Changelog
*Sourced from [secure_headers's changelog](https://github.com/twitter/secure_headers/blob/v5.2.0/CHANGELOG.md).*
> ## 5.2.0
>
> Fixes newline injection issue
>
> ## 5.1.0
>
> Fixes semicolon injection issue reported by [@mvgijssel](https://github.com/mvgijssel) see [twitter/secure_headers#418](https://github-redirect.dependabot.com/twitter/secure_headers/issues/418)
>
> ## 5.0.5
>
> A release to deprecate `SecureHeaders::Configuration#get` in prep for 6.x
>
> ## 5.0.4
>
> - Adds support for `nonced_stylesheet_pack_tag` [#373](https://github-redirect.dependabot.com/twitter/secureheaders/issues/373) ([@paulfri](https://github.com/paulfri))
>
> ## 5.0.3
>
> - Add nonced versions of Rails link/include tags [#372](https://github-redirect.dependabot.com/twitter/secureheaders/issues/372) ([@steveh](https://github.com/steveh))
>
> ## 5.0.2
>
> - Updates `Referrer-Policy` header to support multiple policy values
Commits
- [`14d72d7`](https://github.com/twitter/secure_headers/commit/14d72d78aa2a9593f601543d19057b38f78825f3) bump to 5.2.0
- [`74b2e60`](https://github.com/twitter/secure_headers/commit/74b2e60cd41d0c8975cde5ca7fea339e85a0f7d3) Merge pull request from GHSA-w978-rmpf-qmwg
- [`40e45a1`](https://github.com/twitter/secure_headers/commit/40e45a1a69362f8839d34e0fe16a5750330f4c5f) bump to 5.1
- [`936a160`](https://github.com/twitter/secure_headers/commit/936a160e3e9659737a9f9eafce13eea36b5c9fa3) Merge pull request [#421](https://github-redirect.dependabot.com/twitter/secureheaders/issues/421) from twitter/escape-semi-colons-5.x
- [`f950507`](https://github.com/twitter/secure_headers/commit/f9505072b7b9f4b072b88823b39424191a5be92c) Merge branch 'escape-semi-colons-5.x' of github.com:twitter/secure_headers in...
- [`ca01ecf`](https://github.com/twitter/secure_headers/commit/ca01ecfbf62406e3a66d57c7a441e80676d0a929) pin to legacy robocop
- [`c140809`](https://github.com/twitter/secure_headers/commit/c140809dd2f7b7194d38b4204fb828c91f3c4f10) Update .travis.yml
- [`e4075d5`](https://github.com/twitter/secure_headers/commit/e4075d5a4233b2c0e85489007bccbdf06d348980) escape semicolons by replacing them with spaces
- [`fcafc9b`](https://github.com/twitter/secure_headers/commit/fcafc9b48c8d096ddd60083f9b863a5f8c1486ce) Merge branch '5.x' into escape-semi-colons-5.x
- [`590522c`](https://github.com/twitter/secure_headers/commit/590522c96e157b3a6752a85843e09ce39b3d1bfe) remove ancient versions
- Additional commits viewable in [compare view](https://github.com/twitter/secureheaders/compare/v5.0.1...v5.2.0)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/noisebridge/donate.noisebridge.net/network/alerts).
Bumps secure_headers from 5.0.1 to 5.2.0.
Changelog
*Sourced from [secure_headers's changelog](https://github.com/twitter/secure_headers/blob/v5.2.0/CHANGELOG.md).* > ## 5.2.0 > > Fixes newline injection issue > > ## 5.1.0 > > Fixes semicolon injection issue reported by [@mvgijssel](https://github.com/mvgijssel) see [twitter/secure_headers#418](https://github-redirect.dependabot.com/twitter/secure_headers/issues/418) > > ## 5.0.5 > > A release to deprecate `SecureHeaders::Configuration#get` in prep for 6.x > > ## 5.0.4 > > - Adds support for `nonced_stylesheet_pack_tag` [#373](https://github-redirect.dependabot.com/twitter/secureheaders/issues/373) ([@paulfri](https://github.com/paulfri)) > > ## 5.0.3 > > - Add nonced versions of Rails link/include tags [#372](https://github-redirect.dependabot.com/twitter/secureheaders/issues/372) ([@steveh](https://github.com/steveh)) > > ## 5.0.2 > > - Updates `Referrer-Policy` header to support multiple policy valuesCommits
- [`14d72d7`](https://github.com/twitter/secure_headers/commit/14d72d78aa2a9593f601543d19057b38f78825f3) bump to 5.2.0 - [`74b2e60`](https://github.com/twitter/secure_headers/commit/74b2e60cd41d0c8975cde5ca7fea339e85a0f7d3) Merge pull request from GHSA-w978-rmpf-qmwg - [`40e45a1`](https://github.com/twitter/secure_headers/commit/40e45a1a69362f8839d34e0fe16a5750330f4c5f) bump to 5.1 - [`936a160`](https://github.com/twitter/secure_headers/commit/936a160e3e9659737a9f9eafce13eea36b5c9fa3) Merge pull request [#421](https://github-redirect.dependabot.com/twitter/secureheaders/issues/421) from twitter/escape-semi-colons-5.x - [`f950507`](https://github.com/twitter/secure_headers/commit/f9505072b7b9f4b072b88823b39424191a5be92c) Merge branch 'escape-semi-colons-5.x' of github.com:twitter/secure_headers in... - [`ca01ecf`](https://github.com/twitter/secure_headers/commit/ca01ecfbf62406e3a66d57c7a441e80676d0a929) pin to legacy robocop - [`c140809`](https://github.com/twitter/secure_headers/commit/c140809dd2f7b7194d38b4204fb828c91f3c4f10) Update .travis.yml - [`e4075d5`](https://github.com/twitter/secure_headers/commit/e4075d5a4233b2c0e85489007bccbdf06d348980) escape semicolons by replacing them with spaces - [`fcafc9b`](https://github.com/twitter/secure_headers/commit/fcafc9b48c8d096ddd60083f9b863a5f8c1486ce) Merge branch '5.x' into escape-semi-colons-5.x - [`590522c`](https://github.com/twitter/secure_headers/commit/590522c96e157b3a6752a85843e09ce39b3d1bfe) remove ancient versions - Additional commits viewable in [compare view](https://github.com/twitter/secureheaders/compare/v5.0.1...v5.2.0)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/noisebridge/donate.noisebridge.net/network/alerts).