search

alphagov / datagovuk-tech-docs

This repo contains the tech docs for data.gov.uk
https://guidance.data.gov.uk/
17 stars 9 forks source link

Bump govuk_tech_docs from 3.3.0 to 3.4.0 #119

Closed dependabot[bot] closed 7 months ago

dependabot[bot] commented 1 year ago

Bumps govuk_tech_docs from 3.3.0 to 3.4.0.

Release notes

Sourced from govuk_tech_docs's releases.

Release v3.3.1

Fix

This change solves a potential security issue with HTML snippets. Pages indexed in search results have their entire contents indexed, including any HTML code snippets. These HTML snippets would appear in the search results unsanitised, making it possible to render arbitrary HTML or run arbitrary scripts.

You can see more detail about this issue at #323: Fix XSS vulnerability on search results page

Changelog

Sourced from govuk_tech_docs's changelog.

3.4.0

New features

  • Footer and header links now work with relative links. Thanks to @​eddgrant for contributing this feature.

    See [pull request #325: Support sites deployed on a path other than "/" when generating header and footer links](alphagov/tech-docs-gem#325) for more details.

Fixes

3.3.1

This change solves a potential security issue with HTML snippets. Pages indexed in search results have their entire contents indexed, including any HTML code snippets. These HTML snippets would appear in the search results unsanitised, making it possible to render arbitrary HTML or run arbitrary scripts.

You can see more detail about this issue at #323: Fix XSS vulnerability on search results page

Commits
  • 207bcb8 Merge pull request #332 from alphagov/ldeb-release-3.4.0
  • 7e56154 Release v3.4.0
  • 17340a4 Update changelog
  • da78007 Merge pull request #325 from hmrc/fix-header-and-footer-links-when-generating...
  • 4ae3ea6 Merge pull request #330 from alphagov/ldeb-fix-publish-workflow
  • 7e16828 TRG-668: Support sites deployed on a path other than "/" when generating head...
  • 3bc4b87 Add ruby-version to publish workflow
  • ac1d5b6 Replace set-ouput with environment files
  • 467f590 Bump checkout action from v2 to v3
  • 000b495 Merge pull request #328 from alphagov/ldeb-support-ruby-3.x
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 7 months ago

Superseded by #130.