chore(deps): bump activesupport from 7.2.1.1 to 7.2.3.1 by dependabot[bot] · Pull Request #3621 · github/opensource.guide

dependabot · 2026-03-24T01:56:43Z

Bumps activesupport from 7.2.1.1 to 7.2.3.1.

Release notes

Sourced from activesupport's releases.

7.2.3.1

Active Support

Reject scientific notation in NumberConverter

[CVE-2026-33176]

Jean Boussier

Fix SafeBuffer#% to preserve unsafe status

[CVE-2026-33170]

Jean Boussier

Improve performance of NumberToDelimitedConverter

[CVE-2026-33169]

Jean Boussier

Active Model

No changes.

Active Record

No changes.

Action View

Skip blank attribute names in tag helpers to avoid generating invalid HTML.

[CVE-2026-33168]

Mike Dalessio

Action Pack

No changes.

Active Job

No changes.

... (truncated)

Commits

ba76fca Preparing for 7.2.3.1 release
8a379f4 Update changelog
b54a4b3 Improve performance of NumberToDelimitedConverter
c1ad0e8 Fix SafeBuffer#% to preserve unsafe status
ebd6be1 NumberConverter: reject scientific notation
4a155f1 Lock some dependencies
bb2bdef Preparing for 7.2.3 release
fe41a9f Merge pull request #55840 from zzak/asup-xml-mini-bigdecimal-float-precision
12040a3 Merge pull request #55808 from olivier-thatch/fix-enum-sole
58630e1 Merge pull request #55794 from rails/fix-55513
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [activesupport](https://github.com/rails/rails) from 7.2.1.1 to 7.2.3.1. - [Release notes](https://github.com/rails/rails/releases) - [Changelog](https://github.com/rails/rails/blob/v8.1.2.1/activesupport/CHANGELOG.md) - [Commits](rails/rails@v7.2.1.1...v7.2.3.1) --- updated-dependencies: - dependency-name: activesupport dependency-version: 7.2.3.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-03-27T02:20:06Z