Packages changed: at augeas bind busybox-links editorconfig-core-c (0.12.4 -> 0.12.5) graphviz graphviz-addons ibus libcontainers-common (20210112 -> 20210626) libevdev libhandy (1.2.2 -> 1.2.3) libreoffice libstorage-ng (4.4.15 -> 4.4.19) memcached nmap openpgm perl-Convert-ASN1 perl-HTTP-Message (6.32 -> 6.33) perl-Net-SSLeay pipewire (0.3.30+55 -> 0.3.31) polari (3.38.0 -> 40.0) postfix rubygem-actioncable-5.2 (5.2.4.4 -> 5.2.6) rubygem-actioncable-6.0 (6.0.3.4 -> 6.0.4) rubygem-actionmailbox-6.0 (6.0.3.4 -> 6.0.4) rubygem-actionmailer-5.2 (5.2.4.4 -> 5.2.6) rubygem-actionmailer-6.0 (6.0.3.4 -> 6.0.4) rubygem-actionpack-5.2 (5.2.4.4 -> 5.2.6) rubygem-actionpack-6.0 (6.0.3.4 -> 6.0.4) rubygem-actiontext-6.0 (6.0.3.4 -> 6.0.4) rubygem-actionview-5.2 (5.2.4.4 -> 5.2.6) rubygem-actionview-6.0 (6.0.3.4 -> 6.0.4) rubygem-activejob-5.2 (5.2.4.4 -> 5.2.6) rubygem-activejob-6.0 (6.0.3.4 -> 6.0.4) rubygem-activemodel-5.2 (5.2.4.4 -> 5.2.6) rubygem-activemodel-6.0 (6.0.3.4 -> 6.0.4) rubygem-activerecord-5.2 (5.2.4.4 -> 5.2.6) rubygem-activerecord-6.0 (6.0.3.4 -> 6.0.4) rubygem-activestorage-5.2 (5.2.4.4 -> 5.2.6) rubygem-activestorage-6.0 (6.0.3.4 -> 6.0.4) rubygem-activesupport-5.2 (5.2.4.4 -> 5.2.6) rubygem-activesupport-6.0 (6.0.3.4 -> 6.0.4) rubygem-bundler (2.2.17 -> 2.2.21) rubygem-bundler-audit (0.7.0.1 -> 0.8.0) rubygem-chef-utils (16.9.29 -> 17.2.29) rubygem-commander (4.5.2 -> 4.6.0) rubygem-debug_inspector (1.0.0 -> 1.1.0) rubygem-delayed_job_active_record (4.1.5 -> 4.1.6) rubygem-devise (4.7.3 -> 4.8.0) rubygem-devise-i18n (1.9.2 -> 1.10.0) rubygem-docile (1.3.5 -> 1.4.0) rubygem-dry-configurable (0.12.0 -> 0.12.1) rubygem-dry-container (0.7.2 -> 0.8.0) rubygem-dry-core (0.5.0 -> 0.6.0) rubygem-dry-logic (1.1.0 -> 1.2.0) rubygem-dry-types (1.4.0 -> 1.5.1) rubygem-font-awesome-rails (4.7.0.6 -> 4.7.0.7) rubygem-grape (1.5.1 -> 1.5.3) rubygem-hoe (3.22.3 -> 3.23.0) rubygem-http-cookie (1.0.3 -> 1.0.4) rubygem-js-routes (1.4.14 -> 2.0.7) rubygem-jwt (2.2.2 -> 2.2.3) rubygem-kgio (2.11.3 -> 2.11.4) rubygem-liquid (5.0.0 -> 5.0.1) rubygem-loofah (2.9.1 -> 2.10.0) rubygem-marcel (0.3.3 -> 1.0.1) rubygem-mixlib-authentication (3.0.7 -> 3.0.10) rubygem-mixlib-shellout (3.2.2 -> 3.2.5) rubygem-moneta (1.4.1 -> 1.4.2) rubygem-nokogiri (1.11.6 -> 1.11.7) rubygem-oauth2 (1.4.4 -> 1.4.7) rubygem-omniauth (2.0.1 -> 2.0.4) rubygem-omniauth-google-oauth2 (0.8.1 -> 1.0.0) rubygem-passenger rubygem-pry (0.13.1 -> 0.14.1) rubygem-puma-4 (4.3.7 -> 4.3.8) rubygem-rack-oauth2 (1.16.0 -> 1.17.0) rubygem-rack-proxy (0.6.5 -> 0.7.0) rubygem-rails-5.2 (5.2.4.4 -> 5.2.6) rubygem-rails-6.0 (6.0.3.4 -> 6.0.4) rubygem-railties-5.2 (5.2.4.4 -> 5.2.6) rubygem-railties-6.0 (6.0.3.4 -> 6.0.4) rubygem-raindrops (0.19.1 -> 0.19.2) rubygem-rice (3.0.0 -> 4.0.2) rubygem-ruby_parser (3.15.1 -> 3.16.0) rubygem-rubyntlm (0.6.2 -> 0.6.3) rubygem-sdoc (2.0.3 -> 2.2.0) rubygem-semantic_range (2.3.1 -> 3.0.0) rubygem-sexp_processor (4.15.2 -> 4.15.3) rubygem-simplecov_json_formatter (0.1.2 -> 0.1.3) rubygem-slop (4.8.2 -> 4.9.1) rubygem-terminal-table (2.0.0 -> 3.0.1) rubygem-timers (4.3.2 -> 4.3.3) rubygem-winrm (2.3.5 -> 2.3.6) sendmail (8.16.1 -> 8.17.0.3) snapper totem-pl-parser (3.26.5 -> 3.26.6) tpm2-0-tss vim (8.2.2918 -> 8.2.3075) wxWidgets-3_2-nostl xdelta3 yast2-firstboot (4.4.1 -> 4.4.2) zeromq === Details === ==== at ==== - Change to using systemd-sysusers ==== augeas ==== Subpackages: augeas-lenses libaugeas0 - add remove-unportable-tests.patch to fix build ==== bind ==== Subpackages: bind-doc bind-utils python3-bind - Add patch bind-fix-build-with-older-sphinx.patch and sed fix in order to build with older distributions. ==== busybox-links ==== Subpackages: busybox-coreutils busybox-findutils busybox-gawk busybox-grep busybox-gzip busybox-psmisc busybox-sed busybox-sendmail busybox-util-linux busybox-xz - Add util-linux-systemd as BuildRequires ==== editorconfig-core-c ==== Version update (0.12.4 -> 0.12.5) - editorconfig-core-c 0.12.5: * Fix memory leak which would occur if no .editorconfig files were found in the file's ancestry or if an error occurred while ingesting values. ==== graphviz ==== Subpackages: graphviz-plugins-core libgraphviz6 - Update graphviz-2.20.2-interpreter_names.patch so the Python demo uses Python 3. ==== graphviz-addons ==== Subpackages: graphviz-gd graphviz-gnome - Update graphviz-2.20.2-interpreter_names.patch so the Python demo uses Python 3. ==== ibus ==== Subpackages: ibus-dict-emoji ibus-gtk ibus-gtk-32bit ibus-gtk3 ibus-lang libibus-1_0-5 libibus-1_0-5-32bit typelib-1_0-IBus-1_0 - Rollback ibus-socket-name-compatibility.patch for Leap 15. Qt5 does not be updated to the new version or patch for ibus on Leap 15. It still needs this patch on leap 15 (boo#1187202). ==== libcontainers-common ==== Version update (20210112 -> 20210626) - Mention libcontainers-common.rpmlintrc as source - Use versioned obsoletes - Update common to 0.38.11 - Update podman to 3.2.2 - Update storage to 1.32.5 - Update image to 5.13.2 ==== libevdev ==== Subpackages: libevdev-devel libevdev-tools libevdev2 - It is actually not necessary to use python2, python3 works as well. ==== libhandy ==== Version update (1.2.2 -> 1.2.3) Subpackages: libhandy-1-0 libhandy-lang typelib-1_0-Handy-1_0 - Update to version 1.2.3: + HdySqueezer: Fix a size allocation issue. + HdyTabBar: Fix a leak. + HdyAvatar: Fix getting the pixbuf from the avatar. + HdyClamp: Fix using "size" and not "width" in the documentation. + HdyDeck and HdyLeaflet: Null check a child before using it when looking for a swipeable one. + Specify the translation domain in UI files. + Remove some unused code. + Updated translations. ==== libreoffice ==== Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit - Fix bsc#1187173 and bsc#1186871: fix component handling for ucpdav1 when --with-webdav=serf * bsc1187173.patch ==== libstorage-ng ==== Version update (4.4.15 -> 4.4.19) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#818 - fixed action dependency generation when certain LVM and btrfs quota action are present - added unit test - more detailed exception messages - 4.4.19 - merge gh#openSUSE/libstorage-ng#817 - allow trailing newlines in json parser - 4.4.18 - merge gh#openSUSE/libstorage-ng#816 - new exceptions for invalid stripe and chunk sizes - 4.4.17 - merge gh#openSUSE/libstorage-ng#815 - added functions to validate LVM VG and LV names - preceded LVM VG and LV name by '--' during command invocation - added notes - work on LVM support - 4.4.16 ==== memcached ==== - Change to using systemd-sysusers ==== nmap ==== - Also guard the python-devel BuildRequires if we're building for Python 2 ==== openpgm ==== - Add use_python3.patch to allow use of Python3 instead of Python2 for generating files. ==== perl-Convert-ASN1 ==== - Fix autoupdate: Update spec file - Rebase Convert-ASN1-0.22-test.diff and rename it to perl-Convert-ASN1-0.31-test.patch ==== perl-HTTP-Message ==== Version update (6.32 -> 6.33) - updated to 6.33 see /usr/share/doc/packages/perl-HTTP-Message/Changes 6.33 2021-06-28 16:51:58Z - Allow `can` method to respond to delegated methods (GH#159) (nanto_vi, TOYAMA Nao) ==== perl-Net-SSLeay ==== - Fix cpanspec.yml preamble section. ==== pipewire ==== Version update (0.3.30+55 -> 0.3.31) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-modules pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Add %pre and %post sections to the new media-session subpackage. - Move the references to the media-session service from the workaround in pipewire's %post section to the workaround in the new subpackage's %post section. - Update to 0.3.31: * Highlights - Fixes for alsa-lib 1.2.5 - New pulseaudio modules: module-avahi-zeroconf, module-pipe-source, module-roc-sink, module-roc-source - JACK has seen massive stability improvements. Locking and correctness wrt to callbacks and has been reworked. Also thread priorities have improved. - Handle various crashes and lockups when running out of file descriptors. - Bluetooth now uses a hardware database to disable non-working features on listed devices. - Scheduling quantum and rate can now be changed dynamically with pw-metadata. - Many bugfixes and improvements. * PipeWire - Improve cleanup of context in error cases. - There is now a pw-test framework for improved unit tests. - Improve property serialization to valid JSON. - Fix some macros to work with better with coverity. - Metadata permissions are checked now. Clients need the M permission on an object to be able to set metadata for it. - The core metadata object will now remove metadata for removed objects, the implementor does not need to worry about that anymore. - Audioadapter will now follow the rate of the graph with the resampler adjusting itself dynamically. - Core now has a metadata implementation helper. A context will expose a metadata with settings that can be changed at runtime. This can be used to change the lowlevel or graph quantum and samplerate on the fly. - An infinite loop was fixed in the audio converter. - Handle out-of-fds more gracefully. Handle truncated control data by dropping the client connection. - Fix profiler crash with many streams. - Improve latency handling in pw-filter. There is now a default handler and a ProcessLatency parameter to simplify latency reporting. - Latency reporting was improved in devices and streams. - And example sink/source was added. * ALSA - hardware mute and volume are now properties on the Route param to make things easier. - More fixes for alsa-ucm 1.2.5. * Tools - spa-json-dump now properly encodes string and keys - pw-dump now shows the correct subject of the metadata. * PulseAudio server - Ensure the node.description is set, some applications crash otherwise (TeamSpeak). - Module loading and unloading was improved. - module-avahi-zeroconf was implemented. - module-pipe-source was implemented - module-roc-sink and module-roc-source was implemented - The maximum amount of connections has been limited to 64, like pulseaudio. - Handle out-of-fds more gracefully. - Fix overflow of read/write pointers. - source and sink state are now decoupled from the monitor state and will report IDLE when not playing anything. * media-session - Port switching should now happen to/from the port that actually changed. * JACK - The locking was reviewed. All callbacks are not emited from the PipeWire thread with the lock released and the process function will be disabled for the duration of the callback. This ensures that no two callbacks are called at the same time. - Improve internal consistency and try to never call callbacks with invalid objects. - Monitor port can now be accessed with system:monitor_%d - client threads are now created with SCHED_FIFO and module-rt is used to create the other RT threads. This should avoid SIGKILL from RTKit in some cases. * Bluetooth - Various bugfixes to improve connections to devices. - Handle delayed UUID connection. - There is now a hardware database that can disable features in listed devices. - Use libusb to detect availability of mSBC. * ALSA - The virtual device name can now also contain a media role. - Add BuildRequires(libusb-1.0) to detect mSBC support for Bluetooth. - Move media-session to a separate package (similar to Fedora), allowing to switch to another session manager. ==== polari ==== Version update (3.38.0 -> 40.0) Subpackages: polari-lang - Fold typelib-1_0-Polari-1_0 into the main package: the .typelib file is installed in a private gi-repository. - Obsolete the old package name to ease upgrades. - Update to version 40.0: + Promisify async operations. - Changes from version 3.38.1: + Add hackint to predefined networks. + Add Libera.Chat to predefined networks. + Promote Libera.Chat over Freenode. + Update OFTC server list. + Misc. bug fixes and cleanups. + Updated translations. ==== postfix ==== Subpackages: postfix-doc - postfix-mysql * add mysql_relay_recipient_maps.cf - postfix-SUSE * rework sysconfig.postfix, add - POSTFIX_RELAY_RECIPIENTS - POSTFIX_BACKUPMX * add relay_recipients * rework config.postfix for main.cf - is_backupmx - relay_recipient_maps - Add now working CONFIG parameter to sysusers generator ==== rubygem-actioncable-5.2 ==== Version update (5.2.4.4 -> 5.2.6) updated to version 5.2.6 see installed CHANGELOG.md [#]# Rails 5.2.6 (May 05, 2021) ## * No changes. [#]# Rails 5.2.5 (March 26, 2021) ## * No changes. [#]# Rails 5.2.4.6 (May 05, 2021) ## * No changes. [#]# Rails 5.2.4.5 (February 10, 2021) ## * No changes. ==== rubygem-actioncable-6.0 ==== Version update (6.0.3.4 -> 6.0.4) updated to version 6.0.4 see installed CHANGELOG.md [#]# Rails 6.0.4 (June 15, 2021) ## * No changes. [#]# Rails 6.0.3.7 (May 05, 2021) ## * No changes. [#]# Rails 6.0.3.6 (May 04, 2021) ## * No changes. [#]# Rails 6.0.3.6 (March 26, 2021) ## * No changes. [#]# Rails 6.0.3.5 (February 10, 2021) ## * No changes. ==== rubygem-actionmailbox-6.0 ==== Version update (6.0.3.4 -> 6.0.4) updated to version 6.0.4 see installed CHANGELOG.md [#]# Rails 6.0.4 (June 15, 2021) ## * No changes. [#]# Rails 6.0.3.7 (May 05, 2021) ## * No changes. [#]# Rails 6.0.3.6 (March 26, 2021) ## * No changes. [#]# Rails 6.0.3.5 (February 10, 2021) ## * No changes. ==== rubygem-actionmailer-5.2 ==== Version update (5.2.4.4 -> 5.2.6) updated to version 5.2.6 see installed CHANGELOG.md [#]# Rails 5.2.6 (May 05, 2021) ## * No changes. [#]# Rails 5.2.5 (March 26, 2021) ## * No changes. [#]# Rails 5.2.4.6 (May 05, 2021) ## * No changes. [#]# Rails 5.2.4.5 (February 10, 2021) ## * No changes. ==== rubygem-actionmailer-6.0 ==== Version update (6.0.3.4 -> 6.0.4) updated to version 6.0.4 see installed CHANGELOG.md [#]# Rails 6.0.4 (June 15, 2021) ## * No changes. [#]# Rails 6.0.3.7 (May 05, 2021) ## * No changes. [#]# Rails 6.0.3.6 (March 26, 2021) ## * No changes. [#]# Rails 6.0.3.5 (February 10, 2021) ## * No changes. ==== rubygem-actionpack-5.2 ==== Version update (5.2.4.4 -> 5.2.6) updated to version 5.2.6 see installed CHANGELOG.md [#]# Rails 5.2.6 (May 05, 2021) ## * Accept base64_urlsafe CSRF tokens to make forward compatible. Base64 strict-encoded CSRF tokens are not inherently websafe, which makes them difficult to deal with. For example, the common practice of sending the CSRF token to a browser in a client-readable cookie does not work properly out of the box: the value has to be url-encoded and decoded to survive transport. In this version, we generate Base64 urlsafe-encoded CSRF tokens, which are inherently safe to transport. Validation accepts both urlsafe tokens, and strict-encoded tokens for backwards compatibility. How the tokes are encoded is controllr by the `action_controller.urlsafe_csrf_tokens` config. In Rails 5.2.5, the CSRF token format was accidentally changed to urlsafe-encoded. * *Atention**: If you already upgraded your application to 5.2.5, set the config `urlsafe_csrf_tokens` to `true`, otherwise your form submission will start to fail during the deploy of this new version. ```ruby Rails.application.config.action_controller.urlsafe_csrf_tokens = true ``` If you are upgrading from 5.2.4.x, you don't need to change this configuration. * Scott Blum*, *Étienne Barrié* [#]# Rails 5.2.5 (March 26, 2021) ## * No changes. [#]# Rails 5.2.4.6 (May 05, 2021) ## * Prevent regex DoS in HTTP token authentication CVE-2021-22904 * Prevent string polymorphic route arguments. `url_for` supports building polymorphic URLs via an array of arguments (usually symbols and records). If a developer passes a user input array, strings can result in unwanted route helper calls. CVE-2021-22885 * Gannon McGibbon* [#]# Rails 5.2.4.5 (February 10, 2021) ## * No changes. ==== rubygem-actionpack-6.0 ==== Version update (6.0.3.4 -> 6.0.4) Subpackages: ruby2.7-rubygem-actionpack-6.0 ruby3.0-rubygem-actionpack-6.0 updated to version 6.0.4 see installed CHANGELOG.md [#]# Rails 6.0.4 (June 15, 2021) ## * Accept base64_urlsafe CSRF tokens to make forward compatible. Base64 strict-encoded CSRF tokens are not inherently websafe, which makes them difficult to deal with. For example, the common practice of sending the CSRF token to a browser in a client-readable cookie does not work properly out of the box: the value has to be url-encoded and decoded to survive transport. In Rails 6.1, we generate Base64 urlsafe-encoded CSRF tokens, which are inherently safe to transport. Validation accepts both urlsafe tokens, and strict-encoded tokens for backwards compatibility. In Rails 5.2.5, the CSRF token format is accidentally changed to urlsafe-encoded. If you upgrade apps from 5.2.5, set the config `urlsafe_csrf_tokens = true`. ```ruby Rails.application.config.action_controller.urlsafe_csrf_tokens = true ``` * Scott Blum*, *Étienne Barrié* * Signed and encrypted cookies can now store `false` as their value when `action_dispatch.use_cookies_with_metadata` is enabled. * Rolandas Barysas* [#]# Rails 6.0.3.7 (May 05, 2021) ## * Prevent catastrophic backtracking during mime parsing CVE-2021-22902 * Prevent regex DoS in HTTP token authentication CVE-2021-22904 * Prevent string polymorphic route arguments. `url_for` supports building polymorphic URLs via an array of arguments (usually symbols and records). If a developer passes a user input array, strings can result in unwanted route helper calls. CVE-2021-22885 * Gannon McGibbon* [#]# Rails 6.0.3.6 (March 26, 2021) ## * No changes. [#]# Rails 6.0.3.5 (February 10, 2021) ## * Prevent open redirect when allowed host starts with a dot [CVE-2021-22881] Thanks to @tktech (https://hackerone.com/tktech) for reporting this issue and the patch! * Aaron Patterson* ==== rubygem-actiontext-6.0 ==== Version update (6.0.3.4 -> 6.0.4) updated to version 6.0.4 see installed CHANGELOG.md [#]# Rails 6.0.4 (June 15, 2021) ## * No changes. [#]# Rails 6.0.3.7 (May 05, 2021) ## * No changes. [#]# Rails 6.0.3.6 (March 26, 2021) ## * No changes. [#]# Rails 6.0.3.5 (February 10, 2021) ## * No changes. ==== rubygem-actionview-5.2 ==== Version update (5.2.4.4 -> 5.2.6) updated to version 5.2.6 see installed CHANGELOG.md [#]# Rails 5.2.6 (May 05, 2021) ## * No changes. [#]# Rails 5.2.5 (March 26, 2021) ## * No changes. [#]# Rails 5.2.4.6 (May 05, 2021) ## * No changes. [#]# Rails 5.2.4.5 (February 10, 2021) ## * No changes. ==== rubygem-actionview-6.0 ==== Version update (6.0.3.4 -> 6.0.4) Subpackages: ruby2.7-rubygem-actionview-6.0 ruby3.0-rubygem-actionview-6.0 updated to version 6.0.4 see installed CHANGELOG.md [#]# Rails 6.0.4 (June 15, 2021) ## * SanitizeHelper.sanitized_allowed_attributes and SanitizeHelper.sanitized_allowed_tags call safe_list_sanitizer's class method Fixes #39586 * Taufiq Muhammadi* [#]# Rails 6.0.3.7 (May 05, 2021) ## * No changes. [#]# Rails 6.0.3.6 (March 26, 2021) ## * No changes. [#]# Rails 6.0.3.5 (February 10, 2021) ## * No changes. ==== rubygem-activejob-5.2 ==== Version update (5.2.4.4 -> 5.2.6) updated to version 5.2.6 see installed CHANGELOG.md [#]# Rails 5.2.6 (May 05, 2021) ## * No changes. [#]# Rails 5.2.5 (March 26, 2021) ## * No changes. [#]# Rails 5.2.4.6 (May 05, 2021) ## * No changes. [#]# Rails 5.2.4.5 (February 10, 2021) ## * No changes. ==== rubygem-activejob-6.0 ==== Version update (6.0.3.4 -> 6.0.4) updated to version 6.0.4 see installed CHANGELOG.md [#]# Rails 6.0.4 (June 15, 2021) ## * No changes. [#]# Rails 6.0.3.7 (May 05, 2021) ## * No changes. [#]# Rails 6.0.3.6 (March 26, 2021) ## * No changes. [#]# Rails 6.0.3.5 (February 10, 2021) ## * No changes. ==== rubygem-activemodel-5.2 ==== Version update (5.2.4.4 -> 5.2.6) updated to version 5.2.6 see installed CHANGELOG.md [#]# Rails 5.2.6 (May 05, 2021) ## * No changes. [#]# Rails 5.2.5 (March 26, 2021) ## * No changes. [#]# Rails 5.2.4.6 (May 05, 2021) ## * No changes. [#]# Rails 5.2.4.5 (February 10, 2021) ## * No changes. ==== rubygem-activemodel-6.0 ==== Version update (6.0.3.4 -> 6.0.4) Subpackages: ruby2.7-rubygem-activemodel-6.0 ruby3.0-rubygem-activemodel-6.0 updated to version 6.0.4 see installed CHANGELOG.md [#]# Rails 6.0.4 (June 15, 2021) ## * No changes. [#]# Rails 6.0.3.7 (May 05, 2021) ## * No changes. [#]# Rails 6.0.3.6 (March 26, 2021) ## * No changes. [#]# Rails 6.0.3.5 (February 10, 2021) ## * No changes. ==== rubygem-activerecord-5.2 ==== Version update (5.2.4.4 -> 5.2.6) updated to version 5.2.6 see installed CHANGELOG.md [#]# Rails 5.2.6 (May 05, 2021) ## * No changes. [#]# Rails 5.2.5 (March 26, 2021) ## * No changes. [#]# Rails 5.2.4.6 (May 05, 2021) ## * No changes. [#]# Rails 5.2.4.5 (February 10, 2021) ## * Fix possible DoS vector in PostgreSQL money type Carefully crafted input can cause a DoS via the regular expressions used for validating the money format in the PostgreSQL adapter. This patch fixes the regexp. Thanks to @dee-see from Hackerone for this patch! [CVE-2021-22880] * Aaron Patterson* ==== rubygem-activerecord-6.0 ==== Version update (6.0.3.4 -> 6.0.4) updated to version 6.0.4 see installed CHANGELOG.md [#]# Rails 6.0.4 (June 15, 2021) ## * Only warn about negative enums if a positive form that would cause conflicts exists. Fixes #39065. * Alex Ghiculescu* * Allow the inverse of a `has_one` association that was previously autosaved to be loaded. Fixes #34255. * Steven Weber* * Reset statement cache for association if `table_name` is changed. Fixes #36453. * Ryuta Kamizono* * Type cast extra select for eager loading. * Ryuta Kamizono* * Prevent collection associations from being autosaved multiple times. Fixes #39173. * Eugene Kenny* * Resolve issue with insert_all unique_by option when used with expression index. When the `:unique_by` option of `ActiveRecord::Persistence.insert_all` and `ActiveRecord::Persistence.upsert_all` was used with the name of an expression index, an error was raised. Adding a guard around the formatting behavior for the `:unique_by` corrects this. Usage: ```ruby create_table :books, id: :integer, force: true do |t| t.column :name, :string t.index "lower(name)", unique: true end Book.insert_all [{ name: "MyTest" }], unique_by: :index_books_on_lower_name ``` Fixes #39516. * Austen Madden* * Fix preloading for polymorphic association with custom scope. * Ryuta Kamizono* * Allow relations with different SQL comments in the `or` method. * Takumi Shotoku* * Resolve conflict between counter cache and optimistic locking. Bump an Active Record instance's lock version after updating its counter cache. This avoids raising an unnecessary `ActiveRecord::StaleObjectError` upon subsequent transactions by maintaining parity with the corresponding database record's `lock_version` column. Fixes #16449. * Aaron Lipman* * Fix through association with source/through scope which has joins. * Ryuta Kamizono* * Fix through association to respect source scope for includes/preload. * Ryuta Kamizono* * Fix eager load with Arel joins to maintain the original joins order. * Ryuta Kamizono* * Fix group by count with eager loading + order + limit/offset. * Ryuta Kamizono* * Fix left joins order when merging multiple left joins from different associations. * Ryuta Kamizono* * Fix index creation to preserve index comment in bulk change table on MySQL. * Ryuta Kamizono* * Change `remove_foreign_key` to not check `:validate` option if database doesn't support the feature. * Ryuta Kamizono* * Fix the result of aggregations to maintain duplicated "group by" fields. * Ryuta Kamizono* * Do not return duplicated records when using preload. * Bogdan Gusiev* [#]# Rails 6.0.3.7 (May 05, 2021) ## * No changes. [#]# Rails 6.0.3.6 (March 26, 2021) ## * No changes. [#]# Rails 6.0.3.5 (February 10, 2021) ## * Fix possible DoS vector in PostgreSQL money type Carefully crafted input can cause a DoS via the regular expressions used for validating the money format in the PostgreSQL adapter. This patch fixes the regexp. Thanks to @dee-see from Hackerone for this patch! [CVE-2021-22880] * Aaron Patterson* ==== rubygem-activestorage-5.2 ==== Version update (5.2.4.4 -> 5.2.6) updated to version 5.2.6 see installed CHANGELOG.md [#]# Rails 5.2.6 (May 05, 2021) ## * No changes. [#]# Rails 5.2.5 (March 26, 2021) ## * Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed mime types data. * George Claghorn* * The Poppler PDF previewer renders a preview image using the original document's crop box rather than its media box, hiding print margins. This matches the behavior of the MuPDF previewer. * Vincent Robert* [#]# Rails 5.2.4.6 (May 05, 2021) ## * No changes. [#]# Rails 5.2.4.5 (February 10, 2021) ## * No changes. ==== rubygem-activestorage-6.0 ==== Version update (6.0.3.4 -> 6.0.4) updated to version 6.0.4 see installed CHANGELOG.md [#]# Rails 6.0.4 (June 15, 2021) ## * The Poppler PDF previewer renders a preview image using the original document's crop box rather than its media box, hiding print margins. This matches the behavior of the MuPDF previewer. * Vincent Robert* [#]# Rails 6.0.3.7 (May 05, 2021) ## * No changes. [#]# Rails 6.0.3.6 (March 26, 2021) ## * Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed mime types data. * George Claghorn* [#]# Rails 6.0.3.5 (February 10, 2021) ## * No changes. ==== rubygem-activesupport-5.2 ==== Version update (5.2.4.4 -> 5.2.6) updated to version 5.2.6 see installed CHANGELOG.md [#]# Rails 5.2.6 (May 05, 2021) ## * No changes. [#]# Rails 5.2.5 (March 26, 2021) ## * No changes. [#]# Rails 5.2.4.6 (May 05, 2021) ## * No changes. [#]# Rails 5.2.4.5 (February 10, 2021) ## * No changes. ==== rubygem-activesupport-6.0 ==== Version update (6.0.3.4 -> 6.0.4) Subpackages: ruby2.7-rubygem-activesupport-6.0 ruby3.0-rubygem-activesupport-6.0 updated to version 6.0.4 see installed CHANGELOG.md [#]# Rails 6.0.4 (June 15, 2021) ## * Fixed issue in `ActiveSupport::Cache::RedisCacheStore` not passing options to `read_multi` causing `fetch_multi` to not work properly. * Rajesh Sharma* * `with_options` copies its options hash again to avoid leaking mutations. Fixes #39343. * Eugene Kenny* [#]# Rails 6.0.3.7 (May 05, 2021) ## * No changes. [#]# Rails 6.0.3.6 (March 26, 2021) ## * No changes. [#]# Rails 6.0.3.5 (February 10, 2021) ## * No changes. ==== rubygem-bundler ==== Version update (2.2.17 -> 2.2.21) updated to version 2.2.21 see installed CHANGELOG.md [#] 2.2.21 (June 23, 2021) [#]# Security fixes: - Auto-update insecure lockfile to split GEM source sections whenever possible [#4647](https://github.com/rubygems/rubygems/pull/4647) [#]# Enhancements: - Use a more limited number of threads when fetching in parallel from the Compact Index API [#4670](https://github.com/rubygems/rubygems/pull/4670) - Update TODO link in bundle gem template to https [#4671](https://github.com/rubygems/rubygems/pull/4671) [#]# Bug fixes: - Fix `bundle install --local` hitting the network when `cache_all_platforms` configured [#4677](https://github.com/rubygems/rubygems/pull/4677) [#] 2.2.20 (June 11, 2021) [#]# Enhancements: - Don't print bug report template on server side errors [#4663](https://github.com/rubygems/rubygems/pull/4663) - Don't load `resolv` unnecessarily [#4640](https://github.com/rubygems/rubygems/pull/4640) [#]# Bug fixes: - Fix `bundle outdated` edge case [#4648](https://github.com/rubygems/rubygems/pull/4648) - Fix `bundle check` with scoped rubygems sources [#4639](https://github.com/rubygems/rubygems/pull/4639) [#]# Performance: - Don't use `extra_rdoc_files` with md files in gemspec to make installing bundler with docs faster [#4628](https://github.com/rubygems/rubygems/pull/4628) [#] 2.2.19 (May 31, 2021) [#]# Bug fixes: - Restore support for configuration keys with dashes [#4582](https://github.com/rubygems/rubygems/pull/4582) - Fix some cached gems being unintentionally ignored when using rubygems 3.2.18 [#4623](https://github.com/rubygems/rubygems/pull/4623) [#] 2.2.18 (May 25, 2021) [#]# Security fixes: - Fix dependency confusion issues with implicit dependencies [#4609](https://github.com/rubygems/rubygems/pull/4609) [#]# Enhancements: - Use simpler notation for generated `required_ruby_version` [#4598](https://github.com/rubygems/rubygems/pull/4598) - Undeprecate bundle show [#4586](https://github.com/rubygems/rubygems/pull/4586) - Make sure link to new issue uses the proper template [#4592](https://github.com/rubygems/rubygems/pull/4592) [#]# Bug fixes: - Fix platform specific gems being removed from the lockfile [#4580](https://github.com/rubygems/rubygems/pull/4580) ==== rubygem-bundler-audit ==== Version update (0.7.0.1 -> 0.8.0) updated to version 0.8.0 see installed ChangeLog.md [#]## 0.8.0 / 2021-03-10 * No longer vendor [ruby-advisory-db]. * Added {Bundler::Audit::Configuration}. * Supports loading YAML configuration data from a `.bundler-audit.yml` file. * Added {Bundler::Audit::Results}. * Added {Bundler::Audit::Report}. * Added {Bundler::Audit::CLI::Formats}. * Added {Bundler::Audit::CLI::Formats::Text}. * Added {Bundler::Audit::CLI::Formats::JSON}. * Added {Bundler::Audit::Database::DEFAULT_PATH}. * Added {Bundler::Audit::Database.exists?}. * Added {Bundler::Audit::Database#git?}. * Added {Bundler::Audit::Database#update!}. * Will raise a {Bundler::Audit::Database::UpdateFailed UpdateFailed} exception, if the `git pull` command fails. * Added {Bundler::Audit::Database#last_updated_at}. * Added {Bundler::Audit::Scanner#report}. * {Bundler::Audit::Database::USER_PATH} is now `Gem.user_home` aware. * `Gem.user_home` will try to infer `HOME`, even if it is not set. * {Bundler::Audit::Database#download} will now raise a {Bundler::Audit::Database::DownloadFailed DownloadFailed} exception, if the `git clone` command fails. * {Bundler::Audit::Scanner#initialize}: * Now accepts an additional `database` and `config_dot_file` arguments. * Will now raise a `Bundler::GemfileLockNotFound` exception, if the given `Gemfile.lock` file cannot be found. * {Bundler::Audit::Scanner#scan_sources} will now ignore any source with a `127.0.0.0/8` or `::1/128` IP address. * {Bundler::Audit::Scanner#scan_specs} will ignore any advisories listed in {Bundler::Audit::Configuration#ignore}, which is loaded from the `.bundler-audit.yml` file. * Deprecated {Bundler::Audit::Database.update!} in favor of {Bundler::Audit::Database#update! #update!}. * Removed `Bundler::Audit::Database::VENDORED_PATH`. * Removed `Bundler::Audit::Database::VENDORED_TIMESTAMP`. [#]### CLI * Require [thor] ~> 1.0. * Added `bundler-audit stats`. * Added `bundler-audit download`. * `bundler-audit check`: * Now accepts a optional `DIR` argument for the project directory. * `bundler-audit check` will now print an explicit error message and exit, if the given `DIR` does not exist. * Will now auto-download [ruby-advisory-db] to ensure the latest advisory information is used on first run. * Now supports a `--database` option for specifying a path to an alternative [ruby-advisory-db] copy. * Now supports a `--gemfile-lock` option for specifying a custom `Gemfile.lock` file within the project directory. * Now supports a `--format` option for specifying the desired format. `text` and `json` are supported, but other custom formats can be loaded. See {Bundler::Audit::CLI::Formats}. * Now supports a `--output` option for writing the report output to a file. * Prints both CVE and GHSA IDs. * Print all error messages to stderr. * No longer print number of advisories in `bundler-audit version`. ==== rubygem-chef-utils ==== Version update (16.9.29 -> 17.2.29) updated to version 17.2.29 no changelog found ==== rubygem-commander ==== Version update (4.5.2 -> 4.6.0) updated to version 4.6.0 see installed History.rdoc === 4.6.0 / 2021-04-09 * Fix error with SortedSet on Ruby 3.0 (#98). * Remove `#reset_io` as it didn't do anything. * Drop support for Ruby < 2.4. ==== rubygem-debug_inspector ==== Version update (1.0.0 -> 1.1.0) updated to version 1.1.0 no changelog found ==== rubygem-delayed_job_active_record ==== Version update (4.1.5 -> 4.1.6) updated to version 4.1.6 no changelog found ==== rubygem-devise ==== Version update (4.7.3 -> 4.8.0) updated to version 4.8.0 see installed CHANGELOG.md [#]## unreleased [#]## 4.8.0 - 2021-04-29 * enhancements * Devise now enables the upgrade of OmniAuth 2+. Previously Devise would raise an error if you'd try to upgrade. Please note that OmniAuth 2 is considered a security upgrade and recommended to everyone. You can read more about the details (and possible necessary changes to your app as part of the upgrade) in [their release notes](https://github.com/omniauth/omniauth/releases/tag/v2.0.0). [Devise's OmniAuth Overview wiki](https://github.com/heartcombo/devise/wiki/OmniAuth:-Overview) was also updated to cover OmniAuth 2.0 requirements. - Note that the upgrade required Devise shared links that initiate the OmniAuth flow to be changed to `method: :post`, which is now a requirement for OmniAuth, part of the security improvement. If you have copied and customized the Devise shared links partial to your app, or if you have other links in your app that initiate the OmniAuth flow, they will have to be updated to use `method: :post`, or changed to use buttons (e.g. `button_to`) to work with OmniAuth 2. (if you're using links with `method: :post`, make sure your app has `rails-ujs` or `jquery-ujs` included in order for these links to work properly.) - As part of the OmniAuth 2.0 upgrade you might also need to add the [`omniauth-rails_csrf_protection`](https://github.com/cookpad/omniauth-rails_csrf_protection) gem to your app if you don't have it already. (and you don't want to roll your own code to verify requests.) Check the OmniAuth v2 release notes for more info. * Introduce `Lockable#reset_failed_attempts!` model method to reset failed attempts counter to 0 after the user signs in. - This logic existed inside the lockable warden hook and is triggered automatically after the user signs in. The new model method is an extraction to allow you to override it in the application to implement things like switching to a write database if you're using the new multi-DB infrastructure from Rails for example, similar to how it's already possible with `Trackable#update_tracked_fields!`. * Add support for Ruby 3. * Add support for Rails 6.1. * Move CI to GitHub Actions. * deprecations * `Devise::Models::Authenticatable::BLACKLIST_FOR_SERIALIZATION` is deprecated in favor of `Devise::Models::Authenticatable::UNSAFE_ATTRIBUTES_FOR_SERIALIZATION` (@hanachin) ==== rubygem-devise-i18n ==== Version update (1.9.2 -> 1.10.0) updated to version 1.10.0 no changelog found ==== rubygem-docile ==== Version update (1.3.5 -> 1.4.0) updated to version 1.4.0 see installed HISTORY.md ==== rubygem-dry-configurable ==== Version update (0.12.0 -> 0.12.1) updated to version 0.12.1 see installed CHANGELOG.md [#]# 0.12.1 2021-02-15 [#]## Added - Settings may be specified with a `cloneable` option, e.g. ```ruby setting :component_dirs, Configuration::ComponentDirs.new, cloneable: true ``` This change makes it possible to provide ?rich? config values that carry their own configuration interface. In the above example, `ComponentDirs` could provide its own API for adding component dirs and configuring aspects of their behavior at the same time. By being passed to the setting along with `cloneable: true`, dry-configurable will ensure the setting's values are cloned along with the setting at all the appropriate times. A custom cloneable setting value should provide its own `#initialize_copy` (used by `Object#dup`) with the appropriate logic. (@timriley in #102) [#]## Fixed - Only `#initialize` instance method is prepended, leaving the rest of the instance methods to be included as normal again. This allows classes including `Dry::Configurable` to override instance methods with their own methods as required (@adam12 in #103) [Compare v0.12.0...v0.12.1](https://github.com/dry-rb/dry-configurable/compare/v0.12.0...v0.12.1) ==== rubygem-dry-container ==== Version update (0.7.2 -> 0.8.0) updated to version 0.8.0 see installed CHANGELOG.md ==== rubygem-dry-core ==== Version update (0.5.0 -> 0.6.0) updated to version 0.6.0 see installed CHANGELOG.md ==== rubygem-dry-logic ==== Version update (1.1.0 -> 1.2.0) updated to version 1.2.0 see installed CHANGELOG.md [#]# 1.2.0 2021-04-26 [#]## Added - Add predicate and operation builder DSL (@oleander) [Compare v1.1.1...v1.2.0](https://github.com/dry-rb/dry-logic/compare/v1.1.1...v1.2.0) [#]# 1.1.1 2021-04-14 [#]## Fixed - Fixed a crash under jruby caused by arg splatting in Binary operations (@flash-gordon) [Compare v1.1.0...v1.1.1](https://github.com/dry-rb/dry-logic/compare/v1.1.0...v1.1.1) ==== rubygem-dry-types ==== Version update (1.4.0 -> 1.5.1) updated to version 1.5.1 see installed CHANGELOG.md [#]# 1.5.1 2021-02-16 [#]## Fixed - Add missing requires for internal usage of `Dry::Equalizer` (@timriley in #418) [Compare v1.5.0...v1.5.1](https://github.com/dry-rb/dry-types/compare/v1.5.0...v1.5.1) [#]# 1.5.0 2021-01-21 [#]## Added - Wrapping constructor types :tada: (@flash-gordon) Constructor blocks can have a second argument. The second argument is the underlying type itself: ```ruby age_from_year = Dry::Types['coercible.integer'].constructor do |input, type| Date.today.year - type.(input) end age_from_year.('2000') # => 21 ``` With wrapping constructors you have control over "type application". You can even run it more than once: ```ruby inc = Dry::Types['integer'].constructor(&:succ) inc2x = inc.constructor { _2.(_2.(_2.(_1))) } inc2x.(10) # => 13 ``` - Fallbacks :tada: (@flash-gordon) ```ruby age = Dry::Types['coercible.ineger'].fallback(18) age.('10') # => 10 age.('20') # => 20 age.('abc') # => 18 ``` Fallbacks are different from default values: the later will be evaluated only when *no input* provided. Under the hood, `.fallback` creates a wrapping constructor. - `params.string` as an alias for `strict.string`. This addition should be non-breaking (@flash-gordon) - API for defining custom type builders similar to `.default`, `.constructor`, or `.optional` (@flash-gordon) ```ruby [#] Making an alias for `.fallback` Dry::Types.define_builder(:or) { |type, v| type.fallback(v) } [#] Using new builder type = Dry::Types['integer'].or(-273) type.(:invalid) # => -273 ``` [#]## Changed - Inferring predicates from class names is deprecated. It's very unlikely your code depends on it, however, if it does, you'll get an exception with instructions. (@flash-gordon) If you don't rely on inferring, just disable it with: ```ruby Dry::Types::PredicateInferrer::Compiler.infer_predicate_by_class_name false ``` Otherwise, enable it explicitly: ```ruby Dry::Types::PredicateInferrer::Compiler.infer_predicate_by_class_name true ``` [Compare v1.4.0...v1.5.0](https://github.com/dry-rb/dry-types/compare/v1.4.0...v1.5.0) ==== rubygem-font-awesome-rails ==== Version update (4.7.0.6 -> 4.7.0.7) updated to version 4.7.0.7 no changelog found ==== rubygem-grape ==== Version update (1.5.1 -> 1.5.3) updated to version 1.5.3 see installed CHANGELOG.md [#]## 1.5.3 (2021/03/07) [#]### Fixes * [#2161](https://github.com/ruby-grape/grape/pull/2157): Handle EOFError from Rack when given an empty multipart body - [@bschmeck](https://github.com/bschmeck). * [#2162](https://github.com/ruby-grape/grape/pull/2162): Corrected a hash modification while iterating issue - [@Jack12816](https://github.com/Jack12816). * [#2164](https://github.com/ruby-grape/grape/pull/2164): Fix: `coerce_with` is now called for params with `nil` value - [@braktar](https://github.com/braktar). [#]## 1.5.2 (2021/02/06) [#]### Features * [#2157](https://github.com/ruby-grape/grape/pull/2157): Custom types can set a message to be used in the response when invalid - [@dnesteryuk](https://github.com/dnesteryuk). * [#2145](https://github.com/ruby-grape/grape/pull/2145): Ruby 3.0 compatibility - [@ericproulx](https://github.com/ericproulx). * [#2143](https://github.com/ruby-grape/grape/pull/2143): Enable GitHub Actions with updated RuboCop and Danger - [@anakinj](https://github.com/anakinj). [#]### Fixes * [#2144](https://github.com/ruby-grape/grape/pull/2144): Fix compatibility issue with activesupport 6.1 and XML serialization of arrays - [@anakinj](https://github.com/anakinj). * [#2137](https://github.com/ruby-grape/grape/pull/2137): Fix typos - [@johnny-miyake](https://github.com/johnny-miyake). * [#2131](https://github.com/ruby-grape/grape/pull/2131): Fix Ruby 2.7 keyword deprecation warning in validators/coerce - [@K0H205](https://github.com/K0H205). * [#2132](https://github.com/ruby-grape/grape/pull/2132): Use #ruby2_keywords for correct delegation on Ruby <= 2.6, 2.7 and 3 - [@eregon](https://github.com/eregon). * [#2152](https://github.com/ruby-grape/grape/pull/2152): Fix configuration method inside namespaced params - [@fsainz](https://github.com/fsainz). ==== rubygem-hoe ==== Version update (3.22.3 -> 3.23.0) updated to version 3.23.0 see installed History.rdoc === 3.23.0 / 2021-05-29 * 2 minor enhancements: * Bump racc (plugin) dependency. * Removed ruby18! and ruby19! methods. ugh ==== rubygem-http-cookie ==== Version update (1.0.3 -> 1.0.4) updated to version 1.0.4 see installed CHANGELOG.md [#]# Unreleased - Support Mozilla's cookie storage format up to version 7. - Fix the time representation with creationTime and lastAccessed in MozillaStore. (#8) ==== rubygem-js-routes ==== Version update (1.4.14 -> 2.0.7) updated to version 2.0.7 see installed CHANGELOG.md [#]# v2.0.7 * Remove source map annotation from JS file. Fixes [#277](https://github.com/railsware/js-routes/issues/277) * Generated file is not minified, so it is better to use app side bundler/compressor for source maps [#]# v2.0.6 * Disable `namespace` option default for all envs [#278](https://github.com/railsware/js-routes/issues/278) [#]# v2.0.5 * Fixed backward compatibility issue [#276](https://github.com/railsware/js-routes/issues/276) [#]# v2.0.4 * Fixed backward compatibility issue [#275](https://github.com/railsware/js-routes/issues/275) [#]# v2.0.3 * Fixed backward compatibility issue [#275](https://github.com/railsware/js-routes/issues/275) [#]# v2.0.2 * Fixed backward compatibility issue [#274](https://github.com/railsware/js-routes/issues/274) [#]# v2.0.1 * Fixed backward compatibility issue [#272](https://github.com/railsware/js-routes/issues/272) [#]# v2.0.0 Version 2.0 has some breaking changes. See [UPGRADE TO 2.0](./VERSION_2_UPGRADE.md) for guidance. * `module_type` option support * `documentation` option spport * Migrated implementation to typescript * ESM tree shaking support * Support camel case `toParam` version of `to_param` property ==== rubygem-jwt ==== Version update (2.2.2 -> 2.2.3) updated to version 2.2.3 see installed CHANGELOG.md [#]# [2.2.3](https://github.com/jwt/ruby-jwt/tree/2.2.3) (2021-04-19) [Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.2.2...2.2.3) * *Implemented enhancements:** - Verify algorithm before evaluating keyfinder [\#343](https://github.com/jwt/ruby-jwt/issues/343) - Why jwt depends on json \< 2.0 ? [\#179](https://github.com/jwt/ruby-jwt/issues/179) - Support for JWK in-lieu of rsa\_public [\#158](https://github.com/jwt/ruby-jwt/issues/158) - Fix rspec `raise_error` warning [\#413](https://github.com/jwt/ruby-jwt/pull/413) ([excpt](https://github.com/excpt)) - Add support for JWKs with HMAC key type. [\#372](https://github.com/jwt/ruby-jwt/pull/372) ([phlegx](https://github.com/phlegx)) - Improve 'none' algorithm handling [\#365](https://github.com/jwt/ruby-jwt/pull/365) ([danleyden](https://github.com/danleyden)) - Handle parsed JSON JWKS input with string keys [\#348](https://github.com/jwt/ruby-jwt/pull/348) ([martinemde](https://github.com/martinemde)) - Allow Numeric values during encoding [\#327](https://github.com/jwt/ruby-jwt/pull/327) ([fanfilmu](https://github.com/fanfilmu)) * *Closed issues:** - "Signature verification raised", yet jwt.io says "Signature Verified" [\#401](https://github.com/jwt/ruby-jwt/issues/401) - truffleruby-head build is failing [\#396](https://github.com/jwt/ruby-jwt/issues/396) - JWT::JWK::EC needs `require 'forwardable'` [\#392](https://github.com/jwt/ruby-jwt/issues/392) - How to use a 'signing key' as used by next-auth [\#389](https://github.com/jwt/ruby-jwt/issues/389) - undefined method `verify' for nil:NilClass when validate a JWT with JWK [\#383](https://github.com/jwt/ruby-jwt/issues/383) - Make specifying "algorithm" optional on decode [\#380](https://github.com/jwt/ruby-jwt/issues/380) - ADFS created access tokens can't be validated due to missing 'kid' header [\#370](https://github.com/jwt/ruby-jwt/issues/370) - new version? [\#355](https://github.com/jwt/ruby-jwt/issues/355) - JWT gitlab OmniAuth provider setup support [\#354](https://github.com/jwt/ruby-jwt/issues/354) - Release with support for RSA.import for ruby \< 2.4 hasn't been released [\#347](https://github.com/jwt/ruby-jwt/issues/347) - cannot load such file -- jwt [\#339](https://github.com/jwt/ruby-jwt/issues/339) * *Merged pull requests:** - Remove codeclimate code coverage dev dependency [\#414](https://github.com/jwt/ruby-jwt/pull/414) ([excpt](https://github.com/excpt)) - Add forwardable dependency [\#408](https://github.com/jwt/ruby-jwt/pull/408) ([anakinj](https://github.com/anakinj)) - Ignore casing of algorithm [\#405](https://github.com/jwt/ruby-jwt/pull/405) ([johnnyshields](https://github.com/johnnyshields)) - Document function and add tests for verify claims method [\#404](https://github.com/jwt/ruby-jwt/pull/404) ([yasonk](https://github.com/yasonk)) - documenting calling verify\_jti callback with 2 arguments in the readme [\#402](https://github.com/jwt/ruby-jwt/pull/402) ([HoneyryderChuck](https://github.com/HoneyryderChuck)) - Target the master branch on the build status badge [\#399](https://github.com/jwt/ruby-jwt/pull/399) ([anakinj](https://github.com/anakinj)) - Improving the local development experience [\#397](https://github.com/jwt/ruby-jwt/pull/397) ([anakinj](https://github.com/anakinj)) - Fix sourcelevel broken links [\#395](https://github.com/jwt/ruby-jwt/pull/395) ([anakinj](https://github.com/anakinj)) - Don't recommend installing gem with sudo [\#391](https://github.com/jwt/ruby-jwt/pull/391) ([tjschuck](https://github.com/tjschuck)) - Enable rubocop locally and on ci [\#390](https://github.com/jwt/ruby-jwt/pull/390) ([anakinj](https://github.com/anakinj)) - Ci and test cleanup [\#387](https://github.com/jwt/ruby-jwt/pull/387) ([anakinj](https://github.com/anakinj)) - Make JWT::JWK::EC compatible with Ruby 2.3 [\#386](https://github.com/jwt/ruby-jwt/pull/386) ([anakinj](https://github.com/anakinj)) - Support JWKs for pre 2.3 rubies [\#382](https://github.com/jwt/ruby-jwt/pull/382) ([anakinj](https://github.com/anakinj)) - Replace Travis CI with GitHub Actions \(also favor openssl/rbnacl combinations over rails compatibility tests\) [\#381](https://github.com/jwt/ruby-jwt/pull/381) ([anakinj](https://github.com/anakinj)) - Add auth0 sponsor message [\#379](https://github.com/jwt/ruby-jwt/pull/379) ([excpt](https://github.com/excpt)) - Adapt HMAC to JWK RSA code style. [\#378](https://github.com/jwt/ruby-jwt/pull/378) ([phlegx](https://github.com/phlegx)) - Disable Rails cops [\#376](https://github.com/jwt/ruby-jwt/pull/376) ([anakinj](https://github.com/anakinj)) - Support exporting RSA JWK private keys [\#375](https://github.com/jwt/ruby-jwt/pull/375) ([anakinj](https://github.com/anakinj)) - Ebert is SourceLevel nowadays [\#374](https://github.com/jwt/ruby-jwt/pull/374) ([anakinj](https://github.com/anakinj)) - Add support for JWKs with EC key type [\#371](https://github.com/jwt/ruby-jwt/pull/371) ([richardlarocque](https://github.com/richardlarocque)) - Add Truffleruby head to CI [\#368](https://github.com/jwt/ruby-jwt/pull/368) ([gogainda](https://github.com/gogainda)) - Add more docs about JWK support [\#341](https://github.com/jwt/ruby-jwt/pull/341) ([take](https://github.com/take)) ==== rubygem-kgio ==== Version update (2.11.3 -> 2.11.4) updated to version 2.11.4 see installed NEWS === kgio 2.11.4 / 2021-05-25 23:24 UTC This release fixes compatibility with GC.compact on Ruby 3.x. Thanks to Ngan Pham for the patch and Aaron Patterson for the feedback: https://yhbt.net/kgio-public/CAAvYYt5Z5f2rMuXO5DMpR1-6uRvu_gXKDvqcyoZ+oNcLiTH39g@mail.gmail.com/T/ kgio remains obsolete and deprecated, and it's primary dependent will be updated to not depend on it in the future. ==== rubygem-liquid ==== Version update (5.0.0 -> 5.0.1) updated to version 5.0.1 see installed History.md [#]# 5.0.1 / 2021-03-24 [#]## Fixes * Add ParseTreeVisitor to Echo tag (#1414) [CP Clermont] * Test with ruby 3.0 as the latest ruby version (#1398) [Dylan Thacker-Smith] * Handle carriage return in newlines_to_br (#1391) [Unending] [#]## Performance Improvements * Use split limit in truncatewords (#1361) [Dylan Thacker-Smith] ==== rubygem-loofah ==== Version update (2.9.1 -> 2.10.0) Subpackages: ruby2.7-rubygem-loofah ruby3.0-rubygem-loofah updated to version 2.10.0 see installed CHANGELOG.md [#]# 2.10.0 / 2021-06-06 [#]## Features * Allow CSS properties `overflow-x` and `overflow-y`. [[#206](https://github.com/flavorjones/loofah/issues/206)] (Thanks, [@sampokuokkanen](https://github.com/sampokuokkanen)!) ==== rubygem-marcel ==== Version update (0.3.3 -> 1.0.1) - updated to version 1.0.1 * Fixes identifying OpenDocument files by magic. 1.0.0 imprecisely identified them as application/zip. (#38) * Fixes identifying .docx, .pptx, and .xlsx files exported from Google Sheets by magic. (#36) * Identifies vCard files as text/vcard rather than text/x-vcard. (27fac74) * Identifies .otf, .woff, and .woff2 files a? font/otf, font/woff, and font/woff2, respectively. (#37) ==== rubygem-mixlib-authentication ==== Version update (3.0.7 -> 3.0.10) updated to version 3.0.10 no changelog found ==== rubygem-mixlib-shellout ==== Version update (3.2.2 -> 3.2.5) updated to version 3.2.5 no changelog found ==== rubygem-moneta ==== Version update (1.4.1 -> 1.4.2) updated to version 1.4.2 see installed CHANGES 1.4.2 * Pool - fix busy-loop issue (#197) ==== rubygem-nokogiri ==== Version update (1.11.6 -> 1.11.7) Subpackages: ruby2.7-rubygem-nokogiri ruby3.0-rubygem-nokogiri updated to version 1.11.7 no changelog found ==== rubygem-oauth2 ==== Version update (1.4.4 -> 1.4.7) updated to version 1.4.7 see installed CHANGELOG.md ==== rubygem-omniauth ==== Version update (2.0.1 -> 2.0.4) updated to version 2.0.4 no changelog found ==== rubygem-omniauth-google-oauth2 ==== Version update (0.8.1 -> 1.0.0) updated to version 1.0.0 see installed CHANGELOG.md [#]# 1.0.0 - 2021-03-14 [#]## Added - Support for Omniauth 2.x! [#]## Deprecated - Nothing. [#]## Removed - Support for Omniauth 1.x [#]## Fixed - Nothing. [#]# 0.8.2 - 2021-03-14 [#]## Added - Constrains the version to Omniauth 1.x. [#]## Deprecated - Nothing. [#]## Removed - Nothing. [#]## Fixed - Nothing. ==== rubygem-passenger ==== Subpackages: ruby2.7-rubygem-passenger rubygem-passenger-apache2 - Remove execute bit from a Python script to stop requiring /usr/bin/python ==== rubygem-pry ==== Version update (0.13.1 -> 0.14.1) updated to version 0.14.1 see installed CHANGELOG.md [#]## [v0.14.1][v0.14.1] (April 12, 2021) [#]### Bug fixes * Fixed bad coloring of some RDoc-style docs ([#2182](https://github.com/pry/pry/pull/2182)) * Fixed broken `--plugins` option. It shows a warning now ([#2180](https://github.com/pry/pry/pull/2180)) * Fixed bad output on printing non-visible characters with color codes ([#2154](https://github.com/pry/pry/pull/2154)) * Fixed bad output when colors are disabled and a string with color codes is printed ([#2158](https://github.com/pry/pry/pull/2158)) [#]## [v0.14.0][v0.14.0] (February 8, 2021) [#]### Features * Made `?` an alias to `show-source -d` ([#2133](https://github.com/pry/pry/pull/2133)) * Added support for Ruby 3.0 [#]### Breaking changes * Deleted support for plugin autoloading ([#2119](https://github.com/pry/pry/pull/2119)). In order to load a Pry plugin you must `require` it from your `pryrc` or add it to your Gemfile. ```rb [#] ~/.pryrc require 'pryrc' ``` ==== rubygem-puma-4 ==== Version update (4.3.7 -> 4.3.8) updated to version 4.3.8 see installed History.md [#]# 4.3.8 / 2021-05-11 * Security * Close keepalive connections after the maximum number of fast inlined requests (#2625) ==== rubygem-rack-oauth2 ==== Version update (1.16.0 -> 1.17.0) updated to version 1.17.0 no changelog found ==== rubygem-rack-proxy ==== Version update (0.6.5 -> 0.7.0) Subpackages: ruby2.7-rubygem-rack-proxy ruby3.0-rubygem-rack-proxy updated to version 0.7.0 no changelog found ==== rubygem-rails-5.2 ==== Version update (5.2.4.4 -> 5.2.6) updated to version 5.2.6 no changelog found ==== rubygem-rails-6.0 ==== Version update (6.0.3.4 -> 6.0.4) updated to version 6.0.4 no changelog found ==== rubygem-railties-5.2 ==== Version update (5.2.4.4 -> 5.2.6) updated to version 5.2.6 see installed CHANGELOG.md [#]# Rails 5.2.6 (May 05, 2021) ## * No changes. [#]# Rails 5.2.5 (March 26, 2021) ## * No changes. [#]# Rails 5.2.4.6 (May 05, 2021) ## * No changes. [#]# Rails 5.2.4.5 (February 10, 2021) ## * No changes. ==== rubygem-railties-6.0 ==== Version update (6.0.3.4 -> 6.0.4) Subpackages: ruby2.7-rubygem-railties-6.0 ruby3.0-rubygem-railties-6.0 updated to version 6.0.4 see installed CHANGELOG.md [#]# Rails 6.0.4 (June 15, 2021) ## * Allow relative paths with trailing slashes to be passed to `rails test`. * Eugene Kenny* * Return a 405 Method Not Allowed response when a request uses an unknown HTTP method. Fixes #38998. * Loren Norman* [#]# Rails 6.0.3.7 (May 05, 2021) ## * No changes. [#]# Rails 6.0.3.6 (March 26, 2021) ## * No changes. [#]# Rails 6.0.3.5 (February 10, 2021) ## * No changes. ==== rubygem-raindrops ==== Version update (0.19.1 -> 0.19.2) updated to version 0.19.2 see installed NEWS === raindrops 0.19.2 / 2021-05-25 23:13 UTC This release fixes compatibility with GC.compact on Ruby 3.x when using ListenStats on Linux. The listener stats functionality is rarely used and does not affect most users who just have raindrops installed for shared atomic counters. ==== rubygem-rice ==== Version update (3.0.0 -> 4.0.2) updated to version 4.0.2 no changelog found ==== rubygem-ruby_parser ==== Version update (3.15.1 -> 3.16.0) updated to version 3.16.0 see installed History.rdoc === 3.16.0 / 2021-05-15 * 1 major enhancement: * Added tentative 3.0 support. * 3 minor enhancements: * Added lexing for "beginless range" (bdots). * Added parsing for bdots. * Updated rake compare task to download xz files, bumped versions, etc * 4 bug fixes: * Bump rake dependency to >= 10, < 15. (presidentbeef) * Bump sexp_processor dependency to 4.15.1+. (pravi) * Fixed minor state mismatch at the end of parsing to make diffing a little cleaner. * Fixed normalizer to deal with new bison token syntax ==== rubygem-rubyntlm ==== Version update (0.6.2 -> 0.6.3) updated to version 0.6.3 see installed CHANGELOG.md ==== rubygem-sdoc ==== Version update (2.0.3 -> 2.2.0) updated to version 2.2.0 see installed CHANGELOG.md Master ====== 2.2.0 ===== * #161 Add 'skip to content' link and improve shortcut keys [@MikeRogers0](https://github.com/MikeRogers0) * #170 Fix link hovers in headings [@tlatsas](https://github.com/tlatsas) * #169 Fix clearing search results [@mikdiet](https://github.com/mikdiet) * #167 Update Merge script to work with sdoc v2 [@mikdiet](https://github.com/mikdiet) * #160 Remove outline from reset stylesheet [@p8](https://github.com/p8) * #159 Remove TAB override in panel [@p8](https://github.com/p8) * #157 Move to GitHub action for tests [@MikeRogers0](https://github.com/MikeRogers0) * #155 Fix Ctrl+C copying [Jan Schär](https://github.com/jscissr) 2.1.0 ===== * #154 Make panel responsive for mobile [@MikeRogers0](https://github.com/MikeRogers0) and [@p8](https://github.com/p8) * #153 Add viewport metatag to views for improved Lighthouse score. [@MikeRogers0](https://github.com/MikeRogers0) * #150 Use semantic headers for better SEO [@p8](https://github.com/p8) 2.0.4 ===== * #149 Using HTML5 doctype accross all HTML files. [@MikeRogers0](https://github.com/MikeRogers0) * #148 Fix overflow CSS property of panel elements. [@cveneziani](https://github.com/cveneziani) ==== rubygem-semantic_range ==== Version update (2.3.1 -> 3.0.0) updated to version 3.0.0 no changelog found ==== rubygem-sexp_processor ==== Version update (4.15.2 -> 4.15.3) updated to version 4.15.3 see installed History.rdoc === 4.15.3 / 2021-05-15 * 1 minor enhancement: * Added 3.0 to pt_testcase.rb ==== rubygem-simplecov_json_formatter ==== Version update (0.1.2 -> 0.1.3) updated to version 0.1.3 no changelog found ==== rubygem-slop ==== Version update (4.8.2 -> 4.9.1) updated to version 4.9.1 see installed CHANGELOG.md v4.9.1 (2021-05-28) - ------------------ Bug fixes: * Fixed a bug where `flag=arg` syntax would raise an error when an empty value was passed. [#266](https://github.com/leejarvis/slop/issues/266) v4.9.0 (2021-05-11) - ------------------ Features: * Add SymbolOption [#263](https://github.com/leejarvis/slop/pull/263) Bug fixes: * Use `+=` over `<<` to handle frozen string literals. [255](https://github.com/leejarvis/slop/pull/255) ==== rubygem-terminal-table ==== Version update (2.0.0 -> 3.0.1) updated to version 3.0.1 see installed History.rdoc 3.0.1 / 2021-05-10 ================== - Support for unicode-display_width 2.0 - Fix issue where last row of an empty table changed format 3.0.0 / 2020-01-27 ================== - Support for (optional) Unicode border styles on tables. In order to support decent looking Unicode borders, different types of intersections get different types of intersection characters. This has the side effect of subtle formatting differences even for the ASCII table border case due to removal of certain intersections near colspans. For example, previously the output of a table may be: +------+-----+ | Title | +------+-----+ | Char | Num | +------+-----+ | a | 1 | | b | 2 | | c | 3 | +------+-----+ And now the `+` character above the word Title is removed, as it is no longer considered an intersection: +------------+ | Title | +------+-----+ | Char | Num | +------+-----+ | a | 1 | | b | 2 | +------+-----+ - The default border remains an ASCII border for backwards compatibility, however multiple border classes are included / documented, and user defined border types can be applied as needed. In support of this update, the following issues were addressed: - colspan creates conflict with colorize (#95) - Use nice UTF box-drawing characters by default (#99) - Note that `AsciiBorder` is stll the default - Border-left and border-right style (#100) - Helper function to style as Markdown (#111) - Achieved using `MarkdownBorder` ==== rubygem-timers ==== Version update (4.3.2 -> 4.3.3) updated to version 4.3.3 no changelog found ==== rubygem-winrm ==== Version update (2.3.5 -> 2.3.6) updated to version 2.3.6 no changelog found ==== sendmail ==== Version update (8.16.1 -> 8.17.0.3) Subpackages: libmilter1_0 - Re-add 'sysvinit(network)' build dependency - Use %set_permissions on path /var/spool/clientmqueue/ as well (boo#1187809) - Update to pre version sendmail 8.17.1 (8.17.0.3) * Deprecation notice: due to compatibility problems with some third party code, we plan to finally switch from K&R to ANSI C. If you are using sendmail on a system which does not have a compiler for ANSI C contact us with details as soon as possible so we can determine how to proceed. * Experimental support for SMTPUTF8 (EAI, see RFC 6530-6533) is available when using the compile time option USE_EAI (see also devtools/Site/site.config.m4.sample for other required settings) and the cf option SMTPUTF8. If a mail submission via the command line requires the use of SMTPUTF8, e.g., because a header uses UTF-8 encoding, but the addresses on the command line are all ASCII, then the new option -U must be used, and the cf option SMTPUTF8 must be set in submit.cf. Please test and provide feedback. * Experimental support for SMTP MTA Strict Transport Security (MTA-STS, see RFC 8461) is available when using - the compile time option _FFR_MTA_STS (which requires STARTTLS, MAP_REGEX, SOCKETMAP, and _FFR_TLS_ALTNAMES), - FEATURE(sts), which implicitly sets the cf option StrictTransportSecurity, - postfix-mta-sts-resolver, see https://github.com/Snawoot/postfix-mta-sts-resolver.git * New ruleset check_other which is called for all unknown SMTP commands in the server and for commands which do not have specific rulesets, e.g., NOOP and VERB. * New ruleset clt_features which can be used to select features in the SMTP client per server. Currently only two flags are available: D/M to disable DANE/MTA-STS, respectively. * Avoid leaking session macros for an envelope between delivery attempts to different servers. This problem could have affected check_compat. * Avoid leaking actual SMTP replies between delivery attempts to different servers which could cause bogus logging of reply= entries. * Change default SMTP reply code for STARTTLS related problems from 403 to 454 to better match the RFCs. * Fix a theoretical buffer overflow when encountering an unknown/unsupported socket address family on an operating system where sa_data is larger than 30 (the standard is 14). Based on patch by Toomas Soome. * Previously the commands GET, POST, CONNECT, or USER terminate a connection immediately only if sent as first command. Now this is also done if any of these is sent directly after STARTTLS or if the 'h' option is set via srv_features. * CDB map locking has been changed so a sendmail process which does have a CDB map open does not block an in-place update of the map by makemap. The simple workaround for that problem in earlier versions is to create the map under a different name and then move it into place. * CONFIG: New FEATURE(`check_other') to provide a default check_other ruleset. * CONFIG: FEATURE(`tls_failures') is deprecated and will be removed in future versions because it has a fundamental problem: it is message oriented but STARTTLS is session oriented. For example, having multiple RCPTs in one envelope for different destinations, with different temporary errors, does not work properly, as the persistent macro applies to all RCPTs and hence implicitly to all destinations (servers). The option TLSFallbacktoClear should be used if needed. * MAIL.LOCAL: Enhance some error messages to simplify troubleshooting. * Portability: Add support for Darwin 19 & 20. NOTE: File locking using fcntl() does not interoperate with Berkeley DB 5.x (and probably later). Use CDB, flock() (-DHASFLOCK), or an earlier Berkeley DB version. Problem noted by Harald Hannelius. * New Files: cf/feature/check_other.m4 cf/feature/sts.m4 devtools/OS/Darwin.19.x devtools/OS/Darwin.20.x include/sm/ixlen.h libsm/ilenx.c libsm/lowercase.c libsm/strcaseeq.c libsm/t-ixlen.c libsm/t-ixlen.sh libsm/t-streq.c libsm/t-streq.sh libsm/utf8_valid.c libsm/uxtext_unquote.c libsm/xleni.c libsmutil/t-lockfile.c libsmutil/t-lockfile-0.sh libsmutil/t-maplock-0.sh * New compile time option NO_EOH_FIELDS to disable the special meaning of the headers Message: and Text: to denote the end of the message header. * CONTRIB: AuthRealm.p0 has been modified for 8.16.1 by Anne Bennett. * CONTRIB: Added cidrexpand -O option for suppressing duplicates from a CIDR expansion that overlaps a later entry and -S option for skipping comments exactly like makemap does. * Portability: Add support for Darwin 19 (Mac OS X 10.15). Use proper FreeBSD version define to allow for cross compiling. Fix from Brooks Davis of the FreeBSD project. * New Files: devtools/OS/Darwin.19.x - Modify patches * sendmail-8.14.7-select.dif * sendmail-fd-passing-libmilter.patch - Modify and renama patch sendmail-8.16.1.dif which is now sendmail-8.17.1.dif - Enable experimental support for SMTPUTF8 as well SMTP MTA Strict Transport Security - Update keyring - Make it build for older products as well ==== snapper ==== Subpackages: libsnapper5 snapper-zypp-plugin - added configure option for location of PAM module (gh#openSUSE/snapper#659) ==== totem-pl-parser ==== Version update (3.26.5 -> 3.26.6) Subpackages: libtotem-plparser-mini18 libtotem-plparser18 totem-pl-parser-lang typelib-1_0-TotemPlParser-1_0 - Update to version 3.26.6: + Remove quvi videosite checker. The videosite checker functionality still exists and can be implemented according to README-videosite-script.md. + Plenty of RSS and Atom related parsing fixes and enhancements, including better description selection, exporting of feed content ratings, better support for non-UTF-8 feeds, and general speedups. + Fix parsing and saving XSPF playlist titles. - Drop pkgconfig(libquvi-0.9) BuildRequires, libquvi-scripts Requires and stop passing -Denable-quvi=yes to meson, no longer supported nor needed. ==== tpm2-0-tss ==== Subpackages: libtss2-esys0 libtss2-mu0 libtss2-sys1 - small services fixes and comments ==== vim ==== Version update (8.2.2918 -> 8.2.3075) Subpackages: gvim vim-data vim-data-common - disabled test_recover because is broken on 32bit archs - -> disable-unreliable-tests.patch - Updated to version 8.2.3075, fixes the following problems * Vim: when debugging only the first line of a command using line continuation is displayed. * Coverity warns for freeing static string. * Vim9: Assigning to @# requires a string. (Naohiro Ono) * Confusing error when expression is followed by comma. * Vim9: debugger shows too many lines. * Formatting using quickfixtextfunc is lost when updating location lists for different buffers. (Yorick Peterse) * Location list only has the start position. * Unreachable code. * Spaces allowed between option name and "!", "?", etc. * Available encryption methods are not strong enough. * Vim9: arguments for execute() not checked at compile time. * execute() function test fails. * Not enough tests for quickfix end_col and end_lnum. * Vim9: cannot set breakpoint in compiled function. * Vim9: breakpoint in compiled function not always checked. * GUI mouse events not tested. * Vim9: crash when using operator and list unpack assignment. (Naohiro Ono) * Coverity reports a memory leak. * No error if a function name starts with an underscore. (Naohiro Ono) * Build problems with MSVC, other crypt issues with libsodium. * No error when using alpha delimiter with :global. * Installing packages on github CI sometimes fails. * Vim9: crash when calling :def function with partial and return type is not set. * Vim9: builtin function arguments not checked at compile time. * Configure reports libcanberra when checking for libsodium. * Amiga built-in version string doesn't include build date. * Vim9: breakpoint at a comment line does not work. * GUI: dropping files not tested. * Detecting if the process of a swap file is running fails if the process is owned by another user. * Swap file test fails. * Minor typos. * Increment and decrement don't allow for next command. * Strange error for white space after ++ command. * JSON patch file not recognized. * Cannot recognize elixir files. * Vim9: for loop with one list variable does not work. * Vim9: "legacy call" does not work. * Vim9: cannot assign to @@ in :def function * Vim9: unpack assignment using "_" after semicolon fails. * Strange error for assigning to "x.key" on non-dictionary. * Vim9: using default value in lambda gives confusing error. * Vim9: debugger test fails with normal features and +terminal. (Dominique Pellé) * Vim9: cannot use ternary operator in parenthesis. * Vim9: memory leak when using lambda. * Vim9: cannot use ternary operator in parenthesis. * Testing the shell option is incomplete and spread out. * Internal error when adding several text properties. * Crash when switching 'cryptmethod' to xchaha20 with an existing undo file. (Martin Tournoij) * Vim9: in script cannot set item in uninitialized list. * Vim9: error when sourcing script twice and reusing a function name. * Vim9: debugging lambda does not work. * Building fails with Athena. (Elimar Riesebieter) * Unicode tables are slightly outdated. * Error messages are spread out. * Not enough testing for shell use. * Shell options are not set properly for PowerShell. * The "zy" command does not work well when 'virtualedit' is set to "block". (Johann Höchtl) * When cursor is move for block append wrong text is inserted. * popup_atcursor() uses wrong position with concealing. - Updated to version 8.2.3013, fixes the following problems * Builtin function can be shadowed by global variable. * Using ":!command" does not work if the command uses posix_spawn(). * Still a way to shadow a builtin function. (Yasuhiro Matsumoto) * E704 for script local variable is not backwards compatible. (Yasuhiro Matsumoto) * Computing array length is done in various ways. * EBCDIC build is broken. * Superfluous extern declaration. * Vim9: line continuation comment uses legacy syntax. * Vim9: no good error for using :legacy in a :def function. * Test commented out because it fails with ASAN. * The evalfunc.c file is too big. * Accidentally enable tcl by default. * When a popup is visible a mouse move my restart Visual mode. * Vim9: line continuation comment still uses legacy syntax in one place. * Select mode test fails. * When 'clipboard' is "unnamed" zp and zP do not work correctly. * ASAN error when using text from the clipboard. * Calculating register width is not always needed. (Christian Brabandt) * Vim9: converting number to bool uses wrong stack offset. (Salman Halim) * Popup test fails if rightleft feature not enabled. * After using motion force from feedkeys() it may not be reset. * GTK: righthand scrollbar does not show with split window. * Vim9: using `=expr` does not handle a list of strings. * Vim9: internal error when calling function with too few arguments * Vim9: check for argument count ignores default values. * Vim9: no error when using job or channel as a string. * Some buffer related code is not tested. * Vim9: substitute expression cannot be a List in a :def function. * Build failure without the channel feature. * Substitute() accepts a number but not a float expression. * Tests failing because there is no error for float to string conversion. * Sound code not fully tested. * Vim9: cannot use heredoc in :def function for :python, :lua, etc. * Recover test fails on big endian systems. * Vim9: leaking memory when using heredoc script. * Short file name extension for Scala not recognized. * Vim9: using filter in compiled command does not work. * Vim9: need to plan for future additions. * Using getchar() in Vim9 script is problematic. * Function list test fails. * sound_playfile() is not tested on MS-Windows. * Swap file recovery not sufficiently tested. * Keys typed during a :normal command are discarded. * GUI: mouse move may start Visual mode with a popup visible. * Vim9: hang when using space after ->. (Naohiro Ono) * Vim9: crash when calling function that failed to compile. * ml_get errors after recovering a file. (Yegappan Lakshmanan) * Vim9: crash when using two levels of partials. * Vim9: memory leak * Subtracting from number option fails when result is zero. (Ingo Karkat) * Python configure check uses deprecated command. * Cannot yank a block without trailing spaces. * "%bd" tries to delete popup window buffers, which fails. (Ralf Schandl) * Fix for recovery and diff mode not tested. * Greek spell checking uses wrong case folding. * Vim9: can only use an autoload function name as a string. * Build failure without the +eval feature. * Crash when using a null function reference. (Naohiro Ono) * Warning for uninitialized variable. * Not all options code is covered by tests. * Popup window test is a bit flaky. * Recovery test is not run on big-endian systems. * Vim9: future commands are not reserved yet. * Vim9: an inline function requires specifying the return type. * Vim9: Test fails because of missing return statement. * Vim9: a compiled function cannot be debugged. * Build failure without the profile feature. * Build failure with normal features. * Vim9: debugger test fails. * Vim9: memory leak when debugging a :def function. * Jupyter Notebook files are not recognized. * Vim9: no completion for :vim9 and :legacy. * Vim9: completion for :disassemble is incomplete. * 'fileencodings' default value should depend on 'encoding'. (Gary Johnson) * Various code is not fully tested. * Linker errors with dynamic Python 3.10. * Vim9: when debugging cannot inspect local variables. * Vim9: disassemble test fails. * Vim9: disassemble test fails. * Balloon sometimes does not hide with GTK 3. * Vim9: warning for uninitialized variable. * Vim9: memory leak when compilation fails. * Vim doesn't abort on a fatal Tcl error. * Vim9: closure compiled with wrong compile type. * Vim9: error for missing colon given while skipping. * Vim9: using a void value does not give a proper error message. * Crash when echoing a value very early. (Naruhiko Nishino) * Vim9: test for void value fails. * Startup test may hang. * Startup test may hang. * Not enough testing for viminfo code. * Vim9: cannot get argument values during debugging. * When 'rightleft' is set the line number is sometimes drawn reversed. * Vim: when debugging only the first line of a command using line continuation is displayed. ==== wxWidgets-3_2-nostl ==== Subpackages: libwx_baseu-suse-nostl5_0_0 libwx_baseu_net-suse-nostl5_0_0 libwx_baseu_xml-suse-nostl5_0_0 libwx_gtk3u_core-suse-nostl5_0_0 libwx_gtk3u_html-suse-nostl5_0_0 libwx_gtk3u_qa-suse-nostl5_0_0 - Add wxWidgets-3.1.5-fix-wxIcon-wxDVC-columns.patch (boo#1187712). ==== xdelta3 ==== - We don't need python2, works perfectly fine with the standard python3. ==== yast2-firstboot ==== Version update (4.4.1 -> 4.4.2) - Adapt code to Y2Users (part of jsc#PM-2620). - 4.4.2 ==== zeromq ==== Subpackages: libzmq5 zeromq-tools - Explicit BR on python is not necessary.