head	1.4;
access;
symbols
	pkgsrc-2026Q2:1.4.0.2
	pkgsrc-2026Q2-base:1.4
	pkgsrc-2026Q1:1.3.0.4
	pkgsrc-2026Q1-base:1.3
	pkgsrc-2025Q4:1.3.0.2
	pkgsrc-2025Q4-base:1.3
	pkgsrc-2025Q3:1.2.0.2
	pkgsrc-2025Q3-base:1.2
	pkgsrc-2025Q2:1.1.0.6
	pkgsrc-2025Q2-base:1.1
	pkgsrc-2025Q1:1.1.0.4
	pkgsrc-2025Q1-base:1.1
	pkgsrc-2024Q4:1.1.0.2
	pkgsrc-2024Q4-base:1.1;
locks; strict;
comment	@# @;


1.4
date	2026.03.29.14.07.38;	author taca;	state Exp;
branches;
next	1.3;
commitid	7MD3YzIuBQozqSzG;

1.3
date	2025.11.03.08.38.02;	author taca;	state Exp;
branches
	1.3.4.1;
next	1.2;
commitid	b6VRvVAEDzIvi5hG;

1.2
date	2025.08.14.15.22.46;	author taca;	state Exp;
branches;
next	1.1;
commitid	EsnJg8uLp28F8I6G;

1.1
date	2024.12.13.16.42.42;	author taca;	state Exp;
branches;
next	;
commitid	Eg33wwr4x7JsqmBF;

1.3.4.1
date	2026.03.31.13.31.40;	author maya;	state Exp;
branches;
next	;
commitid	iqK8mCnuD32ja8AG;


desc
@@


1.4
log
@www/ruby-rails72: update to 7.2.3.1

Ruby on Rails 7.2.3.1 (2026-03-23)

Active Support

* Reject scientific notation in NumberConverter [CVE-2026-33176]
  Jean Boussier

* Fix SafeBuffer#% to preserve unsafe status [CVE-2026-33170]
  Jean Boussier

* Improve performance of NumberToDelimitedConverter [CVE-2026-33169]
  Jean Boussier

Action View

* Skip blank attribute names in tag helpers to avoid generating invalid
  HTML.  [CVE-2026-33168]  Mike Dalessio

Active Storage

* Filter user supplied metadata in DirectUploadController [CVE-2026-33173]
  Jean Boussier

* Configurable maxmimum streaming chunk size
  Makes sure that byte ranges for blobs don't exceed 100mb by default.
  Content ranges that are too big can result in denial of service.
  [CVE-2026-33174]  Gannon McGibbon

* Limit range requests to a single range  [CVE-2026-33658]
  Jean Boussier

* Prevent path traversal in DiskService.

  DiskService#path_for now raises an InvalidKeyError when passed keys with
  dot segments (".", ".."), or if the resolved path is outside the storage
  root directory.

  #path_for also now consistently raises InvalidKeyError if the key is
  invalid in any way, for example containing null bytes or having an
  incompatible encoding. Previously, the exception raised may have been
  ArgumentError or Encoding::CompatibilityError.

  DiskController now explicitly rescues InvalidKeyError with appropriate
  HTTP status codes.

  [CVE-2026-33195]  Mike Dalessio

* Prevent glob injection in DiskService#delete_prefixed.
  Escape glob metacharacters in the resolved path before passing to Dir.glob.

  Note that this change breaks any existing code that is relying on
  delete_prefixed to expand glob metacharacters. This change presumes that
  is unintended behavior (as other storage services do not respect these
  metacharacters).

  [CVE-2026-33202]  Mike Dalessio

Active Model
Active Record
Action Pack
Active Job
Action Mailer
Action Cable
Action Mailbox
Action Text
Railties

* No change except version.
@
text
@$NetBSD: distinfo,v 1.3 2025/11/03 08:38:02 taca Exp $

BLAKE2s (activejob-7.2.3.1.gem) = c4e92b1e4039820c5108326ad9283c3ecc0cb47be3251a851f3483760079e0f0
SHA512 (activejob-7.2.3.1.gem) = 676f704b21ac67a32c8cf2603604586807ea909c5a544709421552ff818c397875aa2c32dc5855bd53e87003855bfddcf13cfcd78b237509dca084d3757648fb
Size (activejob-7.2.3.1.gem) = 36352 bytes
@


1.3
log
@devel/ruby-activejob72: update to 7.2.3

7.2.3 (2025-10-28)

* Include the actual Active Job locale when serializing rather than I18n
  locale.

  Adrien S

* Avoid crashing in Active Job logger when logging enqueueing errors

  ActiveJob.perform_all_later could fail with a TypeError when all provided
  jobs failed to be enqueueed.

  Efstathios Stivaros
@
text
@d1 1
a1 1
$NetBSD: distinfo,v 1.2 2025/08/14 15:22:46 taca Exp $
d3 3
a5 3
BLAKE2s (activejob-7.2.3.gem) = 66900629088c853e0a32bc381020f08bc81b8d0daf6599720a13c6cfd80157fa
SHA512 (activejob-7.2.3.gem) = 3c32d94f5878da6f8164b70d5882cc588c95df74f070658ab26d1b80e93c75c6d7047b63d48911200fa139e948cf04cc1f54b7d31aaa2f3fd40d7c2c96e98bfb
Size (activejob-7.2.3.gem) = 36352 bytes
@


1.3.4.1
log
@Pullup ticket #7061 - requested by taca
databases/ruby-activerecord72: Security fix
devel/ruby-activejob72: Security fix
devel/ruby-activemodel72: Security fix
devel/ruby-activestorage72: Security fix
devel/ruby-activesupport72: Security fix
devel/ruby-activesupport72: Security fix
devel/ruby-railties72: Security fix
devel/ruby-railties72: Security fix
lang/ruby: Security fix
mail/ruby-actionmailbox72: Security fix
mail/ruby-actionmailer72: Security fix
textproc/ruby-actiontext72: Security fix
www/ruby-actioncable72: Security fix
www/ruby-actionpack72: Security fix
www/ruby-actionpack72: Security fix
www/ruby-actionview72: Security fix
www/ruby-rails72: Security fix

Revisions pulled up:
- databases/ruby-activerecord72/distinfo                        1.4
- devel/ruby-activejob72/distinfo                               1.4
- devel/ruby-activemodel72/distinfo                             1.4
- devel/ruby-activestorage72/distinfo                           1.4
- devel/ruby-activesupport72/Makefile                           1.4
- devel/ruby-activesupport72/distinfo                           1.4
- devel/ruby-railties72/Makefile                                1.5
- devel/ruby-railties72/distinfo                                1.4
- lang/ruby/rails.mk                                            1.188
- mail/ruby-actionmailbox72/distinfo                            1.4
- mail/ruby-actionmailer72/distinfo                             1.4
- textproc/ruby-actiontext72/distinfo                           1.4
- www/ruby-actioncable72/distinfo                               1.4
- www/ruby-actionpack72/Makefile                                1.3
- www/ruby-actionpack72/distinfo                                1.4
- www/ruby-actionview72/distinfo                                1.4
- www/ruby-rails72/distinfo                                     1.4

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Mar 29 14:07:39 UTC 2026

   Modified Files:
   	pkgsrc/databases/ruby-activerecord72: distinfo
   	pkgsrc/devel/ruby-activejob72: distinfo
   	pkgsrc/devel/ruby-activemodel72: distinfo
   	pkgsrc/devel/ruby-activestorage72: distinfo
   	pkgsrc/devel/ruby-activesupport72: Makefile distinfo
   	pkgsrc/devel/ruby-railties72: Makefile distinfo
   	pkgsrc/mail/ruby-actionmailbox72: distinfo
   	pkgsrc/mail/ruby-actionmailer72: distinfo
   	pkgsrc/textproc/ruby-actiontext72: distinfo
   	pkgsrc/www/ruby-actioncable72: distinfo
   	pkgsrc/www/ruby-actionpack72: Makefile distinfo
   	pkgsrc/www/ruby-actionview72: distinfo
   	pkgsrc/www/ruby-rails72: distinfo

   Log Message:
   www/ruby-rails72: update to 7.2.3.1

   Ruby on Rails 7.2.3.1 (2026-03-23)

   Active Support

   * Reject scientific notation in NumberConverter [CVE-2026-33176]
     Jean Boussier

   * Fix SafeBuffer#% to preserve unsafe status [CVE-2026-33170]
     Jean Boussier

   * Improve performance of NumberToDelimitedConverter [CVE-2026-33169]
     Jean Boussier

   Action View

   * Skip blank attribute names in tag helpers to avoid generating invalid
     HTML.  [CVE-2026-33168]  Mike Dalessio

   Active Storage

   * Filter user supplied metadata in DirectUploadController [CVE-2026-33173]
     Jean Boussier

   * Configurable maxmimum streaming chunk size
     Makes sure that byte ranges for blobs don't exceed 100mb by default.
     Content ranges that are too big can result in denial of service.
     [CVE-2026-33174]  Gannon McGibbon

   * Limit range requests to a single range  [CVE-2026-33658]
     Jean Boussier

   * Prevent path traversal in DiskService.

     DiskService#path_for now raises an InvalidKeyError when passed keys with
     dot segments (".", ".."), or if the resolved path is outside the storage
     root directory.

     #path_for also now consistently raises InvalidKeyError if the key is
     invalid in any way, for example containing null bytes or having an
     incompatible encoding. Previously, the exception raised may have been
     ArgumentError or Encoding::CompatibilityError.

     DiskController now explicitly rescues InvalidKeyError with appropriate
     HTTP status codes.

     [CVE-2026-33195]  Mike Dalessio

   * Prevent glob injection in DiskService#delete_prefixed.
     Escape glob metacharacters in the resolved path before passing to Dir.glob.

     Note that this change breaks any existing code that is relying on
     delete_prefixed to expand glob metacharacters. This change presumes that
     is unintended behavior (as other storage services do not respect these
     metacharacters).

     [CVE-2026-33202]  Mike Dalessio

   Active Model
   Active Record
   Action Pack
   Active Job
   Action Mailer
   Action Cable
   Action Mailbox
   Action Text
   Railties

   * No change except version.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Mar 29 14:26:36 UTC 2026

   Modified Files:
   	pkgsrc/lang/ruby: rails.mk

   Log Message:
   lang/ruby: update to rails to 7.2.3.1

   Make sure to update rails72 to 7.2.3.1.
@
text
@d1 1
a1 1
$NetBSD$
d3 3
a5 3
BLAKE2s (activejob-7.2.3.1.gem) = c4e92b1e4039820c5108326ad9283c3ecc0cb47be3251a851f3483760079e0f0
SHA512 (activejob-7.2.3.1.gem) = 676f704b21ac67a32c8cf2603604586807ea909c5a544709421552ff818c397875aa2c32dc5855bd53e87003855bfddcf13cfcd78b237509dca084d3757648fb
Size (activejob-7.2.3.1.gem) = 36352 bytes
@


1.2
log
@www/ruby-rails72: update to 7.2.2.2

Ruby on Rails 7.2.2.2 (2025-08-13)

Active Record

* Call inspect on ids in RecordNotFound error [CVE-2025-55193]
  Gannon McGibbon, John Hawthorn

Active Storage

* Remove dangerous transformations [CVE-2025-24293]
  Zack Deveau
@
text
@d1 1
a1 1
$NetBSD: distinfo,v 1.1 2024/12/13 16:42:42 taca Exp $
d3 3
a5 3
BLAKE2s (activejob-7.2.2.2.gem) = 4e8fdcde51bbf2438f117a714e9376713096e3fa85722724948d4236ab1628bc
SHA512 (activejob-7.2.2.2.gem) = abaea03fa817dd7ffe17fae09350d54d1004919b8937df8893b100a889976a04a5a8d0016ec3fc4acf39fbd637daa1eac3c6cec11d9a35268fac443e717019dd
Size (activejob-7.2.2.2.gem) = 36352 bytes
@


1.1
log
@devel/ruby-activejob72: add package version 7.2.2.1

Active Job - Make work happen later

Active Job is a framework for declaring jobs and making them run on a
variety of queuing backends.  These jobs can be everything from regularly
scheduled clean-ups, to billing charges, to mailings -- anything that can be
chopped up into small units of work and run in parallel.

It also serves as the backend for Action Mailer's #deliver_later
functionality that makes it easy to turn any mailing into a job for running
later.  That's one of the most common jobs in a modern web application:
sending emails outside the request-response cycle, so the user doesn't have
to wait on it.

The main point is to ensure that all Rails apps will have a job
infrastructure in place, even if it's in the form of an "immediate runner".
We can then have framework features and other gems build on top of that,
without having to worry about API differences between Delayed Job and
Resque.  Picking your queuing backend becomes more of an operational
concern, then.  And you'll be able to switch between them without having to
rewrite your jobs.
@
text
@d1 1
a1 1
$NetBSD$
d3 3
a5 3
BLAKE2s (activejob-7.2.2.1.gem) = 306badc91f0e3e1710b7cb824704efde7b236e8ae864b52e7ba163348b10bc5b
SHA512 (activejob-7.2.2.1.gem) = 693b208850237eadb8d3f093ce09d97189787e510ba7716cc958cff17edb8c51018e9ce2f962cd372ae7038d651b2cebdcd4fe69abbcf3539cba85a71d7ab531
Size (activejob-7.2.2.1.gem) = 36352 bytes
@