Skip to content

chore(deps): update dependency passenger from v6.0.22 to v6.0.26 [security] #310

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: rutebanken_develop
Choose a base branch
from
Open

chore(deps): update dependency passenger from v6.0.22 to v6.0.26 [security] #310

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Feb 24, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
passenger (source, changelog) "6.0.22" -> "6.0.26" age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2025-26803

The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method.

Release Notes

phusion/passenger (passenger)

v6.0.26

Compare Source

  • [CVE-2025-26803] The http parser (from Passenger 6.0.21-6.0.25) was susceptible to a denial of service attack when parsing a request with an invalid HTTP method.

v6.0.25

Compare Source

  • Fixes compilation with clang 19 (latest Fedora update) by dropping a buggy stddev function from the moving average header. Closes GH-2580.
  • [Standalone] Adds a config option to specify the stop timeout for Passenger: --stop-timeout 120 or PASSENGER_STOP_TIMEOUT=120.
  • [Standalone] Changes Passenger's (not apps') start timeout to 25s (from 15s), stop timeouts default to 60s.
  • [Ruby] Fixes an issue where Bundler would try to re-exec the process name instead of the script. Closes GH-2567 and GH-2577.
  • [Enterprise] Adds a temporary flag to allow reverting to previous routing behaviour, in order to mitigate possible performance regressions, this flag will become a no-op and eventually removed once the routing issues have been fixed. Closes GH-2579.
    • Apache: PassengerOldRouting on
    • Nginx: passenger_old_routing on;
    • Standalone: --old-routing
  • Updated various library versions used in precompiled binaries (used for e.g. gem installs):
    • cmake: 3.31.2 -> 3.31.3
    • curl: 8.11.0 -> 8.11.1
    • libiconv: 1.17 -> 1.18
    • rubygems: 3.5.23 -> 3.6.2
    • rubies:
      • added 3.4.1

v6.0.24

Compare Source

  • [Nginx] Upgrades preferred Nginx to 1.26.2 from 1.26.1.
  • [Enterprise] Smarter rolling restarts for better performance and reliability. We changed the way we route requests. Instead of picking the least-busy process, we now first prioritize new processes first. During a rolling restart, this new behavior leads to more efficient utilization of application caches, faster validation of new rollouts, and faster recovery from problematic deployments. Closes GH-2551.
  • Fix a regression from 6.0.10 where running passenger-config system-properties would throw an error. Closes GH-2565.
  • [Enterprise] Fix a memory corruption-related crash that could occur during rolling restarting.
  • [Ubuntu] Add packages for Ubuntu 24.10 "oracular".
  • [Ruby] Specify rackup version to avoid broken 1.0 gem. Closes GH-2559.
  • Fixes compatibility with Ruby apps whose Gemfile.lock depends on base64.
  • Upgrades Boost from 1.85 -> 1.86.
  • Updated various library versions used in precompiled binaries (used for e.g. gem installs):
    • ccache 4.10.1 -> 4.10.2
    • cmake 3.30.1 -> 3.31.2
    • curl 8.8.0 -> 8.11.0
    • git 2.45.2 -> 2.47.1
    • gnupg 2.4.5 -> 2.4.7
    • libgpg_error 1.50 -> 1.51
    • npth 1.7 -> 1.8
    • openssl 3.3.1 -> 3.4.0
    • rubygems 3.5.16 -> 3.5.23
    • rubies:
      • 3.2.4 -> 3.2.6
      • 3.3.4 -> 3.3.6

v6.0.23

Compare Source

  • [Enterprise] The rolling restart feature now replaces app processes in newest-to-oldest order, to make more efficient use of alive processes during the rolling-restart's duration. Closes GH-2551.
  • [Ruby] Improve Rack 3 compatibility.
  • [Nginx] Upgrades preferred Nginx to 1.26.1 from 1.26.0.
  • [Debian] Remove packages for Debian 10 Buster. (EOL 2024-07).
  • [Ubuntu] Add packages for Ubuntu 24.04 "noble".
  • [RPMs] Remove EL7 RPMs, CentOS7 is EOL.
  • Fixes compatibility with Ruby apps whose Gemfile.lock depends on strscan.
  • Adds option to render a custom error page when app fails to launch. Closes GH-2515.
    • Apache: PassengerCustomErrorPage "public/error.html"
    • Nginx: passenger_custom_error_page public/error.html;
    • Standalone: --custom-error-page public/error.html
  • Updated various library versions used in precompiled binaries (used for e.g. gem installs):
    • glibc 2.17 -> 2.28
    • ccache 4.9.1 -> 4.10.1
    • cmake 3.29.3 -> 3.30.1
    • curl 8.7.1 -> 8.8.0
    • git 2.45.0 -> 2.45.2
    • openssl 3.3.0 -> 3.3.1
    • pcre2 10.43 -> 10.44
    • libassuan 2.5.7 -> 3.0.1
    • libgcrypt 1.10.3 -> 1.11.0
    • libgpg_error 1.49 -> 1.50
    • libksba 1.6.6 -> 1.6.7
    • pinentry 1.3.0 -> 1.3.1
    • rubygems 3.5.10 -> 3.5.16
    • rubies:
      • dropped 3.0.7
      • 3.1.5 -> 3.1.6
      • 3.3.1 -> 3.3.4

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate Renovate
Copy link
Author

renovate bot commented Feb 24, 2025
edited
Loading

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Gemfile.lock
Fetching https://github.com/entur/chouette-projects-i18n.git
Fetching https://github.com/entur/chouette2-i18n.git
Fetching https://github.com/entur/ievkit_views.git
Fetching https://github.com/entur/ievkit.git
Fetching https://github.com/chrisk/fakeweb.git
Fetching https://github.com/entur/language_engine
Fetching https://github.com/entur/ffi-proj4
Fetching https://github.com/entur/georuby-ext.git
Fetching gem metadata from https://rails-assets.org/...
Fetching gem metadata from https://rubygems.org/........
Resolving dependencies...

Could not find compatible versions

    Because rails >= 6.1.7.10, < 7.0.0.alpha1 depends on actionpack = 6.1.7.10
      and rails >= 6.1.7.9, < 6.1.7.10 depends on actionpack = 6.1.7.9,
rails >= 6.1.7.9, < 7.0.0.alpha1 requires actionpack = 6.1.7.9 OR =
6.1.7.10.
    And because rails >= 6.1.7.8, < 6.1.7.9 depends on actionpack = 6.1.7.8
      and rails >= 6.1.7.7, < 6.1.7.8 depends on actionpack = 6.1.7.7,
rails >= 6.1.7.7, < 7.0.0.alpha1 requires actionpack = 6.1.7.7 OR =
6.1.7.8 OR = 6.1.7.9 OR = 6.1.7.10.
    And because rails >= 6.1.7.6, < 6.1.7.7 depends on actionpack = 6.1.7.6
      and rails >= 6.1.7.5, < 6.1.7.6 depends on actionpack = 6.1.7.5,
rails >= 6.1.7.5, < 7.0.0.alpha1 requires actionpack = 6.1.7.5 OR =
6.1.7.6 OR = 6.1.7.7 OR = 6.1.7.8 OR = 6.1.7.9 OR = 6.1.7.10.
    And because rails >= 6.1.7.4, < 6.1.7.5 depends on actionpack = 6.1.7.4
      and rails >= 6.1.7.3, < 6.1.7.4 depends on actionpack = 6.1.7.3,
rails >= 6.1.7.3, < 7.0.0.alpha1 requires actionpack = 6.1.7.3 OR =
6.1.7.4 OR = 6.1.7.5 OR = 6.1.7.6 OR = 6.1.7.7 OR = 6.1.7.8 OR = 6.1.7.9 OR =
6.1.7.10.
    And because rails >= 6.1.7.2, < 6.1.7.3 depends on actionpack = 6.1.7.2
      and rails >= 6.1.7.1, < 6.1.7.2 depends on actionpack = 6.1.7.1,
rails >= 6.1.7.1, < 7.0.0.alpha1 requires actionpack = 6.1.7.1 OR =
6.1.7.2 OR = 6.1.7.3 OR = 6.1.7.4 OR = 6.1.7.5 OR = 6.1.7.6 OR = 6.1.7.7 OR =
6.1.7.8 OR = 6.1.7.9 OR = 6.1.7.10.
    And because rails >= 6.1.7, < 6.1.7.1 depends on actionpack = 6.1.7
      and rails >= 6.1.6.1, < 6.1.7 depends on actionpack = 6.1.6.1,
rails >= 6.1.6.1, < 7.0.0.alpha1 requires actionpack = 6.1.6.1 OR = 6.1.7
OR = 6.1.7.1 OR = 6.1.7.2 OR = 6.1.7.3 OR = 6.1.7.4 OR = 6.1.7.5 OR = 6.1.7.6 OR
= 6.1.7.7 OR = 6.1.7.8 OR = 6.1.7.9 OR = 6.1.7.10.
    And because rails >= 6.1.6, < 6.1.6.1 depends on actionpack = 6.1.6
      and rails >= 6.1.5.1, < 6.1.6 depends on actionpack = 6.1.5.1,
rails >= 6.1.5.1, < 7.0.0.alpha1 requires actionpack = 6.1.5.1 OR = 6.1.6
OR = 6.1.6.1 OR = 6.1.7 OR = 6.1.7.1 OR = 6.1.7.2 OR = 6.1.7.3 OR = 6.1.7.4 OR =
6.1.7.5 OR = 6.1.7.6 OR = 6.1.7.7 OR = 6.1.7.8 OR = 6.1.7.9 OR = 6.1.7.10.
    And because rails >= 6.1.5, < 6.1.5.1 depends on actionpack = 6.1.5
      and rails >= 6.1.4.7, < 6.1.5 depends on actionpack = 6.1.4.7,
rails >= 6.1.4.7, < 7.0.0.alpha1 requires actionpack = 6.1.4.7 OR = 6.1.5
OR = 6.1.5.1 OR = 6.1.6 OR = 6.1.6.1 OR = 6.1.7 OR = 6.1.7.1 OR = 6.1.7.2 OR =
6.1.7.3 OR = 6.1.7.4 OR = 6.1.7.5 OR = 6.1.7.6 OR = 6.1.7.7 OR = 6.1.7.8 OR =
6.1.7.9 OR = 6.1.7.10.
    And because rails >= 6.1.4.6, < 6.1.4.7 depends on actionpack = 6.1.4.6
      and rails >= 6.1.4.5, < 6.1.4.6 depends on actionpack = 6.1.4.5,
rails >= 6.1.4.5, < 7.0.0.alpha1 requires actionpack = 6.1.4.5 OR =
6.1.4.6 OR = 6.1.4.7 OR = 6.1.5 OR = 6.1.5.1 OR = 6.1.6 OR = 6.1.6.1 OR = 6.1.7
OR = 6.1.7.1 OR = 6.1.7.2 OR = 6.1.7.3 OR = 6.1.7.4 OR = 6.1.7.5 OR = 6.1.7.6 OR
= 6.1.7.7 OR = 6.1.7.8 OR = 6.1.7.9 OR = 6.1.7.10.
    And because rails >= 6.1.4.4, < 6.1.4.5 depends on actionpack = 6.1.4.4
      and rails >= 6.1.4.3, < 6.1.4.4 depends on actionpack = 6.1.4.3,
rails >= 6.1.4.3, < 7.0.0.alpha1 requires actionpack = 6.1.4.3 OR =
6.1.4.4 OR = 6.1.4.5 OR = 6.1.4.6 OR = 6.1.4.7 OR = 6.1.5 OR = 6.1.5.1 OR =
6.1.6 OR = 6.1.6.1 OR = 6.1.7 OR = 6.1.7.1 OR = 6.1.7.2 OR = 6.1.7.3 OR =
6.1.7.4 OR = 6.1.7.5 OR = 6.1.7.6 OR = 6.1.7.7 OR = 6.1.7.8 OR = 6.1.7.9 OR =
6.1.7.10.
    And because rails >= 6.1.4.2, < 6.1.4.3 depends on actionpack = 6.1.4.2
      and rails >= 6.1.4.1, < 6.1.4.2 depends on actionpack = 6.1.4.1,
rails >= 6.1.4.1, < 7.0.0.alpha1 requires actionpack = 6.1.4.1 OR =
6.1.4.2 OR = 6.1.4.3 OR = 6.1.4.4 OR = 6.1.4.5 OR = 6.1.4.6 OR = 6.1.4.7 OR =
6.1.5 OR = 6.1.5.1 OR = 6.1.6 OR = 6.1.6.1 OR = 6.1.7 OR = 6.1.7.1 OR = 6.1.7.2
OR = 6.1.7.3 OR = 6.1.7.4 OR = 6.1.7.5 OR = 6.1.7.6 OR = 6.1.7.7 OR = 6.1.7.8 OR
= 6.1.7.9 OR = 6.1.7.10.
    And because rails >= 6.1.4, < 6.1.4.1 depends on actionpack = 6.1.4
      and rails >= 6.1.3.2, < 6.1.4 depends on actionpack = 6.1.3.2,
rails >= 6.1.3.2, < 7.0.0.alpha1 requires actionpack = 6.1.3.2 OR = 6.1.4
OR = 6.1.4.1 OR = 6.1.4.2 OR = 6.1.4.3 OR = 6.1.4.4 OR = 6.1.4.5 OR = 6.1.4.6 OR
= 6.1.4.7 OR = 6.1.5 OR = 6.1.5.1 OR = 6.1.6 OR = 6.1.6.1 OR = 6.1.7 OR =
6.1.7.1 OR = 6.1.7.2 OR = 6.1.7.3 OR = 6.1.7.4 OR = 6.1.7.5 OR = 6.1.7.6 OR =
6.1.7.7 OR = 6.1.7.8 OR = 6.1.7.9 OR = 6.1.7.10.
    And because rails >= 6.1.3.1, < 6.1.3.2 depends on actionpack = 6.1.3.1
      and rails >= 6.1.3, < 6.1.3.1 depends on actionpack = 6.1.3,
rails >= 6.1.3, < 7.0.0.alpha1 requires actionpack = 6.1.3 OR = 6.1.3.1 OR
= 6.1.3.2 OR = 6.1.4 OR = 6.1.4.1 OR = 6.1.4.2 OR = 6.1.4.3 OR = 6.1.4.4 OR =
6.1.4.5 OR = 6.1.4.6 OR = 6.1.4.7 OR = 6.1.5 OR = 6.1.5.1 OR = 6.1.6 OR =
6.1.6.1 OR = 6.1.7 OR = 6.1.7.1 OR = 6.1.7.2 OR = 6.1.7.3 OR = 6.1.7.4 OR =
6.1.7.5 OR = 6.1.7.6 OR = 6.1.7.7 OR = 6.1.7.8 OR = 6.1.7.9 OR = 6.1.7.10.
    And because rails >= 6.1.2.1, < 6.1.3 depends on actionpack = 6.1.2.1
      and rails >= 6.1.2, < 6.1.2.1 depends on actionpack = 6.1.2,
rails >= 6.1.2, < 7.0.0.alpha1 requires actionpack = 6.1.2 OR = 6.1.2.1 OR
= 6.1.3 OR = 6.1.3.1 OR = 6.1.3.2 OR = 6.1.4 OR = 6.1.4.1 OR = 6.1.4.2 OR =
6.1.4.3 OR = 6.1.4.4 OR = 6.1.4.5 OR = 6.1.4.6 OR = 6.1.4.7 OR = 6.1.5 OR =
6.1.5.1 OR = 6.1.6 OR = 6.1.6.1 OR = 6.1.7 OR = 6.1.7.1 OR = 6.1.7.2 OR =
6.1.7.3 OR = 6.1.7.4 OR = 6.1.7.5 OR = 6.1.7.6 OR = 6.1.7.7 OR = 6.1.7.8 OR =
6.1.7.9 OR = 6.1.7.10.
(1) So, because rails >= 6.1.1, < 6.1.2 depends on actionpack = 6.1.1
      and rails >= 6.1.0, < 6.1.1 depends on actionpack = 6.1.0,
rails >= 6.1.0, < 7.0.0.alpha1 requires actionpack = 6.1.0 OR = 6.1.1 OR =
6.1.2 OR = 6.1.2.1 OR = 6.1.3 OR = 6.1.3.1 OR = 6.1.3.2 OR = 6.1.4 OR = 6.1.4.1
OR = 6.1.4.2 OR = 6.1.4.3 OR = 6.1.4.4 OR = 6.1.4.5 OR = 6.1.4.6 OR = 6.1.4.7 OR
= 6.1.5 OR = 6.1.5.1 OR = 6.1.6 OR = 6.1.6.1 OR = 6.1.7 OR = 6.1.7.1 OR =
6.1.7.2 OR = 6.1.7.3 OR = 6.1.7.4 OR = 6.1.7.5 OR = 6.1.7.6 OR = 6.1.7.7 OR =
6.1.7.8 OR = 6.1.7.9 OR = 6.1.7.10.

    Because rails >= 6.1.7.9, < 6.1.7.10 depends on activesupport = 6.1.7.9
      and rails >= 6.1.7.8, < 6.1.7.9 depends on activesupport = 6.1.7.8,
rails >= 6.1.7.8, < 6.1.7.10 requires activesupport = 6.1.7.8 OR =
6.1.7.9.
    And because rails >= 6.1.7.7, < 6.1.7.8 depends on activesupport = 6.1.7.7
      and rails >= 6.1.7.6, < 6.1.7.7 depends on activesupport = 6.1.7.6,
rails >= 6.1.7.6, < 6.1.7.10 requires activesupport = 6.1.7.6 OR = 6.1.7.7
OR = 6.1.7.8 OR = 6.1.7.9.
    And because rails >= 6.1.7.5, < 6.1.7.6 depends on activesupport = 6.1.7.5
      and rails >= 6.1.7.4, < 6.1.7.5 depends on activesupport = 6.1.7.4,
rails >= 6.1.7.4, < 6.1.7.10 requires activesupport = 6.1.7.4 OR = 6.1.7.5
OR = 6.1.7.6 OR = 6.1.7.7 OR = 6.1.7.8 OR = 6.1.7.9.
    And because rails >= 6.1.7.3, < 6.1.7.4 depends on activesupport = 6.1.7.3
      and rails >= 6.1.7.2, < 6.1.7.3 depends on activesupport = 6.1.7.2,
rails >= 6.1.7.2, < 6.1.7.10 requires activesupport = 6.1.7.2 OR = 6.1.7.3
OR = 6.1.7.4 OR = 6.1.7.5 OR = 6.1.7.6 OR = 6.1.7.7 OR = 6.1.7.8 OR = 6.1.7.9.
    And because rails >= 6.1.7.1, < 6.1.7.2 depends on activesupport = 6.1.7.1
      and rails >= 6.1.7, < 6.1.7.1 depends on activesupport = 6.1.7,
rails >= 6.1.7, < 6.1.7.10 requires activesupport = 6.1.7 OR = 6.1.7.1 OR
= 6.1.7.2 OR = 6.1.7.3 OR = 6.1.7.4 OR = 6.1.7.5 OR = 6.1.7.6 OR = 6.1.7.7 OR =
6.1.7.8 OR = 6.1.7.9.
    And because rails >= 6.1.6.1, < 6.1.7 depends on activesupport = 6.1.6.1
      and rails >= 6.1.6, < 6.1.6.1 depends on activesupport = 6.1.6,
rails >= 6.1.6, < 6.1.7.10 requires activesupport = 6.1.6 OR = 6.1.6.1 OR
= 6.1.7 OR = 6.1.7.1 OR = 6.1.7.2 OR = 6.1.7.3 OR = 6.1.7.4 OR = 6.1.7.5 OR =
6.1.7.6 OR = 6.1.7.7 OR = 6.1.7.8 OR = 6.1.7.9.
    And because rails >= 6.1.5.1, < 6.1.6 depends on activesupport = 6.1.5.1
      and rails >= 6.1.5, < 6.1.5.1 depends on activesupport = 6.1.5,
rails >= 6.1.5, < 6.1.7.10 requires activesupport = 6.1.5 OR = 6.1.5.1 OR
= 6.1.6 OR = 6.1.6.1 OR = 6.1.7 OR = 6.1.7.1 OR = 6.1.7.2 OR = 6.1.7.3 OR =
6.1.7.4 OR = 6.1.7.5 OR = 6.1.7.6 OR = 6.1.7.7 OR = 6.1.7.8 OR = 6.1.7.9.
    And because rails >= 6.1.4.7, < 6.1.5 depends on activesupport = 6.1.4.7
      and rails >= 6.1.4.6, < 6.1.4.7 depends on activesupport = 6.1.4.6,
rails >= 6.1.4.6, < 6.1.7.10 requires activesupport = 6.1.4.6 OR = 6.1.4.7
OR = 6.1.5 OR = 6.1.5.1 OR = 6.1.6 OR = 6.1.6.1 OR = 6.1.7 OR = 6.1.7.1 OR =
6.1.7.2 OR = 6.1.7.3 OR = 6.1.7.4 OR = 6.1.7.5 OR = 6.1.7.6 OR = 6.1.7.7 OR =
6.1.7.8 OR = 6.1.7.9.
    And because rails >= 6.1.4.5, < 6.1.4.6 depends on activesupport = 6.1.4.5
      and rails >= 6.1.4.4, < 6.1.4.5 depends on activesupport = 6.1.4.4,
rails >= 6.1.4.4, < 6.1.7.10 requires activesupport = 6.1.4.4 OR = 6.1.4.5
OR = 6.1.4.6 OR = 6.1.4.7 OR = 6.1.5 OR = 6.1.5.1 OR = 6.1.6 OR = 6.1.6.1 OR =
6.1.7 OR = 6.1.7.1 OR = 6.1.7.2 OR = 6.1.7.3 OR = 6.1.7.4 OR = 6.1.7.5 OR =
6.1.7.6 OR = 6.1.7.7 OR = 6.1.7.8 OR = 6.1.7.9.
    And because rails >= 6.1.4.3, < 6.1.4.4 depends on activesupport = 6.1.4.3
      and rails >= 6.1.4.2, < 6.1.4.3 depends on activesupport = 6.1.4.2,
rails >= 6.1.4.2, < 6.1.7.10 requires activesupport = 6.1.4.2 OR = 6.1.4.3
OR = 6.1.4.4 OR = 6.1.4.5 OR = 6.1.4.6 OR = 6.1.4.7 OR = 6.1.5 OR = 6.1.5.1 OR =
6.1.6 OR = 6.1.6.1 OR = 6.1.7 OR = 6.1.7.1 OR = 6.1.7.2 OR = 6.1.7.3 OR =
6.1.7.4 OR = 6.1.7.5 OR = 6.1.7.6 OR = 6.1.7.7 OR = 6.1.7.8 OR = 6.1.7.9.
    And because rails >= 6.1.4.1, < 6.1.4.2 depends on activesupport = 6.1.4.1
      and rails >= 6.1.4, < 6.1.4.1 depends on activesupport = 6.1.4,
rails >= 6.1.4, < 6.1.7.10 requires activesupport = 6.1.4 OR = 6.1.4.1 OR
= 6.1.4.2 OR = 6.1.4.3 OR = 6.1.4.4 OR = 6.1.4.5 OR = 6.1.4.6 OR = 6.1.4.7 OR =
6.1.5 OR = 6.1.5.1 OR = 6.1.6 OR = 6.1.6.1 OR = 6.1.7 OR = 6.1.7.1 OR = 6.1.7.2
OR = 6.1.7.3 OR = 6.1.7.4 OR = 6.1.7.5 OR = 6.1.7.6 OR = 6.1.7.7 OR = 6.1.7.8 OR
= 6.1.7.9.
    And because rails >= 6.1.3.2, < 6.1.4 depends on activesupport = 6.1.3.2
      and rails >= 6.1.3.1, < 6.1.3.2 depends on activesupport = 6.1.3.1,
rails >= 6.1.3.1, < 6.1.7.10 requires activesupport = 6.1.3.1 OR = 6.1.3.2
OR = 6.1.4 OR = 6.1.4.1 OR = 6.1.4.2 OR = 6.1.4.3 OR = 6.1.4.4 OR = 6.1.4.5 OR =
6.1.4.6 OR = 6.1.4.7 OR = 6.1.5 OR = 6.1.5.1 OR = 6.1.6 OR = 6.1.6.1 OR = 6.1.7
OR = 6.1.7.1 OR = 6.1.7.2 OR = 6.1.7.3 OR = 6.1.7.4 OR = 6.1.7.5 OR = 6.1.7.6 OR
= 6.1.7.7 OR = 6.1.7.8 OR = 6.1.7.9.
    And because rails >= 6.1.3, < 6.1.3.1 depends on activesupport = 6.1.3
      and rails >= 6.1.2.1, < 6.1.3 depends on activesupport = 6.1.2.1,
rails >= 6.1.2.1, < 6.1.7.10 requires activesupport = 6.1.2.1 OR = 6.1.3
OR = 6.1.3.1 OR = 6.1.3.2 OR = 6.1.4 OR = 6.1.4.1 OR = 6.1.4.2 OR = 6.1.4.3 OR =
6.1.4.4 OR = 6.1.4.5 OR = 6.1.4.6 OR = 6.1.4.7 OR = 6.1.5 OR = 6.1.5.1 OR =
6.1.6 OR = 6.1.6.1 OR = 6.1.7 OR = 6.1.7.1 OR = 6.1.7.2 OR = 6.1.7.3 OR =
6.1.7.4 OR = 6.1.7.5 OR = 6.1.7.6 OR = 6.1.7.7 OR = 6.1.7.8 OR = 6.1.7.9.
    And because rails >= 6.1.2, < 6.1.2.1 depends on activesupport = 6.1.2
      and rails >= 6.1.1, < 6.1.2 depends on activesupport = 6.1.1,
rails >= 6.1.1, < 6.1.7.10 requires activesupport = 6.1.1 OR = 6.1.2 OR =
6.1.2.1 OR = 6.1.3 OR = 6.1.3.1 OR = 6.1.3.2 OR = 6.1.4 OR = 6.1.4.1 OR =
6.1.4.2 OR = 6.1.4.3 OR = 6.1.4.4 OR = 6.1.4.5 OR = 6.1.4.6 OR = 6.1.4.7 OR =
6.1.5 OR = 6.1.5.1 OR = 6.1.6 OR = 6.1.6.1 OR = 6.1.7 OR = 6.1.7.1 OR = 6.1.7.2
OR = 6.1.7.3 OR = 6.1.7.4 OR = 6.1.7.5 OR = 6.1.7.6 OR = 6.1.7.7 OR = 6.1.7.8 OR
= 6.1.7.9.
(2) So, because rails >= 6.1.0, < 6.1.1 depends on activesupport = 6.1.0
      and rails >= 6.1.7.10, < 7.0.0.alpha1 depends on railties = 6.1.7.10,
rails >= 6.1.0, < 7.0.0.alpha1 requires activesupport = 6.1.0 OR = 6.1.1
OR = 6.1.2 OR = 6.1.2.1 OR = 6.1.3 OR = 6.1.3.1 OR = 6.1.3.2 OR = 6.1.4 OR =
6.1.4.1 OR = 6.1.4.2 OR = 6.1.4.3 OR = 6.1.4.4 OR = 6.1.4.5 OR = 6.1.4.6 OR =
6.1.4.7 OR = 6.1.5 OR = 6.1.5.1 OR = 6.1.6 OR = 6.1.6.1 OR = 6.1.7 OR = 6.1.7.1
OR = 6.1.7.2 OR = 6.1.7.3 OR = 6.1.7.4 OR = 6.1.7.5 OR = 6.1.7.6 OR = 6.1.7.7 OR
= 6.1.7.8 OR = 6.1.7.9 or railties = 6.1.7.10.

Because actionpack >= 8.0.0.beta1, < 8.0.0.rc1 depends on activesupport =
8.0.0.beta1
and actionpack >= 8.0.0.rc1, < 8.0.0.rc2 depends on activesupport =
8.0.0.rc1,
actionpack >= 8.0.0.beta1, < 8.0.0.rc2 requires activesupport =
8.0.0.beta1 OR = 8.0.0.rc1.
And because actionpack >= 8.0.0.rc2, < 8.0.0 depends on activesupport =
8.0.0.rc2
and actionpack >= 7.2.0.beta1, < 7.2.0.beta2 depends on activesupport =
7.2.0.beta1,
actionpack >= 7.2.0.beta1, < 7.2.0.beta2 OR >= 8.0.0.beta1, < 8.0.0
requires activesupport = 7.2.0.beta1 OR = 8.0.0.beta1 OR = 8.0.0.rc1 OR =
8.0.0.rc2.
And because actionpack >= 7.2.0.beta2, < 7.2.0.beta3 depends on
activesupport = 7.2.0.beta2
and actionpack >= 7.2.0.beta3, < 7.2.0.rc1 depends on activesupport =
7.2.0.beta3,
actionpack >= 7.2.0.beta1, < 7.2.0.rc1 OR >= 8.0.0.beta1, < 8.0.0 requires
activesupport = 7.2.0.beta1 OR = 7.2.0.beta2 OR = 7.2.0.beta3 OR = 8.0.0.beta1
OR = 8.0.0.rc1 OR = 8.0.0.rc2.
And because actionpack >= 7.2.0.rc1, < 7.2.0 depends on activesupport =
7.2.0.rc1
      and actionpack >= 8.0.0, < 8.0.0.1 depends on activesupport = 8.0.0,
actionpack >= 7.2.0.beta1, < 7.2.0 OR >= 8.0.0.beta1, < 8.0.0.1 requires
activesupport = 7.2.0.beta1 OR = 7.2.0.beta2 OR = 7.2.0.beta3 OR = 7.2.0.rc1 OR
= 8.0.0.beta1 OR = 8.0.0.rc1 OR = 8.0.0.rc2 OR = 8.0.0.
And because actionpack >= 8.0.0.1, < 8.0.1 depends on activesupport =
8.0.0.1
      and actionpack >= 8.0.1, < 8.0.2 depends on activesupport = 8.0.1,
actionpack >= 7.2.0.beta1, < 7.2.0 OR >= 8.0.0.beta1, < 8.0.2 requires
activesupport = 7.2.0.beta1 OR = 7.2.0.beta2 OR = 7.2.0.beta3 OR = 7.2.0.rc1 OR
= 8.0.0.beta1 OR = 8.0.0.rc1 OR = 8.0.0.rc2 OR = 8.0.0 OR = 8.0.0.1 OR = 8.0.1.
    And because actionpack >= 8.0.2 depends on activesupport = 8.0.2
      and actionpack >= 7.2.0, < 7.2.1 depends on activesupport = 7.2.0,
actionpack >= 7.2.0.beta1, < 7.2.1 OR >= 8.0.0.beta1 requires
activesupport = 7.2.0.beta1 OR = 7.2.0.beta2 OR = 7.2.0.beta3 OR = 7.2.0.rc1 OR
= 7.2.0 OR = 8.0.0.beta1 OR = 8.0.0.rc1 OR = 8.0.0.rc2 OR = 8.0.0 OR = 8.0.0.1
OR = 8.0.1 OR = 8.0.2.
    And because actionpack >= 7.2.1, < 7.2.1.1 depends on activesupport = 7.2.1
      and actionpack >= 7.2.1.1, < 7.2.1.2 depends on activesupport = 7.2.1.1,
actionpack >= 7.2.0.beta1, < 7.2.1.2 OR >= 8.0.0.beta1 requires
activesupport = 7.2.0.beta1 OR = 7.2.0.beta2 OR = 7.2.0.beta3 OR = 7.2.0.rc1 OR
= 7.2.0 OR = 7.2.1 OR = 7.2.1.1 OR = 8.0.0.beta1 OR = 8.0.0.rc1 OR = 8.0.0.rc2
OR = 8.0.0 OR = 8.0.0.1 OR = 8.0.1 OR = 8.0.2.
And because actionpack >= 7.2.1.2, < 7.2.2 depends on activesupport =
7.2.1.2
      and actionpack >= 7.2.2, < 7.2.2.1 depends on activesupport = 7.2.2,
actionpack >= 7.2.0.beta1, < 7.2.2.1 OR >= 8.0.0.beta1 requires
activesupport = 7.2.0.beta1 OR = 7.2.0.beta2 OR = 7.2.0.beta3 OR = 7.2.0.rc1 OR
= 7.2.0 OR = 7.2.1 OR = 7.2.1.1 OR = 7.2.1.2 OR = 7.2.2 OR = 8.0.0.beta1 OR =
8.0.0.rc1 OR = 8.0.0.rc2 OR = 8.0.0 OR = 8.0.0.1 OR = 8.0.1 OR = 8.0.2.
And because actionpack >= 7.2.2.1, < 8.0.0.beta1 depends on activesupport =
7.2.2.1
      and actionpack >= 7.1.0, < 7.1.1 depends on activesupport = 7.1.0,
actionpack >= 7.1.0, < 7.1.1 OR >= 7.2.0.beta1 requires activesupport =
7.1.0 OR = 7.2.0.beta1 OR = 7.2.0.beta2 OR = 7.2.0.beta3 OR = 7.2.0.rc1 OR =
7.2.0 OR = 7.2.1 OR = 7.2.1.1 OR = 7.2.1.2 OR = 7.2.2 OR = 7.2.2.1 OR =
8.0.0.beta1 OR = 8.0.0.rc1 OR = 8.0.0.rc2 OR = 8.0.0 OR = 8.0.0.1 OR = 8.0.1 OR
= 8.0.2.
    And because actionpack >= 7.1.1, < 7.1.2 depends on activesupport = 7.1.1
      and actionpack >= 7.1.2, < 7.1.3 depends on activesupport = 7.1.2,
actionpack >= 7.1.0, < 7.1.3 OR >= 7.2.0.beta1 requires activesupport =
7.1.0 OR = 7.1.1 OR = 7.1.2 OR = 7.2.0.beta1 OR = 7.2.0.beta2 OR = 7.2.0.beta3
OR = 7.2.0.rc1 OR = 7.2.0 OR = 7.2.1 OR = 7.2.1.1 OR = 7.2.1.2 OR = 7.2.2 OR =
7.2.2.1 OR = 8.0.0.beta1 OR = 8.0.0.rc1 OR = 8.0.0.rc2 OR = 8.0.0 OR = 8.0.0.1
OR = 8.0.1 OR = 8.0.2.
    And because actionpack >= 7.1.3, < 7.1.3.1 depends on activesupport = 7.1.3
      and actionpack >= 7.1.3.1, < 7.1.3.2 depends on activesupport = 7.1.3.1,
actionpack >= 7.1.0, < 7.1.3.2 OR >= 7.2.0.beta1 requires activesupport =
7.1.0 OR = 7.1.1 OR = 7.1.2 OR = 7.1.3 OR = 7.1.3.1 OR = 7.2.0.beta1 OR =
7.2.0.beta2 OR = 7.2.0.beta3 OR = 7.2.0.rc1 OR = 7.2.0 OR = 7.2.1 OR = 7.2.1.1
OR = 7.2.1.2 OR = 7.2.2 OR = 7.2.2.1 OR = 8.0.0.beta1 OR = 8.0.0.rc1 OR =
8.0.0.rc2 OR = 8.0.0 OR = 8.0.0.1 OR = 8.0.1 OR = 8.0.2.
And because actionpack >= 7.1.3.2, < 7.1.3.3 depends on activesupport =
7.1.3.2
      and actionpack >= 7.1.3.3, < 7.1.3.4 depends on activesupport = 7.1.3.3,
actionpack >= 7.1.0, < 7.1.3.4 OR >= 7.2.0.beta1 requires activesupport =
7.1.0 OR = 7.1.1 OR = 7.1.2 OR = 7.1.3 OR = 7.1.3.1 OR = 7.1.3.2 OR = 7.1.3.3 OR
= 7.2.0.beta1 OR = 7.2.0.beta2 OR = 7.2.0.beta3 OR = 7.2.0.rc1 OR = 7.2.0 OR =
7.2.1 OR = 7.2.1.1 OR = 7.2.1.2 OR = 7.2.2 OR = 7.2.2.1 OR = 8.0.0.beta1 OR =
8.0.0.rc1 OR = 8.0.0.rc2 OR = 8.0.0 OR = 8.0.0.1 OR = 8.0.1 OR = 8.0.2.
And because actionpack >= 7.1.3.4, < 7.1.4 depends on activesupport =
7.1.3.4
      and actionpack >= 7.1.4, < 7.1.4.1 depends on activesupport = 7.1.4,
actionpack >= 7.1.0, < 7.1.4.1 OR >= 7.2.0.beta1 requires activesupport =
7.1.0 OR = 7.1.1 OR = 7.1.2 OR = 7.1.3 OR = 7.1.3.1 OR = 7.1.3.2 OR = 7.1.3.3 OR
= 7.1.3.4 OR = 7.1.4 OR = 7.2.0.beta1 OR = 7.2.0.beta2 OR = 7.2.0.beta3 OR =
7.2.0.rc1 OR = 7.2.0 OR = 7.2.1 OR = 7.2.1.1 OR = 7.2.1.2 OR = 7.2.2 OR =
7.2.2.1 OR = 8.0.0.beta1 OR = 8.0.0.rc1 OR = 8.0.0.rc2 OR = 8.0.0 OR = 8.0.0.1
OR = 8.0.1 OR = 8.0.2.
And because actionpack >= 7.1.4.1, < 7.1.4.2 depends on activesupport =
7.1.4.1
      and actionpack >= 7.1.4.2, < 7.1.5 depends on activesupport = 7.1.4.2,
actionpack >= 7.1.0, < 7.1.5 OR >= 7.2.0.beta1 requires activesupport =
7.1.0 OR = 7.1.1 OR = 7.1.2 OR = 7.1.3 OR = 7.1.3.1 OR = 7.1.3.2 OR = 7.1.3.3 OR
= 7.1.3.4 OR = 7.1.4 OR = 7.1.4.1 OR = 7.1.4.2 OR = 7.2.0.beta1 OR = 7.2.0.beta2
OR = 7.2.0.beta3 OR = 7.2.0.rc1 OR = 7.2.0 OR = 7.2.1 OR = 7.2.1.1 OR = 7.2.1.2
OR = 7.2.2 OR = 7.2.2.1 OR = 8.0.0.beta1 OR = 8.0.0.rc1 OR = 8.0.0.rc2 OR =
8.0.0 OR = 8.0.0.1 OR = 8.0.1 OR = 8.0.2.
    And because actionpack >= 7.1.5, < 7.1.5.1 depends on activesupport = 7.1.5
and actionpack >= 7.1.5.1, < 7.2.0.beta1 depends on activesupport =
7.1.5.1,
actionpack >= 7.1.0 requires activesupport = 7.1.0 OR = 7.1.1 OR = 7.1.2
OR = 7.1.3 OR = 7.1.3.1 OR = 7.1.3.2 OR = 7.1.3.3 OR = 7.1.3.4 OR = 7.1.4 OR =
7.1.4.1 OR = 7.1.4.2 OR = 7.1.5 OR = 7.1.5.1 OR = 7.2.0.beta1 OR = 7.2.0.beta2
OR = 7.2.0.beta3 OR = 7.2.0.rc1 OR = 7.2.0 OR = 7.2.1 OR = 7.2.1.1 OR = 7.2.1.2
OR = 7.2.2 OR = 7.2.2.1 OR = 8.0.0.beta1 OR = 8.0.0.rc1 OR = 8.0.0.rc2 OR =
8.0.0 OR = 8.0.0.1 OR = 8.0.1 OR = 8.0.2.
And because rails >= 6.1.0, < 7.0.0.alpha1 requires activesupport = 6.1.0 OR
= 6.1.1 OR = 6.1.2 OR = 6.1.2.1 OR = 6.1.3 OR = 6.1.3.1 OR = 6.1.3.2 OR = 6.1.4
OR = 6.1.4.1 OR = 6.1.4.2 OR = 6.1.4.3 OR = 6.1.4.4 OR = 6.1.4.5 OR = 6.1.4.6 OR
= 6.1.4.7 OR = 6.1.5 OR = 6.1.5.1 OR = 6.1.6 OR = 6.1.6.1 OR = 6.1.7 OR =
6.1.7.1 OR = 6.1.7.2 OR = 6.1.7.3 OR = 6.1.7.4 OR = 6.1.7.5 OR = 6.1.7.6 OR =
6.1.7.7 OR = 6.1.7.8 OR = 6.1.7.9 or railties = 6.1.7.10 (2),
if rails >= 6.1.0, < 7.0.0.alpha1 and actionpack >= 7.1.0 then railties =
6.1.7.10.
(3) So, because railties >= 6.1.7.10, < 7.0.0 depends on actionpack = 6.1.7.10,
      rails >= 6.1.0, < 7.0.0.alpha1 is incompatible with actionpack >= 7.1.0.

    Because actionpack >= 7.1.0.rc2, < 7.1.0 depends on actionview = 7.1.0.rc2
and actionpack >= 7.1.0.rc1, < 7.1.0.rc2 depends on actionview =
7.1.0.rc1,
actionpack >= 7.1.0.rc1, < 7.1.0 requires actionview = 7.1.0.rc1 OR =
7.1.0.rc2.
And because actionpack >= 7.1.0.beta1, < 7.1.0.rc1 depends on actionview =
7.1.0.beta1,
actionpack >= 7.1.0.beta1, < 7.1.0 requires actionview = 7.1.0.beta1 OR =
7.1.0.rc1 OR = 7.1.0.rc2.
(4) So, because actionview >= 7.0.8.7, < 7.1.0 depends on activesupport =
7.0.8.7
      and actionpack >= 7.0.0.alpha1, < 7.0.5 depends on rack >= 2.2.0, < 3.A,
actionpack >= 7.0.0.alpha1, < 7.0.5 OR >= 7.1.0.beta1, < 7.1.0 requires
activesupport = 7.0.8.7 or rack >= 2.2.0, < 3.A.

Because actionpack >= 7.1.0.rc1, < 7.1.0.rc2 depends on activesupport =
7.1.0.rc1
and actionpack >= 7.1.0.beta1, < 7.1.0.rc1 depends on activesupport =
7.1.0.beta1,
actionpack >= 7.1.0.beta1, < 7.1.0.rc2 requires activesupport =
7.1.0.beta1 OR = 7.1.0.rc1.
And because actionpack >= 7.1.0.rc2, < 7.1.0 depends on activesupport =
7.1.0.rc2
      and actionpack >= 7.0.0.alpha1, < 7.0.5 depends on rack >= 2.2.0, < 3.A,
actionpack >= 7.0.0.alpha1, < 7.0.5 OR >= 7.1.0.beta1, < 7.1.0 requires
activesupport = 7.1.0.beta1 OR = 7.1.0.rc1 OR = 7.1.0.rc2 or rack >= 2.2.0, <
3.A.
And because actionpack >= 7.0.0.alpha1, < 7.0.5 OR >= 7.1.0.beta1, < 7.1.0
requires activesupport = 7.0.8.7 or rack >= 2.2.0, < 3.A (4),
actionpack >= 7.0.0.alpha1, < 7.0.5 OR >= 7.1.0.beta1, < 7.1.0 requires
rack >= 2.2.0, < 3.A.
And because actionpack >= 7.0.5, < 7.1.0.beta1 depends on rack >= 2.2.4, <
3.A,
      actionpack >= 7.0.0.alpha1, < 7.1.0 requires rack >= 2.2.0, < 3.A.
And because rails >= 6.1.0, < 7.0.0.alpha1 is incompatible with actionpack
>= 7.1.0 (3),
if rails >= 6.1.0, < 7.0.0.alpha1 and actionpack >= 7.0.0.alpha1 then rack
>= 2.2.0, < 3.A.
And because actionpack >= 6.1.0.rc1, < 7.0.0.alpha1 depends on rack >=
2.0.9, < 3.A,
if rails >= 6.1.0, < 7.0.0.alpha1 and actionpack >= 6.1.0.rc1 then rack >=
2.0.9, < 3.A.
And because rails >= 6.1.0, < 7.0.0.alpha1 requires actionpack = 6.1.0 OR =
6.1.1 OR = 6.1.2 OR = 6.1.2.1 OR = 6.1.3 OR = 6.1.3.1 OR = 6.1.3.2 OR = 6.1.4 OR
= 6.1.4.1 OR = 6.1.4.2 OR = 6.1.4.3 OR = 6.1.4.4 OR = 6.1.4.5 OR = 6.1.4.6 OR =
6.1.4.7 OR = 6.1.5 OR = 6.1.5.1 OR = 6.1.6 OR = 6.1.6.1 OR = 6.1.7 OR = 6.1.7.1
OR = 6.1.7.2 OR = 6.1.7.3 OR = 6.1.7.4 OR = 6.1.7.5 OR = 6.1.7.6 OR = 6.1.7.7 OR
= 6.1.7.8 OR = 6.1.7.9 OR = 6.1.7.10 (1),
      rails >= 6.1.0, < 7.0.0.alpha1 requires rack >= 2.0.9, < 3.A.
    And because rackup >= 2.0.0 depends on rack >= 3
      and passenger >= 6.0.24, < 6.0.27 depends on rackup >= 2.0.0,
rails >= 6.1.0, < 7.0.0.alpha1 is incompatible with passenger >= 6.0.24, <
6.0.27.
    So, because Gemfile depends on rails ~> 6.1.0
      and Gemfile depends on passenger = 6.0.26,
      version solving has failed.

@renovate renovate bot force-pushed the renovate/rubygems-passenger-vulnerability branch 8 times, most recently from 2e38dff to 8f53a84 Compare March 4, 2025 16:14
@renovate renovate bot force-pushed the renovate/rubygems-passenger-vulnerability branch from 8f53a84 to 6b3ff3d Compare March 17, 2025 07:33
@renovate renovate bot force-pushed the renovate/rubygems-passenger-vulnerability branch from 6b3ff3d to b6c81aa Compare April 10, 2025 14:51
@renovate renovate bot force-pushed the renovate/rubygems-passenger-vulnerability branch from b6c81aa to 2a8b883 Compare April 10, 2025 15:29
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants