diversity_ticketing
diversity_ticketing copied to clipboard
rubymonsters
chore(deps): Bump clearance from 1.16.1 to 2.5.0
Bumps clearance from 1.16.1 to 2.5.0.
Release notes
Sourced from clearance's releases.
v2.5.0
[2.5.0] - September 10, 2021
Fixed
- Fix open redirect vulnerability
Changed
- Rename default branch to
mainv2.4.0
2.4.0 - March 5, 2021
Added
- Optionally use signed cookies to prevent remember token timing attacks. Big thank you for
@gingerlime!v2.3.1
Fixed
- Support for accessing Rails 6.x primary_key_type in generator.
- Fix password reset URLs when using a custom model
- Fix flaky test that relied on too specific time delta
- Revert case sensitivity for email uniqueness
- Bump nokogiri and actionview dependencies to address security vulnerabilities
v2.3.0
2.3.0 - August 14, 2020
Fixed
- Delete cookie correctly when a callable object is set as the custom domain setting.
- Strip
asparameter when signing in through the back door.- Remove broken autoload for deprecated password strategies.
Changed
- Deliver password reset email inline rather than in the background.
- Remove unnecessary unsafe interpolation in erb templates.
v2.2.1
Fixed
- Prevent user enumeration by timing attacks. Trying to log in with an
... (truncated)
Changelog
Sourced from clearance's changelog.
2.5.0 - September 10, 2021
Fixed
- Fix open redirect vulnerability
Changed
- Rename default branch to
main2.4.0 - March 5, 2021
Added
- Optionally use signed cookies to prevent remember token timing attacks
2.3.1 - March 5, 2021
Fixed
- Support for accessing Rails 6.x primary_key_type in generator.
- Fix password reset URLs when using a custom model
- Fix flaky test that relied on too specific time delta
- Revert case sensitivity for email uniqueness
- Bump nokogiri and actionview dependencies to address security vulnerabilities
2.3.0 - August 14, 2020
Fixed
- Delete cookie correctly when a callable object is set as the custom domain setting.
- Strip
asparameter when signing in through the back door.- Remove broken autoload for deprecated password strategies.
Changed
- Deliver password reset email inline rather than in the background.
- Remove unnecessary unsafe interpolation in erb templates.
[2.2.1] - August 7, 2020
... (truncated)
Commits
3691c23[ci skip] v2.5.0 release5bcab3dFix open redirect vulnerabilityd1fade8Update CI badge from Travis to Githubd91c93bUpdate inch-ci branch from master to main7c6c010Update CI branch from master to mainc8d561cUpdate readme with correct httponly default (#942)6a284ccFix AddClearanceToUsers down method (remove_index) (#931)1d3be26Update REXML version (#940)729ed73fix typo (#939)b4cf731[ci skip] v2.4.0 release- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebasewill rebase this PR -
@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it -
@dependabot mergewill merge this PR after your CI passes on it -
@dependabot squash and mergewill squash and merge this PR after your CI passes on it -
@dependabot cancel mergewill cancel a previously requested merge and block automerging -
@dependabot reopenwill reopen this PR if it is closed -
@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -
@dependabot use these labelswill set the current labels as the default for future PRs for this repo and language -
@dependabot use these reviewerswill set the current reviewers as the default for future PRs for this repo and language -
@dependabot use these assigneeswill set the current assignees as the default for future PRs for this repo and language -
@dependabot use this milestonewill set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}