Skip to content

chore(deps): Bump activesupport from 8.1.2 to 8.1.2.1#490

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/bundler/activesupport-8.1.2.1
Closed

chore(deps): Bump activesupport from 8.1.2 to 8.1.2.1#490
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/bundler/activesupport-8.1.2.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 23, 2026
edited
Loading

Bumps activesupport from 8.1.2 to 8.1.2.1.

Release notes

Sourced from activesupport's releases.

8.1.2.1

Active Support

  • Reject scientific notation in NumberConverter

    [CVE-2026-33176]

    Jean Boussier

  • Fix SafeBuffer#% to preserve unsafe status

    [CVE-2026-33170]

    Jean Boussier

  • Improve performance of NumberToDelimitedConverter

    [CVE-2026-33169]

    Jean Boussier

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • Skip blank attribute names in tag helpers to avoid generating invalid HTML.

    [CVE-2026-33168]

    Mike Dalessio

Action Pack

  • Fix possible XSS in DebugExceptions middleware

    [CVE-2026-33167]

    John Hawthorn

... (truncated)

Changelog

Sourced from activesupport's changelog.

Rails 8.1.2.1 (March 23, 2026)

  • Reject scientific notation in NumberConverter

    [CVE-2026-33176]

    Jean Boussier

  • Fix SafeBuffer#% to preserve unsafe status

    [CVE-2026-33170]

    Jean Boussier

  • Improve performance of NumberToDelimitedConverter

    [CVE-2026-33169]

    Jean Boussier

Commits
  • 1db4b89 Preparing for 8.1.2.1 release
  • 1c7d1cf Update changelog
  • ec1a0e2 Improve performance of NumberToDelimitedConverter
  • 50d732a Fix SafeBuffer#% to preserve unsafe status
  • 19dbab5 NumberConverter: reject scientific notation
  • See full diff in compare view

@dependabot dependabot bot added dependencies ruby Pull requests that update Ruby code labels Mar 23, 2026
@dependabot dependabot bot requested a review from toshimaru as a code owner March 23, 2026 20:58
@dependabot dependabot bot added dependencies ruby Pull requests that update Ruby code labels Mar 23, 2026
@dependabot
chore(deps): Bump activesupport from 8.1.2 to 8.1.2.1
43c8556 
Bumps [activesupport](https://github.com/rails/rails) from 8.1.2 to 8.1.2.1.
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v8.1.2.1/activesupport/CHANGELOG.md)
- [Commits](rails/rails@v8.1.2...v8.1.2.1)

---
updated-dependencies:
- dependency-name: activesupport
  dependency-version: 8.1.2.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/bundler/activesupport-8.1.2.1 branch from bf1b451 to 43c8556 Compare March 31, 2026 12:33
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Mar 31, 2026

Looks like activesupport is up-to-date now, so this is no longer needed.

@dependabot dependabot bot closed this Mar 31, 2026
@dependabot dependabot bot deleted the dependabot/bundler/activesupport-8.1.2.1 branch March 31, 2026 12:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@toshimaru toshimaru Awaiting requested review from toshimaru toshimaru is a code owner

Assignees

No one assigned

Labels

dependencies ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants