Bump sidekiq, rack-cors, rails, logstasher, restpack_serializer, json-schema_builder, pundit, rspec-rails, factory_girl_rails and schema_plus_pg_indexes

[dependabot]

Bumps sidekiq, rack-cors, rails, logstasher, restpack_serializer, json-schema_builder, pundit, rspec-rails, factory_girl_rails and schema_plus_pg_indexes. These dependencies needed to be updated together.
Updates sidekiq from 5.2.8 to 7.2.4

Changelog

Sourced from sidekiq's changelog.

7.2.4

• Fix XSS in metrics filtering introduced in 7.2.0, CVE-2024-32887 Thanks to @​UmerAdeemCheema for the security report.

7.2.3

• Support Dragonfly.io as an alternative Redis implementation
• Fix error unpacking some compressed error backtraces #6241
• Fix potential heartbeat data leak #6227
• Add ability to find a currently running work by jid [#6212, fatkodima]

7.2.2

• Add Process.warmup call in Ruby 3.3+
• Batch jobs now skip transactional push #6160

7.2.1

• Add Sidekiq::Work type which replaces the raw Hash as the third parameter in Sidekiq::WorkSet#each { |pid, tid, hash| ... } #6145
• DEPRECATED: direct access to the attributes within the hash block parameter above. The Sidekiq::Work instance contains accessor methods to get at the same data, e.g.

work["queue"] # Old
work.queue # New

• Fix Ruby 3.3 warnings around base64 gem [#6151, earlopain]

7.2.0

• sidekiq_retries_exhausted can return :discard to avoid the deadset and all death handlers #6091
• Metrics filtering by job class in Web UI #5974
• Better readability and formatting for numbers within the Web UI #6080
• Add explicit error if user code tries to nest test modes #6078

Sidekiq::Testing.inline! # global setting
Sidekiq::Testing.fake! do # override within block
  # ok
  Sidekiq::Testing.inline! do # can't override the override
    # not ok, nested
  end
end

... (truncated)

Commits

• 30786e0 Fix for CVE-2024-32887
• 371884e changes
• 0787900 prep for release
• b554667 Fix Rack deprecation
• e57a47e Fix session secret error in tests with rails 71
• 33006ba Fix build, latest ent changes
• 79d254d Add **kwargs to dynamic redis client method definition (#6249)
• cee6f0e Fix typos (#6245)
• 56cab5f formatting
• 24e3f68 Use lax decoding, fixes #6241
• Additional commits viewable in compare view

Updates rack-cors from 1.0.6 to 2.0.2

Changelog

Sourced from rack-cors's changelog.

2.0.2 - 2024-03-04

Changed

• Fix file permission issues with 2.0.1 release
  • Security: Fixes CVE-2024-27456, GHSA-785g-282q-pwvx

2.0.1 - 2023-02-17

Changed

• Use Rack::Utils::HeaderHash when Rack 2.x is detected

2.0.0 - 2023-02-14

Changed

• Refactored codebase
• Support declaring custom protocols in origin
• Lowercased header names as defined by Rack spec
• Fix issue with duplicate headers because of header name case

1.1.1 - 2019-12-29

Changed

• Allow //* to match // and / paths

1.1.0 - 2019-11-19

Changed

• Use Rack::Utils.escape_path instead of Rack::Utils.escape
• Require Rack 2.0 for escape_path method
• Don't try to clean path if invalid.
• Return 400 (Bad Request) on preflights with invalid path

Commits

• 8780639 Update changelog
• 7231de7 Bump rack-cors to 2.0.2
• b30b86d Fix rubocop
• e823594 Fix typo in README.md (#267)
• 8f50607 Escape $ in ressource paths compile (#270)
• 555ac46 Mocha 2.0+ / Minitest 5.19+ compatibility (#266)
• 202b85d Exclude test in gem
• b0e06a0 Move Host matching note into troubleshooting
• 507894e Fix test (#262)
• 484eb92 Update version, changelog
• Additional commits viewable in compare view

Updates rails from 4.2.11.3 to 5.2.8.1

Release notes

Sourced from rails's releases.

5.2.8.1

Active Support

• No changes.

Active Model

• No changes.

Active Record

• Change ActiveRecord::Coders::YAMLColumn default to safe_load

  This adds two new configuration options The configuration options are as follows:

  • config.active_storage.use_yaml_unsafe_load

  When set to true, this configuration option tells Rails to use the old "unsafe" YAML loading strategy, maintaining the existing behavior but leaving the possible escalation vulnerability in place. Setting this option to true is not recommended, but can aid in upgrading.

  • config.active_record.yaml_column_permitted_classes

  The "safe YAML" loading method does not allow all classes to be deserialized by default. This option allows you to specify classes deemed "safe" in your application. For example, if your application uses Symbol and Time in serialized data, you can add Symbol and Time to the allowed list as follows:

  config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
  

  [CVE-2022-32224]

Action View

• No changes.

Action Pack

... (truncated)

Commits

• 8030cff Preparing for 5.2.8.1 release
• 85b72c3 Ruby 3.1 compatibility
• ec10235 updating version and changelog
• 6576aa7 Change ActiveRecord::Coders::YAMLColumn default to safe_load
• 2652133 Preparing for 5.2.8 release
• a1b8a9b Merge pull request #45027 from rails/fix-tag-helper-regression
• cfef5e9 Merge pull request #44966 from fallwith/patch-1
• cd9d9f0 retain Ruby 2.2 compatibility for Rails 5.2
• 9f3761a Merge branch '5-2-sec' into 5-2-stable
• b290430 Preparing for 5.2.7.1 release
• Additional commits viewable in compare view

Updates logstasher from 0.9.0 to 2.1.5

Release notes

Sourced from logstasher's releases.

Latest release

This is for enabling auto release in github actions

Changelog

Sourced from logstasher's changelog.

2.1.5

• Ruby 3.0 and Rails 6 support

1.2.2

• Merge from #142 - Fix bug in detection of ActiveJob

1.2.1

• Merge from #131 - Fix gem initialization on MacOS Sierra

1.2.0

• Merge from #130 - Allow non-rails project to use this gem
• Merge from #125 - Updated yaml config

1.1.1

• Typo fixes. Merge from #127

1.1.0

• Added 'field_renaming' configuration option

1.0.0

• Drops support for ruby < 2 and Rails < 4

Commits

• 63af9dd Version bump after merging #170
• 0d2d180 Ensure that default_source is defined before it gets invoked on Railtie class...
• ee918a7 Version bump after merging #169
• 821ef54 Fix default value of source option (#169)
• 3bc905f Bump version after PR merge #168
• 090dcfb Updated version of the add_backtrace_filter PR (#168)
• 390c890 Version bump after merging #167
• c276471 Use ActiveJob’s serialiser to serialise AJ arguments (#167)
• 764d0dd Rubocop run (#166)
• aac51d2 Trim spec_helper file
• Additional commits viewable in compare view

Updates restpack_serializer from 637aaaf to 0.5.9

Commits

• See full diff in compare view

Updates json-schema_builder from 0.0.8 to 0.8.2

Commits

• 0adaef5 Bugfix Entity#required= with non-true values
• 44dc6a4 Allow required property errors to be customized more easily
• 3b6e870 Bump version
• 90e16e4 Allow entity definitions to reopened and extended
• a1931ce Allow schemas to be built iteratively
• a0ec3a9 Bump version
• f5ee96d Prevent array items from attempting to merge anyOf children. Fixes #6
• 7b5c302 Merge pull request #3 from jirutka/pattern_properties
• 372d069 Fix pattern_properties to be actually usable
• cc16075 Bump version
• Additional commits viewable in compare view

Updates pundit from 1.1.0 to 2.3.2

Changelog

Sourced from pundit's changelog.

2.3.2 (2024-05-08)

• Refactor: First pass of Pundit::Context (#797)

Changed

• Update ApplicationPolicy generator to qualify the Scope class name (#792)
• Policy generator uses NoMethodError to indicate #resolve is not implemented (#776)

Deprecated

• Dropped support for Ruby 3.0 (#796)

2.3.1 (2023-07-17)

Fixed

• Use Kernel.warn instead of ActiveSupport::Deprecation.warn for deprecations (#764)
• Policy generator now works on Ruby 3.2 (#754)

2.3.0 (2022-12-19)

Added

• add support for rubocop-rspec syntax extensions (#745)

2.2.0 (2022-02-11)

Fixed

• Using policy_class and a namespaced record now passes only the record when instantiating the policy. (#697, #689, #694, #666)

Changed

• Require users to explicitly define Scope#resolve in generated policies (#711, #722)

Deprecated

• Deprecate include Pundit in favor of include Pundit::Authorization (#621)

2.1.1 (2021-08-13)

Friday 13th-release!

Careful! The bugfix below (#626) could break existing code. If you rely on the return value for authorize and namespaced policies you might need to do some changes.

Fixed

... (truncated)

Commits

• 18994ac Merge pull request #804 from varvet/kbs/release
• d033604 Bump to v2.3.2
• 02d8e11 Add trusted publishing (rubygems)
• 176cabb Merge pull request #797 from varvet/kbs/pundit-context
• 6f04482 Open cache strategy API up for including user in cache key
• 8136c08 Apply the cache strategy for all policy lookups
• aedc862 Refactor: API contract for policy cache
• 266cae0 Make it clearer why these methods have a bang
• 9045680 First pass of Pundit::Context
• 4f41278 Add missing test around cache usage
• Additional commits viewable in compare view

Updates rspec-rails from 3.4.2 to 5.1.2

Changelog

Sourced from rspec-rails's changelog.

5.1.2 / 2022-04-24

Full Changelog

Bug Fixes:

• Fix controller scaffold templates parameter name. (Taketo Takashima, #2591)
• Include generator specs in the inferred list of specs. (Jason Karns, #2597)

5.1.1 / 2022-03-07

Full Changelog

Bug Fixes:

• Properly handle global id serialised arguments in have_enqueued_mail. (Jon Rowe, #2578)

5.1.0 / 2022-01-26

Full Changelog

Enhancements:

• Make the API request scaffold template more consistent and compatible with Rails 6.1. (Naoto Hamada, #2484)
• Change the scaffold rails_helper.rb template to use require_relative. (Jon Dufresne, #2528)

5.0.3 / 2022-01-26

Full Changelog

Bug Fixes:

• Properly name params in controller and request spec templates when using the --model-name parameter. (@​kenzo-tanaka, #2534)
• Fix parameter matching with mail delivery job and ActionMailer::MailDeliveryJob. (Fabio Napoleoni, #2516, #2546)
• Fix Rails 7 have_enqueued_mail compatibility (Mikael Henriksson, #2537, #2546)

5.0.2 / 2021-08-14

Full Changelog

Bug Fixes:

• Prevent generated job specs from duplicating _job in filenames. (Nick Flückiger, #2496)
• Fix ActiveRecord::TestFixture#uses_transaction by using example description to replace example name rather than example in our monkey patched run_in_transaction? method. (Stan Lo, #2495)
• Prevent keyword arguments being lost when methods are invoked dynamically in controller specs. (Josh Cheek, #2509, #2514)

... (truncated)

Commits

• 7faa22c Version 5.1.2
• 42eaba8 Changelog for #2597
• 19d6165 Merge pull request #2597 from jasonkarns/patch-1
• 4e87c78 Changelog for #2591
• 1c35c19 Merge pull request #2591 from taketo1113/controller-spec-update
• 056432f Version 5.1.1
• f21521a Changelog for #2578
• d7e5638 Merge pull request #2578 from rspec/have-enqueued-mail-fix
• 6f029a8 Add regression check for mailer with global job is and fix swapped argument bug
• 29a0f93 Fix Ruby 2.2 builds
• Additional commits viewable in compare view

Updates factory_girl_rails from 4.7.0 to 4.9.0

Release notes

Sourced from factory_girl_rails's releases.

Version 4.9.0

This is the final release of factory_girl_rails, which has been renamed to factory_bot_rails.

Learn more about the name change here: https://robots.thoughtbot.com/factory_bot

Version 4.8.2

This is the first release of factory_bot_rails, formerly known as factory_girl_rails.

Learn more about the name change here: https://robots.thoughtbot.com/factory_bot

Changelog

Sourced from factory_girl_rails's changelog.

factory_bot_rails versioning is synced with factory_bot releases. For this reason there might not be any notable changes in new versions of this project.

NEWS

6.4.3 (December 29, 2023)

• Changed: allow sequence definitions for ActiveRecord primary keys (Mike Burns).
• Changed: Support Ruby 3.0+, Rails 6.1+ (Mike Burns)
• Documentation improvements (obregonia1).
• Internal: GitHub Actions improvements (Lorenzo Zabot, ydah).
• Internal: RubyGems points to changelog (Tilo Sloboda).
• Internal: Bump standard, rake, activerecord, appraisal, rspec-rails (Mike Burns).

6.4.2 (November 23, 2023)

• Fixed: Fix Rails 7.1.2 + monkey-patched ActiveRecord compatibility (Adif Sgaid, Benoit Tigeot)
• Internal: Test against Rails 7.1 (y-yagi)
• Internal: Fix links to old files after renaming the main branch to main (y-yagi)

6.4.0 (November 17, 2023)

• Releasing this for consistency with the factory_bot dependency.

6.3.0 (November 17, 2023)

• Changed: reject sequence definitions for ActiveRecord primary keys (Sean Doyle).
• Changed: factory_bot dependency to ~> 6.4 (Mike Burns).
• Changed: upgrade dependencies (Daniel Colson).
• Add: projections.json for Rails.vim (Caleb Hearth).
• Docs: fix broken link (Edu Depetris).
• Docs: mention Rails generator in docs (Edu Depetris).
• Docs: fix typo (Yudai Takada).
• Internal: skip Spring version 2.1.1 due to a bug in that release (Christina Entcheva, Daniel Colson).
• Internal: test against Rails 6.1 (Antonis Berkakis).
• Internal: test against Ruby 3 (Daniel Colson).
• Internal: fewer warnings in Cucumber tests (Daniel Colson).
• Internal: use GitHub Actions for CI (Mathieu Jobin).
• Internal: a whole bunch of cleanup (Daniel Colson).
• Internal: fix CI due to a Bundler output change (Mike Burns).

6.2.0 (May 7, 2021)

• Changed: factory_bot dependency to ~> 6.2.0

... (truncated)

Commits

• 13ecff9 Bump version to 4.9.0
• ebd3310 Update FactoryGirl requirement to 4.9.0
• dca3731 Bump version to 4.8.0
• 91dfdca Update Factory Girl requirement to 4.8.0
• 4a7afc4 Updates ReadMe to recommend environments for gem
• ec478f1 Appraise against Rails 5.0
• 4044827 link to confguring the test suite
• a44854d Update Gemspec file to not use git ls-files
• 282b293 Add $ to command line instruction
• 24f3624 update gemspec description
• Additional commits viewable in compare view

Updates schema_plus_pg_indexes from 0.1.12 to 0.3.2

Commits

• a7e2d23 version bump to 0.3.2
• d1b39ec add rails 5.2 support
• cba2661 relax rspec version constraint
• 46db5ce version bump 0.3.1
• c71d49f Merge pull request #19 from joxxoxo/fix-schema-dump-for-complex-order-clause
• a741253 Fix schema dump for complex order clause
• a583df3 version bump 0.3.0
• ee595b0 change "History" => "Release Notes"
• f8b4e2d Merge branch 'AR-5.1'
• f3fbba6 adjust expectations to match AR 5.1 dump
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.