⚠️ [fixing yanked version] 🚨 [security] [Gmright/Milestones/Gmright-market/Commerce/Net_holder/Blue-sky] Update octokit: 4.17.0 → 4.18.0 (minor)

[depfu[bot]]

---

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

---

---

⚠️ You are using a yanked version of octokit ⚠️

We're getting an error that the version of octokit you're currently using is no longer installable, it most likely has been yanked. That means your deployment, CI build and local development setup are broken until you update octokit to a different version.

We recommend to merge this update as soon as possible!

---

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

↗️ octokit (indirect, 4.17.0 → 4.18.0) · Repo

Release Notes

4.18.0

Documentation

• #1200 Fix an API link in the Search client @NickLaMuro

Preview Header Support

• #1183 Enable issue events API to return project events @gammons
• #1203 Update deprecated application API to new preview @oreoshake

Bug Fixes

• #1201 Fix random test failures @MSP-Greg
• #1218 Fix incorrect URLs for the Authorizations client @tarebyte

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 9 commits:

• Release 4.18.0
• Merge pull request #1218 from octokit/tarebyte/applications-api-oops
• Fix Enterprise mode tests
• Remove deprecated methods from the authorizations client
• Introduct new OauthApplications client
• FAIL: Add skeleton OauthApplications client and tests
• require pry-byebug in tests
• Add rubocop starter file for my sanity
• Update local dependencies

↗️ addressable (indirect, 2.7.0 → 2.8.0) · Repo · Changelog

Security Advisories 🚨

🚨 Regular Expression Denial of Service in Addressable templates

Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption,
leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input,
but nonetheless, no previous security advisory for Addressable has cautioned against doing this.
Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected.

Release Notes

2.8.0 (from changelog)

• fixes ReDoS vulnerability in Addressable::Template#match
• no longer replaces + with spaces in queries for non-http(s) schemes
• fixed encoding ipv6 literals
• the :compacted flag for normalized_query now dedupes parameters
• fix broken escape_component alias
• dropping support for Ruby 2.0 and 2.1
• adding Ruby 3.0 compatibility for development tasks
• drop support for rack-mount and remove Addressable::Template#generate
• performance improvements
• switch CI/CD to GitHub Actions

Does any of this look wrong? Please let us know.

↗️ faraday (indirect, 1.0.0 → 1.10.0) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ multipart-post (indirect, 2.1.1 → 2.2.3) · Repo · Changelog

Release Notes

2.2.3

What's Changed

• Restore compatibility back to Ruby 2.3 by @ioquatix in #95

Full Changelog: v2.2.2...v2.2.3

2.2.2

What's Changed

• Drop Ruby 2.5 or earlier by @tnir in #93

New Contributors

• @tnir made their first contribution in #93

Full Changelog: v2.2.0...v2.2.2

2.2.0

What's Changed

• Add the ability to set Content-ID header for ParamPart by @ethnt in #62
• Add note on semantic versioning to README by @jspanjers in #64
• Refactor parts into multipart post namespace by @patrickdavey in #65
• Add Patrick Davey to the copyright by @patrickdavey in #66
• CI: add 2.7 by @olleolleolle in #67
• Explain setting parts_headers in README by @Timothyjb in #68
• CI GitHub actions by @Lewiscowles1986 in #72
• parts.rb: Use a mutable string by @olleolleolle in #70
• README: Use build status badge for GitHub Actions by @olleolleolle in #74
• cleanup: Drop unused Travis CI configuration file by @olleolleolle in #73
• Frozen string for entire library by @Lewiscowles1986 in #75
• Use frozen_string_literal: true. by @ioquatix in #78
• CI: Add Ruby 3.1 to testing matrix by @olleolleolle in #80
• Add a CHANGELOG.md by @olleolleolle in #84
• README: Add syntax highlighting to examples by @olleolleolle in #83
• Allow mixed key types for parts headers by @jasonyork in #79
• Modernize gem. by @ioquatix in #85
• CHANGELOG: add #79 by @olleolleolle in #88
• Rework file structure & license header. by @ioquatix in #89
• Add faraday-multipart as external test. by @ioquatix in #90
• Add more external tests. by @ioquatix in #91

New Contributors

• @ethnt made their first contribution in #62
• @jspanjers made their first contribution in #64
• @patrickdavey made their first contribution in #65
• @Timothyjb made their first contribution in #68
• @Lewiscowles1986 made their first contribution in #72
• @ioquatix made their first contribution in #78
• @jasonyork made their first contribution in #79

Full Changelog: v2.1.1...v2.2.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 44 commits:

• Bump patch version.
• Add support for Ruby back to 2.3. (#95)
• Bump patch version.
• Bump patch version.
• Drop Ruby 2.5 or earlier (#93)
• Bump minor version.
• Modernize gem.
• Update gitignore for external directory.
• Add more external tests. (#91)
• Add faraday-multipart as external test. (#90)
• Rework file structure & license header.
• CHANGELOG: add #79
• Modernize gem.
• Update test description
• Allow mixed key types for parts headers
• README: Add syntax highlighting to examples
• Add a CHANGELOG.md
• CI: Add Ruby 3.1
• Prefer `require_relative` in gemspec.
• Use `frozen_string_literal: true`.
• Fix tests by using String.new
• Less runtime versions & Frozen string literal ENV
• cleanup: Drop unused Travis CI configuration file
• README: Use build status badge for GitHub Actions
• Delete History.txt
• parts.rb: use String.new for mutable strings
• parts.rb: Use a mutable string
• Remove OSx and Windows
• Add more OS's
• Fix version of setup-ruby
• Retry versions
• Remove versions lower than 2.4
• Port Travis yaml
• Explain setting parts_headers in README
• Tidy up license.
• CI: add 2.7
• add Patrick Davey to the copyright
• Move multipartable out into Multipart namespace
• Move CompositeReadIO into namespace
• Refactor namespaces used.
• Add rspec_status to gitignore
• Add note on semantic versioning to README
• Fix comments for ParamPart#build_part
• Add the ability to set Content-ID header for ParamPart

🆕 faraday-em_http (added, 1.0.0)

🆕 faraday-em_synchrony (added, 1.0.0)

🆕 faraday-excon (added, 1.1.0)

🆕 faraday-httpclient (added, 1.0.1)

🆕 faraday-multipart (added, 1.0.4)

🆕 faraday-net_http (added, 1.0.1)

🆕 faraday-net_http_persistent (added, 1.2.0)

🆕 faraday-patron (added, 1.0.0)

🆕 faraday-rack (added, 1.0.0)

🆕 faraday-retry (added, 1.0.3)

🆕 ruby2_keywords (added, 0.0.5)

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)

[commit-lint[bot]]

Contributors

depfu[bot]

Commit-Lint commands

You can trigger Commit-Lint actions by commenting on this PR: - `@Commit-Lint merge patch` will merge dependabot PR on "patch" versions (X.X.Y - Y change) - `@Commit-Lint merge minor` will merge dependabot PR on "minor" versions (X.Y.Y - Y change) - `@Commit-Lint merge major` will merge dependabot PR on "major" versions (Y.Y.Y - Y change) - `@Commit-Lint merge disable` will desactivate merge dependabot PR - `@Commit-Lint review` will approve dependabot PR - `@Commit-Lint stop review` will stop approve dependabot PR