🚨 [security] Update github-pages: 207 → 213 (major)

depfu[bot] commented 3 years ago

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ github-pages (207 → 213) · Repo

Release Notes

208

Does any of this look wrong? Please let us know.

Sorry, we couldn't find anything useful about this release.

↗️ activesupport (indirect, 6.0.3.2 → 6.0.3.6) · Repo · Changelog

Release Notes

6.0.3.6 (from changelog)

6.0.3.5 (from changelog)

6.0.3.4 (from changelog)

6.0.3.3 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ concurrent-ruby (indirect, 1.1.7 → 1.1.8) · Repo · Changelog

Release Notes

1.1.8 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ dnsruby (indirect, 1.61.4 → 1.61.5) · Repo

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ em-websocket (indirect, 0.5.1 → 0.5.2) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ faraday (indirect, 1.0.1 → 1.3.0) · Repo · Changelog

Release Notes

1.1.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ ffi (indirect, 1.13.1 → 1.15.0) · Repo · Changelog

Release Notes

1.15.0 (from changelog)

1.14.2 (from changelog)

1.14.1 (from changelog)

1.14.0 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ github-pages-health-check (indirect, 1.16.1 → 1.17.0) · Repo

Release Notes

1.17.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-feed (indirect, 0.13.0 → 0.15.1) · Repo · Changelog

Release Notes

0.14.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-mentions (indirect, 1.5.1 → 1.6.0) · Repo · Changelog

Release Notes

1.6.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-redirect-from (indirect, 0.15.0 → 0.16.0) · Repo · Changelog

Release Notes

0.16.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-remote-theme (indirect, 0.4.1 → 0.4.3) · Repo

Release Notes

0.4.2

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-seo-tag (indirect, 2.6.1 → 2.7.1) · Repo · Changelog

Release Notes

2.7.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-theme-hacker (indirect, 0.1.1 → 0.1.2) · Repo

Release Notes

0.1.2

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jemoji (indirect, 0.11.1 → 0.12.0) · Repo · Changelog

Release Notes

0.12.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ listen (indirect, 3.2.1 → 3.5.0) · Repo · Changelog

Release Notes

3.3.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ mini_portile2 (indirect, 2.4.0 → 2.5.0) · Repo · Changelog

Release Notes

2.5.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ minitest (indirect, 5.14.2 → 5.14.4) · Repo · Changelog

Release Notes

5.14.4 (from changelog)

5.14.3 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ nokogiri (indirect, 1.10.10 → 1.11.2) · Repo · Changelog

Security Advisories 🚨

🚨 Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability

Release Notes

1.11.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ octokit (indirect, 4.18.0 → 4.20.0) · Repo

Release Notes

4.19.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ public_suffix (indirect, 3.1.1 → 4.0.6) · Repo · Changelog

Release Notes

4.0.6 (from changelog)

4.0.5 (from changelog)

4.0.4 (from changelog)

4.0.3 (from changelog)

4.0.2 (from changelog)

4.0.1 (from changelog)

4.0.0 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rouge (indirect, 3.19.0 → 3.26.0) · Repo · Changelog

Release Notes

3.20.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ ruby-enum (indirect, 0.8.0 → 0.9.0) · Repo · Changelog

Release Notes

0.9.0 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ simpleidn (indirect, 0.1.1 → 0.2.1) · Repo

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ tzinfo (indirect, 1.2.7 → 1.2.9) · Repo · Changelog

Release Notes

1.2.8

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ zeitwerk (indirect, 2.4.0 → 2.4.2) · Repo · Changelog

Release Notes

2.4.2 (from changelog)

2.4.1 (from changelog)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

🆕 faraday-net_http (added, 1.0.1)

🆕 racc (added, 1.5.2)

🆕 ruby2_keywords (added, 0.0.4)

Depfu Status

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

changelogg[bot] commented 3 years ago

Hey! Changelogs info seems to be missing or might be in incorrect format. Please use the below template in PR description to ensure Changelogg can detect your changes:

    - (tag) changelog_text

or
```
- tag: changelog_text
```
**OR**
You can add tag in PR header or while doing a commit too
```    
(tag) PR header
```
or
```
tag: PR header
```
Valid tags: **added** / **feat**, **changed**, **deprecated**, **fixed** / **fix**, **removed**, **security**, **build**, **ci**, **chore**, **docs**, **perf**, **refactor**, **revert**, **style**, **test**
Thanks!
For more info, check out [changelogg docs](https://docs.changelogg.io/)

performance-testing-bot[bot] commented 3 years ago

Unable to locate .performanceTestingBot config file

secure-code-warrior-for-github[bot] commented 3 years ago

Micro-Learning Topic: XXE (Detected by phrase)

What is this? (2min video)

An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server-side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.

Try this challenge in Secure Code Warrior

Micro-Learning Topic: SSRF (Detected by phrase)

What is this? (2min video)

Server-Side Request Forgery (SSRF) vulnerabilities are caused when an attacker can supply or modify a URL that reads or sends data to the server. The attacker can create a malicious request with a manipulated URL, when this request reaches the server, the server-side code executes the exploit URL causing the attacker to be able to read data from services that shouldn't be exposed.

Try this challenge in Secure Code Warrior

squash-labs[bot] commented 3 years ago

Manage this branch in Squash

Test this branch here: https://depfuupdategithub-pages-213-ut8uz.squash.io

vizipi[bot] commented 3 years ago

Pull request analysis by VIZIPI

Below you will find who is the most qualified team member to review your code. This analysis includes his/her work on the code included in this Pull request, in addition to their experience in code affected by these changes ( partly found within the list of potential missing files below ) Feedback always welcome

Reviewers with knowledge related to these changes

Match %	Person	Commit Count	Common Files
100.00 %	reedhhw	2	1

Potential missing files from this Pull request

No commonly committed files found with a 40% threashold

Committed file ranks

(click to expand)

99.13%[Gemfile.lock]

depfu[bot] commented 8 months ago

Closing because this update has already been applied

reedhhw / github-slideshow