Changelog
*Sourced from [rest-client's changelog](https://github.com/rest-client/rest-client/blob/master/history.md).*
> # 1.8.0
>
> - Security: implement standards compliant cookie handling by adding a
> dependency on http-cookie. This breaks compatibility, but was necessary to
> address a session fixation / cookie disclosure vulnerability.
> ([#369](https://github-redirect.dependabot.com/rest-client/rest-client/issues/369) / CVE-2015-1820)
>
> Previously, any Set-Cookie headers found in an HTTP 30x response would be
> sent to the redirection target, regardless of domain. Responses now expose a
> cookie jar and respect standards compliant domain / path flags in Set-Cookie
> headers.
Commits
- [`92bc04d`](https://github.com/rest-client/rest-client/commit/92bc04d18499eb20481ee3e3660e382fc377a430) Version 1.8.0
- [`2038aa6`](https://github.com/rest-client/rest-client/commit/2038aa6fc5e9c0ec0ae492b31354b9b474c44c12) Add history notes for 1.8.0.
- [`d2b6247`](https://github.com/rest-client/rest-client/commit/d2b624702b89141eb55d2ca4ee909e2bf243f739) Update version spec test.
- [`07e5aff`](https://github.com/rest-client/rest-client/commit/07e5aff5ccce20465aa9ba87572a13e1425e8ac5) Version 1.8.0.rc1
- [`f468c5f`](https://github.com/rest-client/rest-client/commit/f468c5f078166605d9fd392a0a22d4b929caf709) Merge pull request [#365](https://github-redirect.dependabot.com/rest-client/rest-client/issues/365) from rest-client/ab-cookies
- [`c215b22`](https://github.com/rest-client/rest-client/commit/c215b22bdbcb988dcc40117ff45432b0db25175b) Fix up cookie redirect functionality and tests.
- [`12e9231`](https://github.com/rest-client/rest-client/commit/12e92312b97fce97d9d7fb3577beff5ac0c05fba) Add cookie jar for handling HTTP redirection.
- [`37d92c0`](https://github.com/rest-client/rest-client/commit/37d92c0a64ad656bfde11745293b5de7dccafb9b) Add dependency on http-cookie gem.
- See full diff in [compare view](https://github.com/rest-client/rest-client/compare/v1.7.3...v1.8.0)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/couchbaselabs/intrapop/network/alerts).
Bumps rest-client from 1.7.3 to 1.8.0.
Changelog
*Sourced from [rest-client's changelog](https://github.com/rest-client/rest-client/blob/master/history.md).* > # 1.8.0 > > - Security: implement standards compliant cookie handling by adding a > dependency on http-cookie. This breaks compatibility, but was necessary to > address a session fixation / cookie disclosure vulnerability. > ([#369](https://github-redirect.dependabot.com/rest-client/rest-client/issues/369) / CVE-2015-1820) > > Previously, any Set-Cookie headers found in an HTTP 30x response would be > sent to the redirection target, regardless of domain. Responses now expose a > cookie jar and respect standards compliant domain / path flags in Set-Cookie > headers.Commits
- [`92bc04d`](https://github.com/rest-client/rest-client/commit/92bc04d18499eb20481ee3e3660e382fc377a430) Version 1.8.0 - [`2038aa6`](https://github.com/rest-client/rest-client/commit/2038aa6fc5e9c0ec0ae492b31354b9b474c44c12) Add history notes for 1.8.0. - [`d2b6247`](https://github.com/rest-client/rest-client/commit/d2b624702b89141eb55d2ca4ee909e2bf243f739) Update version spec test. - [`07e5aff`](https://github.com/rest-client/rest-client/commit/07e5aff5ccce20465aa9ba87572a13e1425e8ac5) Version 1.8.0.rc1 - [`f468c5f`](https://github.com/rest-client/rest-client/commit/f468c5f078166605d9fd392a0a22d4b929caf709) Merge pull request [#365](https://github-redirect.dependabot.com/rest-client/rest-client/issues/365) from rest-client/ab-cookies - [`c215b22`](https://github.com/rest-client/rest-client/commit/c215b22bdbcb988dcc40117ff45432b0db25175b) Fix up cookie redirect functionality and tests. - [`12e9231`](https://github.com/rest-client/rest-client/commit/12e92312b97fce97d9d7fb3577beff5ac0c05fba) Add cookie jar for handling HTTP redirection. - [`37d92c0`](https://github.com/rest-client/rest-client/commit/37d92c0a64ad656bfde11745293b5de7dccafb9b) Add dependency on http-cookie gem. - See full diff in [compare view](https://github.com/rest-client/rest-client/compare/v1.7.3...v1.8.0)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/couchbaselabs/intrapop/network/alerts).