Skip to content

Bump activesupport from 8.1.2 to 8.1.2.1#222

Merged
biow0lf merged 1 commit intomainfrom
dependabot/bundler/activesupport-8.1.2.1
Mar 24, 2026
Merged

Bump activesupport from 8.1.2 to 8.1.2.1#222
biow0lf merged 1 commit intomainfrom
dependabot/bundler/activesupport-8.1.2.1

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 24, 2026

Bumps activesupport from 8.1.2 to 8.1.2.1.

Release notes

Sourced from activesupport's releases.

8.1.2.1

Active Support

  • Reject scientific notation in NumberConverter

    [CVE-2026-33176]

    Jean Boussier

  • Fix SafeBuffer#% to preserve unsafe status

    [CVE-2026-33170]

    Jean Boussier

  • Improve performance of NumberToDelimitedConverter

    [CVE-2026-33169]

    Jean Boussier

Active Model

  • No changes.

Active Record

  • No changes.

Action View

  • Skip blank attribute names in tag helpers to avoid generating invalid HTML.

    [CVE-2026-33168]

    Mike Dalessio

Action Pack

  • Fix possible XSS in DebugExceptions middleware

    [CVE-2026-33167]

    John Hawthorn

... (truncated)

Changelog

Sourced from activesupport's changelog.

Rails 8.1.2.1 (March 23, 2026)

  • Reject scientific notation in NumberConverter

    [CVE-2026-33176]

    Jean Boussier

  • Fix SafeBuffer#% to preserve unsafe status

    [CVE-2026-33170]

    Jean Boussier

  • Improve performance of NumberToDelimitedConverter

    [CVE-2026-33169]

    Jean Boussier

Commits
  • 1db4b89 Preparing for 8.1.2.1 release
  • 1c7d1cf Update changelog
  • ec1a0e2 Improve performance of NumberToDelimitedConverter
  • 50d732a Fix SafeBuffer#% to preserve unsafe status
  • 19dbab5 NumberConverter: reject scientific notation
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump activesupport from 8.1.2 to 8.1.2.1
8f801f6 
Bumps [activesupport](https://github.com/rails/rails) from 8.1.2 to 8.1.2.1.
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v8.1.2.1/activesupport/CHANGELOG.md)
- [Commits](rails/rails@v8.1.2...v8.1.2.1)

---
updated-dependencies:
- dependency-name: activesupport
  dependency-version: 8.1.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Mar 24, 2026
@biow0lf biow0lf merged commit 80b0f30 into main Mar 24, 2026
6 checks passed
@dependabot dependabot bot deleted the dependabot/bundler/activesupport-8.1.2.1 branch March 24, 2026 12:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@biow0lf biow0lf

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@biow0lf