Skip to content

Bump actionview from 8.0.2.1 to 8.0.4.1#66

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/bundler/actionview-8.0.4.1
Closed

Bump actionview from 8.0.2.1 to 8.0.4.1#66
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/bundler/actionview-8.0.4.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 23, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps actionview from 8.0.2.1 to 8.0.4.1.

Release notes

Sourced from actionview's releases.

8.0.4.1

Active Support

  • Reject scientific notation in NumberConverter

    [CVE-2026-33176]

    Jean Boussier

  • Fix SafeBuffer#% to preserve unsafe status

    [CVE-2026-33170]

    Jean Boussier

  • Improve performance of NumberToDelimitedConverter

    [CVE-2026-33169]

    Jean Boussier

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • Skip blank attribute names in tag helpers to avoid generating invalid HTML.

    [CVE-2026-33168]

    Mike Dalessio

Action Pack

  • No changes.

Active Job

  • No changes.

... (truncated)

Commits

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Mar 23, 2026
@dependabot dependabot Bot requested a review from a team as a code owner March 23, 2026 21:05
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Mar 23, 2026
@cowpoke-dependabot-herder

cowpoke-dependabot-herder Bot commented Mar 23, 2026

Copy link
Copy Markdown

This PR fixes these vulnerabilities:



Documentation: Dependabot Alerts

@cowpoke-dependabot-herder

cowpoke-dependabot-herder Bot commented Mar 23, 2026

Copy link
Copy Markdown

/domain @Betterment/principal-plus
/platform @Betterment/principal-plus

Not the right folks? Open a PR here to correct the repository configuration.

@smudge

smudge commented May 8, 2026

Copy link
Copy Markdown
Member

@dependabot rebase

@dependabot
Bump actionview from 8.0.2.1 to 8.0.4.1
408efd5 
Bumps [actionview](https://github.com/rails/rails) from 8.0.2.1 to 8.0.4.1.
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v8.1.3/actionview/CHANGELOG.md)
- [Commits](rails/rails@v8.0.2.1...v8.0.4.1)

---
updated-dependencies:
- dependency-name: actionview
  dependency-version: 8.0.4.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot force-pushed the dependabot/bundler/actionview-8.0.4.1 branch from 34e5fbb to 408efd5 Compare May 8, 2026 19:42
@smudge

smudge commented May 8, 2026

Copy link
Copy Markdown
Member

@dependabot rebase

@dependabot @github

dependabot Bot commented on behalf of github May 8, 2026

Copy link
Copy Markdown
Contributor Author

Looks like actionview is up-to-date now, so this is no longer needed.

@dependabot dependabot Bot closed this May 8, 2026
@dependabot dependabot Bot deleted the dependabot/bundler/actionview-8.0.4.1 branch May 8, 2026 19:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@smudge smudge smudge approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file LOW ruby Pull requests that update ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@smudge