Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[security] update sinatra dev dependency to resolve dependabot alert #21709

Merged
merged 4 commits into from Dec 15, 2023
Merged

[security] update sinatra dev dependency to resolve dependabot alert #21709

merged 4 commits into from Dec 15, 2023

Conversation

lacostej
Copy link
Collaborator

@lacostej lacostej commented Dec 9, 2023
edited

See https://github.com/fastlane/fastlane/security/dependabot

Checklist

  • I've run bundle exec rspec from the root directory to see all new and existing tests pass
  • I've followed the fastlane code style and run bundle exec rubocop -a to ensure the code style is valid
  • I see several green ci/circleci builds in the "All checks have passed" section of my PR (connect CircleCI to GitHub if not)
  • I've read the Contribution Guidelines
  • I've updated the documentation if necessary.
  • I've added or updated relevant unit tests.

Motivation and Context

Description

Testing Steps

@lacostej lacostej changed the title Fix/dependabot warnings Update dev dependencies (dependabot warnings) Dec 11, 2023
AliSoftware
AliSoftware requested changes Dec 12, 2023
View reviewed changes
fastlane.gemspec Outdated Show resolved Hide resolved
rogerluan
rogerluan approved these changes Dec 14, 2023
View reviewed changes
Copy link
Member

@rogerluan rogerluan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💪

@rogerluan rogerluan changed the title Update dev dependencies (dependabot warnings) Update sinatra dev dependency to resolve dependabot alert Dec 14, 2023
@rogerluan rogerluan changed the title Update sinatra dev dependency to resolve dependabot alert [security] update sinatra dev dependency to resolve dependabot alert Dec 15, 2023
@rogerluan rogerluan merged commit 6654107 into fastlane:master Dec 15, 2023
2 checks passed
@joshdholtz joshdholtz mentioned this pull request Jan 2, 2024
Merged
SubhrajyotiSen pushed a commit to KeepTruckin/fastlane that referenced this pull request Jan 17, 2024
@lacostej @SubhrajyotiSen
[security] update sinatra dev dependency to resolve dependabot alert (
ef8e2f3 
fastlane#21709)

* Sync Gemfile.lock with Gemfile

* Update rack to >= 2.2.6.3 (dependenbot)

* Update sinatra to >= 2.2.3 (dependenbot)

* Restrict to a non major sinatra upgrade for now
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rogerluan rogerluan rogerluan approved these changes

@AliSoftware AliSoftware AliSoftware approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@lacostej @AliSoftware @rogerluan