Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump sqlite3 from 1.4.4 to 1.5.3 in /src/supermarket/engines/fieri #2911

Closed
wants to merge 1 commit into from
Closed

Bump sqlite3 from 1.4.4 to 1.5.3 in /src/supermarket/engines/fieri #2911

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 12, 2022
edited
Loading

Bumps sqlite3 from 1.4.4 to 1.5.3.

Release notes

Sourced from sqlite3's releases.

1.5.3 / 2022-10-11

Fixed

  • Fixed installation of the "ruby" platform gem when building from source on Fedora. In v1.5.0..v1.5.2, installation failed on some systems due to the behavior of Fedora's pkg-config implementation. #355

sha256 checksums:

6780cc379c25a1395568cfd9a422024a0a18e7e2a39024f4120815b1a9d9ddec  sqlite3-1.5.3-aarch64-linux.gem
a8c09c5df83058712489ca7a5b072be8efb62db1d1c30fef4b64e386ff20a408  sqlite3-1.5.3-arm-linux.gem
ed25f7d3a8edc2d0a7b64c51dbb12665e45f750249e88937ae7a4ecdc4a53d13  sqlite3-1.5.3-arm64-darwin.gem
11cd815acd898c1dda022d8145365235fff29cdc2cc155f611c12d66ec925211  sqlite3-1.5.3-x64-mingw-ucrt.gem
10aea826628e6bd4339dccac74679cea6709b95adb78f2661b97101658ac998d  sqlite3-1.5.3-x64-mingw32.gem
c427322e6deb8807165ebb17d027aa8127ae267be2dba769574722f468c0815e  sqlite3-1.5.3-x86-linux.gem
6237622911b170eaf53fa931e3128656d027452acfffdd8cd2d0584f70a40376  sqlite3-1.5.3-x86_64-darwin.gem
12bc33cd1e063651985801a877463aad86645e3bd27d46577dced1a0a41b3826  sqlite3-1.5.3-x86_64-linux.gem
66524f404db0b697620b601dea6381b139e9ce6f47e8eb628759c8d6ddcb25c5  sqlite3-1.5.3.gem

1.5.2 / 2022-10-01

Packaging

This version correctly vendors the tarball for sqlite v3.39.4 in the vanilla "ruby" platform gem package, so that users will not require network access at installation.

v1.5.0 and v1.5.1 mistakenly packaged the tarball for sqlite v3.38.5 in the vanilla "ruby" platform gem, resulting in downloading the intended tarball over the network at installation time (or, if the network was not available, failure to install). Note that the precompiled native gems were not affected by this issue. #352

sha256 checksums:

94626203958f9abf5e7d28b0337af6d00fb10cabfc3d65e70eb95b878080a812  sqlite3-1.5.2-aarch64-linux.gem
ada7a8ec6b13165ebb56dfc8df9f896d2b41c78e92e2ba0b5bca969b6c376e1d  sqlite3-1.5.2-arm-linux.gem
472d837f79273bbfb7d626c787a0f3e9f0bd0a3855ed5bfee1ef70bee8808ced  sqlite3-1.5.2-arm64-darwin.gem
750bf833b72550244c672cb3467b68b5c89b3e8be2c893a2749cdbc3841ee898  sqlite3-1.5.2-x64-mingw-ucrt.gem
e750e17784cd76b59f5dd9a3366f9b0d76626872700f0f59194f2f4c439cbb01  sqlite3-1.5.2-x64-mingw32.gem
caf0a7717375addb46157b1090ad02316a9491531d69e2389f56058ce784518e  sqlite3-1.5.2-x86-linux.gem
caff6c75b13874ce828514a95aa437744e042390fdeb0f73decde16235d3fe2f  sqlite3-1.5.2-x86_64-darwin.gem
245f2ef5dd9c6a2b3df41b4af41fa659c8917d0cc231d4c1b03b4d199ae412e7  sqlite3-1.5.2-x86_64-linux.gem
9b3153b5703b4619534135c16ff7c4e8ba1adbd8548ff61bb4a002dd632bcd5e  sqlite3-1.5.2.gem

1.5.1 / 2022-09-29

Dependencies

... (truncated)

Changelog

Sourced from sqlite3's changelog.

1.5.3 / 2022-10-11

Fixed

  • Fixed installation of the "ruby" platform gem when building from source on Fedora. In v1.5.0..v1.5.2, installation failed on some systems due to the behavior of Fedora's pkg-config implementation. #355

1.5.2 / 2022-10-01

Packaging

This version correctly vendors the tarball for sqlite v3.39.4 in the vanilla "ruby" platform gem package, so that users will not require network access at installation.

v1.5.0 and v1.5.1 mistakenly packaged the tarball for sqlite v3.38.5 in the vanilla "ruby" platform gem, resulting in downloading the intended tarball over the network at installation time (or, if the network was not available, failure to install). Note that the precompiled native gems were not affected by this issue. #352

1.5.1 / 2022-09-29

Dependencies

  • Vendored sqlite is updated to v3.39.4.

Security

The vendored version of sqlite, v3.39.4, should be considered to be a security release. From the release notes:

Version 3.39.4 is a minimal patch against the prior release that addresses issues found since the prior release. In particular, a potential vulnerability in the FTS3 extension has been fixed, so this should be considered a security update.

In order to exploit the vulnerability, an attacker must have full SQL access and must be able to construct a corrupt database with over 2GB of FTS3 content. The problem arises from a 32-bit signed integer overflow.

For more information please see GHSA-mgvv-5mxp-xq67.

1.5.0 / 2022-09-08

Packaging

Faster, more reliable installation

Native (precompiled) gems are available for Ruby 2.6, 2.7, 3.0, and 3.1 on all these platforms:

  • aarch64-linux
  • arm-linux
  • arm64-darwin
  • x64-mingw32 and x64-mingw-ucrt
  • x86-linux

... (truncated)

Commits
  • 12fc329 version bump to v1.5.3
  • 5ec7855 Merge pull request #355 from sparklemotion/354-work-around-fedora-pkgconf-lib...
  • c0b1bae ext: work around fedora pkgconf issue
  • 321df4e ci: reproduce fedora pkgconf issue
  • 5c443e2 version bump to v1.5.2
  • 5ab9cd8 Merge pull request #352 from sparklemotion/351-fix-tarball-packaging
  • d37f248 fix: native.rake and test-gem-file-contents use dependencies.yml
  • df549ed refactor: extract mini_portile recipe config to dependencies.yml
  • 8ab3ecc version bump to 1.5.1
  • b026da1 Merge pull request #349 from sparklemotion/flavorjones-update-sqlite-3.39.4
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump sqlite3 from 1.4.4 to 1.5.3 in /src/supermarket/engines/fieri
44250d4 
Bumps [sqlite3](https://github.com/sparklemotion/sqlite3-ruby) from 1.4.4 to 1.5.3.
- [Release notes](https://github.com/sparklemotion/sqlite3-ruby/releases)
- [Changelog](https://github.com/sparklemotion/sqlite3-ruby/blob/master/CHANGELOG.md)
- [Commits](sparklemotion/sqlite3-ruby@v1.4.4...v1.5.3)

---
updated-dependencies:
- dependency-name: sqlite3
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested review from a team as code owners October 12, 2022 13:03
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Oct 12, 2022
@dependabot dependabot bot mentioned this pull request Oct 12, 2022
Closed
@netlify
Copy link

netlify bot commented Oct 12, 2022

👷 Deploy Preview for chef-supermarket processing.

Name Link
🔨 Latest commit 44250d4
🔍 Latest deploy log https://app.netlify.com/sites/chef-supermarket/deploys/6346bb1b29e4480008bd8aa6

@sonarcloud
Copy link

sonarcloud bot commented Oct 12, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@RajeshPaul38 RajeshPaul38 mentioned this pull request Oct 17, 2022
Merged
5 tasks
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 7, 2022

Looks like sqlite3 is up-to-date now, so this is no longer needed.

@dependabot dependabot bot closed this Nov 7, 2022
@dependabot dependabot bot deleted the dependabot/bundler/src/supermarket/engines/fieri/sqlite3-1.5.3 branch November 7, 2022 08:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants