Skip to content

Bump devise from 5.0.2 to 5.0.3#11

Open
dependabot[bot] wants to merge 1 commit intomit-mainfrom
dependabot/bundler/devise-5.0.3
Open

Bump devise from 5.0.2 to 5.0.3#11
dependabot[bot] wants to merge 1 commit intomit-mainfrom
dependabot/bundler/devise-5.0.3

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Mar 17, 2026
edited
Loading

Bumps devise from 5.0.2 to 5.0.3.

Release notes

Sourced from devise's releases.

v5.0.3

https://github.com/heartcombo/devise/blob/v5.0.3/CHANGELOG.md#503---2026-03-16

Changelog

Sourced from devise's changelog.

5.0.3 - 2026-03-16

  • security fixes
    • Fix race condition vulnerability on confirmable "change email" which would allow confirming an email they don't own CVE-2026-32700 #5783 #5784
Commits
  • 2f80920 Release v5.0.3
  • 5334707 Add CVE to changelog [ci skip]
  • 0252777 Fix race condition vulnerability, by ensuring the unconfirmed_email is alwa...
  • 879f79f Bundle update
  • 0f4493b Configure default permissions as read-only for the workflow
  • 8c78576 Ignore test/** folder for GH default code scanning
  • c9e655e Bundle update, clear dependabot security issues
  • 3fd0610 Add a note to the changelog about an edge case issue some users ran into
  • See full diff in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Mar 17, 2026
@dependabot dependabot bot changed the title Bump devise from 4.9.4 to 5.0.3 Bump devise from 5.0.2 to 5.0.3 Apr 1, 2026
@dependabot dependabot bot force-pushed the dependabot/bundler/devise-5.0.3 branch from 8e75bea to 0fe3318 Compare April 1, 2026 11:57
@dependabot
Bump devise from 4.9.4 to 5.0.3
1f4ad63 
Bumps [devise](https://github.com/heartcombo/devise) from 4.9.4 to 5.0.3.
- [Release notes](https://github.com/heartcombo/devise/releases)
- [Changelog](https://github.com/heartcombo/devise/blob/main/CHANGELOG.md)
- [Commits](heartcombo/devise@v4.9.4...v5.0.3)

---
updated-dependencies:
- dependency-name: devise
  dependency-version: 5.0.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/bundler/devise-5.0.3 branch from 0fe3318 to 1f4ad63 Compare April 3, 2026 15:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants