2018-02-22

Changed:

  • Update libffi to latest changes on master.
  • Update detection of system libffi to match new requirements. Fixes #617
  • Prefer bundled libffi over system libffi on Mac OS.
  • Do closures via libffi. This removes ClosurePool and fixes compat with PaX. #540
  • Use a more deterministic gem packaging.
  • Fix unnecessary update of autoconf files at gem install.

1.9.21 / 2018-02-06

Added:

  • Ruby-2.5 support by Windows binary gems. Fixes #598
  • Add missing win64 types.
  • Added support for Bitmask. (#573)
  • Add support for MSYS2 (#572) and Sparc64 Linux. (#574)

Changed:

  • Fix read_string to not throw an error on length 0.
  • Don't use absolute paths for sh and env. Fixes usage on Adroid #528
  • Use Ruby implementation for which for better compat with Windows. Fixes #315

... (truncated)

Commits
  • 4e1051a Run rspec with dots output only
  • e70b13d Fix integer parameter range specs
  • 55ae232 Fix several specs where raise_error was called without class
  • 8821d4f Specify error class for several raise_error calls
  • bf48d44 Fix missing C declarations causing compiler warnings
  • f569788 Replace symlinks for mips r6 with plain files
  • fedbae0 Update CHANGELOG
  • a4d4d19 Merge branch 'master' of github.com:ffi/ffi
  • 45d8803 Add a CHANGELOG file
  • 2ff1d8f Bump VERSION to 1.9.24
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [ffi](https://github.com/ffi/ffi) from 1.0.11 to 1.9.24.
- [Release notes](https://github.com/ffi/ffi/releases)
- [Changelog](https://github.com/ffi/ffi/blob/master/CHANGELOG.md)
- [Commits](ffi/ffi@1.0.11...1.9.24)

---
updated-dependencies:
- dependency-name: ffi
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Aug 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants