Skip to content

chore(deps-dev): bump activesupport from 6.1.7.10 to 7.2.3.1 in /docs#345

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/bundler/docs/activesupport-7.2.3.1
Open

chore(deps-dev): bump activesupport from 6.1.7.10 to 7.2.3.1 in /docs#345
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/bundler/docs/activesupport-7.2.3.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 24, 2026
edited
Loading

Bumps activesupport from 6.1.7.10 to 7.2.3.1.

Release notes

Sourced from activesupport's releases.

7.2.3.1

Active Support

  • Reject scientific notation in NumberConverter

    [CVE-2026-33176]

    Jean Boussier

  • Fix SafeBuffer#% to preserve unsafe status

    [CVE-2026-33170]

    Jean Boussier

  • Improve performance of NumberToDelimitedConverter

    [CVE-2026-33169]

    Jean Boussier

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • Skip blank attribute names in tag helpers to avoid generating invalid HTML.

    [CVE-2026-33168]

    Mike Dalessio

Action Pack

  • No changes.

Active Job

  • No changes.

... (truncated)

Commits
  • ba76fca Preparing for 7.2.3.1 release
  • 8a379f4 Update changelog
  • b54a4b3 Improve performance of NumberToDelimitedConverter
  • c1ad0e8 Fix SafeBuffer#% to preserve unsafe status
  • ebd6be1 NumberConverter: reject scientific notation
  • 4a155f1 Lock some dependencies
  • bb2bdef Preparing for 7.2.3 release
  • fe41a9f Merge pull request #55840 from zzak/asup-xml-mini-bigdecimal-float-precision
  • 12040a3 Merge pull request #55808 from olivier-thatch/fix-enum-sole
  • 58630e1 Merge pull request #55794 from rails/fix-55513
  • Additional commits viewable in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Mar 24, 2026
github-actions[bot]
github-actions bot approved these changes Mar 24, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approved by Dependabot auto-merge workflow

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 24, 2026

⚠️ Major version update detected - requires manual review before merging.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 24, 2026
edited
Loading

📈 Test Coverage Report

Branch Coverage
This PR 67.7%
Main 67.7%
Diff ✅ +0%

Coverage calculated from unit tests only

@dependabot
chore(deps-dev): bump activesupport from 6.1.7.10 to 7.2.3.1 in /docs
ac72169 
Bumps [activesupport](https://github.com/rails/rails) from 6.1.7.10 to 7.2.3.1.
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v8.1.2.1/activesupport/CHANGELOG.md)
- [Commits](rails/rails@v6.1.7.10...v7.2.3.1)

---
updated-dependencies:
- dependency-name: activesupport
  dependency-version: 7.2.3.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/bundler/docs/activesupport-7.2.3.1 branch from 124d921 to ac72169 Compare April 8, 2026 08:59
github-actions[bot]
github-actions bot approved these changes Apr 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approved by Dependabot auto-merge workflow

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 8, 2026

⚠️ Major version update detected - requires manual review before merging.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants