ExpeditionRPG / expedition

Expedition: The Cards & App RPG
https://ExpeditionGame.com
Other
79 stars 26 forks source link

Update dependency cordova-plugin-inappbrowser to v3.1.0 [SECURITY] #849

Closed renovate[bot] closed 3 years ago

renovate[bot] commented 3 years ago

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
cordova-plugin-inappbrowser 3.0.0 -> 3.1.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2019-0219

Versions of cordova-plugin-inappbrowser prior to 3.1.0 are vulnerable to Privilege Escalation. A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI. This affects Cordova Android applications using the package.

Recommendation

Upgrade to version 3.1.0 or later.


Release Notes

apache/cordova-plugin-inappbrowser ### [`v3.1.0`](https://togithub.com/apache/cordova-plugin-inappbrowser/blob/master/RELEASENOTES.md#​310-Jun-27-2019) [Compare Source](https://togithub.com/apache/cordova-plugin-inappbrowser/compare/3.0.0...3.1.0) - chore: fix repo and issue urls and license in package.json and plugin.xml ([`8edfb9e`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/8edfb9e)) - chore: unknown changes because of linebreak change in binary files ([`e44ad91`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/e44ad91)) - build: add `.npmignore` to remove unneeded files from npm package ([`0ec4a11`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/0ec4a11)) - build: add `.gitattributes` to force LF (instead of possible CRLF on Windows) ([`2751255`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/2751255)) - ci(travis): Update Travis CI configuration for new paramedic ([#​478](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/478)) ([`c2bb6c1`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/c2bb6c1)) - docs: remove outdated translations ([`cc5ee00`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/cc5ee00)) - fix(android): Fix beforeload for Android <= 7 ([#​427](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/427)) ([`94fec84`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/94fec84)) - ci(travis) Fix failing CI tests ([#​460](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/460)) ([`a162bd9`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/a162bd9)) - test: Fix test spec.5 to close inappbrowser after loadstop event ([#​440](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/440)) ([`5f1afbd`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/5f1afbd), [`af44235`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/af44235)) - fix(android): Prevent malformed callbackId from reaching app cordova view ([#​436](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/436)) ([`6861084`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/6861084), [`c95dbcb`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/c95dbcb)) - feat: [CB-13969](https://issues.apache.org/jira/browse/CB-13969): Allow close button and navigation buttons positions to be swapped ([#​262](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/262)) ([`d01bd25`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/d01bd25), [`f861655`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/f861655), [`9c7c2f3`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/9c7c2f3), [`3c0a42e`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/3c0a42e), [`5359f6c`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/5359f6c), [`df84dda`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/df84dda), [`2bcec40`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/2bcec40), [`fc0c560`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/fc0c560), [`5ead1e6`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/5ead1e6), [`c7931fa`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/c7931fa), [`e2adf1b`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/e2adf1b), [`4adf4c7`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/4adf4c7), [`cbe3a42`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/cbe3a42), [`74ccef1`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/74ccef1), [`ec6af56`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/ec6af56), [`b06ad8e`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/b06ad8e), [`313e0ae`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/313e0ae), [`05e37a1`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/05e37a1), [`0c6189e`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/0c6189e), [`d940b59`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/d940b59), [`f3d7f72`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/f3d7f72)) - docs: Add headline to window.open documentation ([#​406](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/406)) ([`92243cd`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/92243cd)) - fix(ios): Fix iframes in iOS/WKWebView which were broken by [#​418](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/418) ([#​425](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/425)) ([`388e3f6`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/388e3f6)) - chore(github): Add or update GitHub pull request and issue template ([`ae329bc`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/ae329bc)) - fix(ios): Handle non-default target attribute values (e.g. target=on links in WKWebView implementation on iOS ([#​418](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/418)) ([`9f4b729`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/9f4b729)) - fix(types): remove unused replace parameter ([#​410](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/410)) ([`6db2f2d`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/6db2f2d)) - documentation: Example documentation - Fix callBack function name ([#​383](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/383)) ([`a890e60`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/a890e60), [`2500b08`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/2500b08)) - fix: Fix beforeload to work with POST requests ([#​367](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/367)) ([`632a395`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/632a395)) - feat: (iOS & Android) Add postMessage API support ([#​362](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/362)) ([`c54d100`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/c54d100)) - fix(ios): Fixes loadAfterBeforeload on iOS. ([#​350](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/350)) ([`0fd43ae`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/0fd43ae)) - fix(ios): Fix crashes when using WKWebView implementation on iOS 9. ([#​337](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/337)) ([`3b82c16`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/3b82c16)) - fix(ios): Fix iOS CDVWKInAppBrowser evaluateJavascript method randomly gets blocked on ios 12 ([#​341](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/341)) ([`978b147`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/978b147)) - docs: remove unwanted information in README table ([#​308](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/308)) ([`3eadde6`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/3eadde6)) - fix(ios): This lets the default window layering do it's thing. ([#​336](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/336)) ([`c24bb46`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/c24bb46), [`27fe8ec`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/27fe8ec)) - feat(ios): [CB-7179](https://issues.apache.org/jira/browse/CB-7179) (iOS): Add optional WKWebView support for iOS ([#​271](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/271)) ([`10a0669`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/10a0669), [`3927b8f`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/3927b8f), [`8248215`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/8248215), [`61014dd`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/61014dd), [`c41f5b5`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/c41f5b5), [`19c6dfe`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/19c6dfe), [`7f5fa2a`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/7f5fa2a), [`5d2df21`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/5d2df21), [`86cc778`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/86cc778), [`cbfa195`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/cbfa195), [`52e3534`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/52e3534), [`8165232`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/8165232), [`e2210bd`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/e2210bd), [`dc7fa34`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/dc7fa34), [`b48e02f`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/b48e02f), [`27e6c67`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/27e6c67)) - docs: remove JIRA link ([`d9cafcd`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/d9cafcd)) - chore(types): [CB-12941](https://issues.apache.org/jira/browse/CB-12941): update typings ([#​267](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/267)) ([`a0c267f`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/a0c267f)) - feat: [CB-14188](https://issues.apache.org/jira/browse/CB-14188): add beforeload event, catching navigation before it happens ([#​276](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/276)) ([`228703a`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/228703a), [`eafaeda`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/eafaeda)) - ci(travis): reenable testing on all platforms ([`0ed0bf5`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/0ed0bf5)) - ci(travis): also accept terms for android sdk `android-27` ([`f8ad528`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/f8ad528)) - fix(android): [CB-10795](https://issues.apache.org/jira/browse/CB-10795): Exclude current app from external intent list ([#​154](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/154)) ([`a078337`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/a078337)) - fix(ios): [CB-14234](https://issues.apache.org/jira/browse/CB-14234): Don't call handleOpenURL for system URLs ([#​278](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/278)) ([`cf58b04`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/cf58b04)) - fix(ios): [CB-12875](https://issues.apache.org/jira/browse/CB-12875): (iOS) Pushes the inappbrowser window to a higher ui level than the existing apps window. ([#​284](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/284)) ([`dc5329d`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/dc5329d)) - ci: Quick CI fixes ([#​277](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/277)) ([`de86501`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/de86501), [`07d9a99`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/07d9a99), [`81f1437`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/81f1437), [`a464ea6`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/a464ea6), [`e75fe14`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/e75fe14), [`eb245ec`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/eb245ec)) - fix(ios): [CB-12922](https://issues.apache.org/jira/browse/CB-12922) (ios): fix In-app browser does not cede control ([#​272](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/272)) ([`dac06aa`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/dac06aa), [`9cc7f69`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/9cc7f69)) - fix(android): [CB-14061](https://issues.apache.org/jira/browse/CB-14061): (android) comply with RFC 3986 for custom URL scheme handling ([#​269](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/269)) ([`f57ede9`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/f57ede9), [`26cf6e4`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/26cf6e4)) - fix(android): [CB-14048](https://issues.apache.org/jira/browse/CB-14048): (android) allowedSchemes check empty string fix ([#​268](https://togithub.com/apache/cordova-plugin-inappbrowser/issues/268)) ([`57eda78`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/57eda78), [`33aff11`](https://togithub.com/apache/cordova-plugin-inappbrowser/commit/33aff11))

Renovate configuration

:date: Schedule: "" (UTC).

:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.

:recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

:no_bell: Ignore: Close this PR and you won't be reminded about this update again.



This PR has been generated by WhiteSource Renovate. View repository job log here.