Closed depfu[bot] closed 3 years ago
Hey! Changelogs info seems to be missing or might be in incorrect format. Please use the below template in PR description to ensure Changelogg can detect your changes:
- (tag) changelog_text
or
```
- tag: changelog_text
```
**OR**
You can add tag in PR header or while doing a commit too
```
(tag) PR header
```
or
```
tag: PR header
```
Valid tags: **added** / **feat**, **changed**, **deprecated**, **fixed** / **fix**, **removed**, **security**, **build**, **ci**, **chore**, **docs**, **perf**, **refactor**, **revert**, **style**, **test**
Thanks!
For more info, check out [changelogg docs](https://docs.changelogg.io/)
Unable to locate .performanceTestingBot config file
Similar files are
This is probably one of the two most exploited vulnerabilities in web applications and has led to a number of high profile company breaches. It occurs when an application fails to sanitize or validate input before using it to dynamically construct a statement. An attacker that exploits this vulnerability will be able to gain access to the underlying database and view or modify data without permission.
An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server-side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.
A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer.
Also referred to as Heap buffer overflows. Memory buffers, arrays and strings allocated from the heap are prime candidates for this type of overflow vulnerability.
Dereferencing a pointer value of 0 (Null) usually leads to program termination. Exploiters of this vulnerability can cause a Denial of Service (DoS).
Dereferencing pointers to objects that have already been freed opens the door to execution of arbitrary code. Attackers may be able to insert instructions at the freed memory location in order to trigger the exploit when the pointer is used after the memory has been freed.
This vulnerability refers to the insecure transport of sensitive data between two parties. This typically takes the form of HTTP transport for web applications, or other plain-text protocols when working with other types of applications.
Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare, and PII. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data may be compromised without extra protection, such as encryption at rest or in transit, and requires special precautions when exchanged with the browser. Source: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. Source: https://www.owasp.org/index.php/Denial_of_Service
Server-Side Request Forgery (SSRF) vulnerabilities are caused when an attacker can supply or modify a URL that reads or sends data to the server. The attacker can create a malicious request with a manipulated URL, when this request reaches the server, the server-side code executes the exploit URL causing the attacker to be able to read data from services that shouldn't be exposed.
The OWASP Top 10 is the reference standard for the most critical web application security risks. Adopting the OWASP Top 10 is perhaps the most effective first step towards changing your software development culture focused on producing secure code.
Denial of Service on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
Pull request analysis by VIZIPI
Below you will find who is the most qualified team member to review your code. This analysis includes his/her work on the code included in this Pull request, in addition to their experience in code affected by these changes ( partly found within the list of potential missing files below ) Feedback always welcome
Match % | Person | Commit Count | Common Files |
---|---|---|---|
100.00 % | reedhhw | 2 | 1 |
No commonly committed files found with a 40% threashold
99.13%
[Gemfile.lock] Closed in favor of #1433.
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
↗️ nokogiri (indirect, 1.10.10 → 1.11.5) · Repo · Changelog
Security Advisories 🚨
🚨 Update packaged dependency libxml2 from 2.9.10 to 2.9.12
🚨 Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Release Notes
1.11.4
1.11.3
1.11.2
1.11.1
1.11.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ mini_portile2 (indirect, 2.4.0 → 2.5.1) · Repo · Changelog
Release Notes
2.5.1
2.5.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 43 commits:
version bump to v2.5.1
fix: #execute should always emit "OK" on success
Merge pull request #100 from flavorjones/flavorjones-execute-takes-env-option
feat: #execute now accepts an optional :env hash
remove remaining traces of concourse
doc: update README with Actions status badge
Merge pull request #98 from flavorjones/flavorjones-migrate-to-github-actions
ci: remove appveyor and concourse configs
ci: set makeflags to parallelize builds
ci: skip sqlite and ares examples on windows
ci: update sqlite version in examples test
ci: separate out test:examples from test:unit
ci: config git so that newlines don't break gpg sigs
ci: add windows coverage to GA CI
test: omit options with spaces from the cmake test
dep: add webrick as a dev dep for Ruby 3.0
ci: linux CI on GA
update default branch from master to main
Merge pull request #95 from amatsuda/https
GitHub is HTTPS by default
Merge pull request #94 from larskanis/appveyor
update CHANGELOG
ci: rename pipelines to avoid concourse warnings
ci: rename pipelines to avoid concourse warnings
Fix cmake usage and related tests on Windows
Update Appveyor-CI to newer rubies
Adjust version dependencies
ci: upgrade to teliaoss/github-pr-resource
ci: remove .travis.yml
README: update badges: travis→concourse, tidelift
README: add Support section with CTA for Tidelift
Create FUNDING.yml
publishing a security reporting process
version bump to v2.5.0
update CHANGELOG
ci: ensure bundler is up-to-date
ci: ensure bundler is up-to-date
ci: update concourse, split pipelines into master and pr
rakefile: rufo formatting
gemspec: update dev dep for bundler
gemspec: rufo formatting
Merge pull request #90 from hanazuki/multiple-pubkeys
Remove all the imported pubkeys from keyring
🆕 racc (added, 1.5.2)
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase
.All Depfu comment commands