Closed depfu[bot] closed 8 months ago
This PR has 202
quantified lines of changes. In general, a change size of upto 200
lines is ideal for the best PR experience!
Was this comment helpful? :thumbsup: :ok_hand: :thumbsdown: (Email) Customize PullRequestQuantifier for this repository.
Unable to locate .performanceTestingBot config file
Hey! Changelogs info seems to be missing or might be in incorrect format. Please use the below template in PR description to ensure Changelogg can detect your changes:
- (tag) changelog_text
or
```
- tag: changelog_text
```
**OR**
You can add tag in PR header or while doing a commit too
```
(tag) PR header
```
or
```
tag: PR header
```
Valid tags: **added** / **feat**, **changed**, **deprecated**, **fixed** / **fix**, **removed**, **security**, **build**, **ci**, **chore**, **docs**, **perf**, **refactor**, **revert**, **style**, **test**
Thanks!
For more info, check out [changelogg docs](https://docs.changelogg.io/)
An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server-side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.
A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer.
Also referred to as Heap buffer overflows. Memory buffers, arrays and strings allocated from the heap are prime candidates for this type of overflow vulnerability.
Dereferencing a pointer value of 0 (Null) usually leads to program termination. Exploiters of this vulnerability can cause a Denial of Service (DoS).
Dereferencing pointers to objects that have already been freed opens the door to execution of arbitrary code. Attackers may be able to insert instructions at the freed memory location in order to trigger the exploit when the pointer is used after the memory has been freed.
This vulnerability refers to the insecure transport of sensitive data between two parties. This typically takes the form of HTTP transport for web applications, or other plain-text protocols when working with other types of applications.
Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare, and PII. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data may be compromised without extra protection, such as encryption at rest or in transit, and requires special precautions when exchanged with the browser. Source: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
Denial of Service (DoS) attacks caused by Regular Expression which causes the system to hang or cause them to work very slowly when attacker sends a well-crafted input(exponentially related to input size).Denial of service attacks significantly degrade the service quality experienced by legitimate users. These attacks introduce large response delays, excessive losses, and service interruptions, resulting in direct impact on availability.
The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. Source: https://www.owasp.org/index.php/Denial_of_Service
Server-Side Request Forgery (SSRF) vulnerabilities are caused when an attacker can supply or modify a URL that reads or sends data to the server. The attacker can create a malicious request with a manipulated URL, when this request reaches the server, the server-side code executes the exploit URL causing the attacker to be able to read data from services that shouldn't be exposed.
The OWASP Top 10 is the reference standard for the most critical web application security risks. Adopting the OWASP Top 10 is perhaps the most effective first step towards changing your software development culture focused on producing secure code.
Denial of Service on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
Pull request analysis by VIZIPI
Below you will find who is the most qualified team member to review your code. This analysis includes his/her work on the code included in this Pull request, in addition to their experience in code affected by these changes ( partly found within the list of potential missing files below ) Feedback always welcome
Match % | Person | Commit Count | Common Files |
---|---|---|---|
100.00 % | reedhhw | 2 | 1 |
No commonly committed files found with a 40% threashold
99.13%
[Gemfile.lock] Closing because this update has already been applied
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ github-pages (207 → 223) · Repo
Release Notes
Too many releases to show here. View the full release notes.
Sorry, we couldn't find anything useful about this release.
↗️ activesupport (indirect, 6.0.3.2 → 6.0.4.4) · Repo · Changelog
Release Notes
6.0.4.4 (from changelog)
6.0.4.3 (from changelog)
6.0.4.2 (from changelog)
6.0.4.1 (from changelog)
6.0.4 (from changelog)
6.0.3.7 (from changelog)
6.0.3.6 (from changelog)
6.0.3.5 (from changelog)
6.0.3.4 (from changelog)
6.0.3.3 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ addressable (indirect, 2.7.0 → 2.8.0) · Repo · Changelog
Security Advisories 🚨
🚨 Regular Expression Denial of Service in Addressable templates
Release Notes
2.8.0 (from changelog)
Does any of this look wrong? Please let us know.
↗️ concurrent-ruby (indirect, 1.1.7 → 1.1.9) · Repo · Changelog
Release Notes
1.1.9 (from changelog)
1.1.8 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ dnsruby (indirect, 1.61.4 → 1.61.7) · Repo
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ em-websocket (indirect, 0.5.1 → 0.5.3) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ ethon (indirect, 0.12.0 → 0.15.0) · Repo · Changelog
Release Notes
0.15.0 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ execjs (indirect, 2.7.0 → 2.8.1) · Repo
Release Notes
2.8.1
2.8.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ faraday (indirect, 1.0.1 → 1.8.0) · Repo · Changelog
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ ffi (indirect, 1.13.1 → 1.15.4) · Repo · Changelog
Release Notes
1.15.4 (from changelog)
1.15.3 (from changelog)
1.15.2 (from changelog)
1.15.1 (from changelog)
1.15.0 (from changelog)
1.14.2 (from changelog)
1.14.1 (from changelog)
1.14.0 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ github-pages-health-check (indirect, 1.16.1 → 1.17.9) · Repo
Release Notes
1.17.9
1.17.8
1.17.6
1.17.2
1.17.1
1.17.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ http_parser.rb (indirect, 0.6.0 → 0.8.0) · Repo
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-feed (indirect, 0.13.0 → 0.15.1) · Repo · Changelog
Release Notes
0.15.1
0.15.0
0.14.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-mentions (indirect, 1.5.1 → 1.6.0) · Repo · Changelog
Release Notes
1.6.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-redirect-from (indirect, 0.15.0 → 0.16.0) · Repo · Changelog
Release Notes
0.16.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-remote-theme (indirect, 0.4.1 → 0.4.3) · Repo
Release Notes
0.4.3
0.4.2
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-seo-tag (indirect, 2.6.1 → 2.7.1) · Repo · Changelog
Release Notes
2.7.1
2.7.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-theme-architect (indirect, 0.1.1 → 0.2.0) · Repo
Release Notes
0.2.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-theme-cayman (indirect, 0.1.1 → 0.2.0) · Repo
Release Notes
0.2.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-theme-dinky (indirect, 0.1.1 → 0.2.0) · Repo
Release Notes
0.2.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-theme-hacker (indirect, 0.1.1 → 0.2.0) · Repo
Release Notes
0.2.0
0.1.2
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-theme-leap-day (indirect, 0.1.1 → 0.2.0) · Repo
Release Notes
0.2.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-theme-merlot (indirect, 0.1.1 → 0.2.0) · Repo
Release Notes
0.2.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-theme-midnight (indirect, 0.1.1 → 0.2.0) · Repo
Release Notes
0.2.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-theme-minimal (indirect, 0.1.1 → 0.2.0) · Repo
Release Notes
0.2.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-theme-modernist (indirect, 0.1.1 → 0.2.0) · Repo
Release Notes
0.2.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-theme-primer (indirect, 0.5.4 → 0.6.0) · Repo
Release Notes
0.6.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-theme-slate (indirect, 0.1.1 → 0.2.0) · Repo
Release Notes
0.2.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-theme-tactile (indirect, 0.1.1 → 0.2.0) · Repo
Release Notes
0.2.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-theme-time-machine (indirect, 0.1.1 → 0.2.0) · Repo
Release Notes
0.2.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jemoji (indirect, 0.11.1 → 0.12.0) · Repo · Changelog
Release Notes
0.12.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ kramdown (indirect, 2.3.0 → 2.3.1) · Repo · Changelog
Security Advisories 🚨
🚨 Remote code execution in Kramdown
↗️ listen (indirect, 3.2.1 → 3.7.0) · Repo · Changelog
Release Notes
3.7.0
3.6.0
3.5.1
3.4.0
3.3.4
3.3.3
3.3.2
3.3.1
3.3.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ mini_portile2 (indirect, 2.4.0 → 2.6.1) · Repo · Changelog
Release Notes
2.6.1
2.6.0
2.5.3
2.5.2
2.5.1
2.5.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ minitest (indirect, 5.14.2 → 5.15.0) · Repo · Changelog
Release Notes
5.15.0 (from changelog)
5.14.4 (from changelog)
5.14.3 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ nokogiri (indirect, 1.10.10 → 1.12.5) · Repo · Changelog
Security Advisories 🚨
🚨 Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
🚨 Update packaged dependency libxml2 from 2.9.10 to 2.9.12
🚨 Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ octokit (indirect, 4.18.0 → 4.21.0) · Repo · Changelog
Release Notes
4.21.0
4.20.0
4.19.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ public_suffix (indirect, 3.1.1 → 4.0.6) · Repo · Changelog
Release Notes
4.0.6 (from changelog)
4.0.5 (from changelog)
4.0.4 (from changelog)
4.0.3 (from changelog)
4.0.2 (from changelog)
4.0.1 (from changelog)
4.0.0 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ rb-fsevent (indirect, 0.10.4 → 0.11.0) · Repo
Release Notes
0.11.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ rexml (indirect, 3.2.4 → 3.2.5) · Repo · Changelog
Security Advisories 🚨
🚨 XML round-trip vulnerability in REXML
Release Notes
3.2.5 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ rouge (indirect, 3.19.0 → 3.26.0) · Repo · Changelog
Release Notes
3.26.0
3.25.0
3.24.0
3.23.0
3.22.0
3.21.0
3.20.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ ruby-enum (indirect, 0.8.0 → 0.9.0) · Repo · Changelog
Release Notes
0.9.0 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ rubyzip (indirect, 2.3.0 → 2.3.2) · Repo · Changelog
Release Notes
2.3.2 (from changelog)
2.3.1
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ simpleidn (indirect, 0.1.1 → 0.2.1) · Repo
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ tzinfo (indirect, 1.2.7 → 1.2.9) · Repo · Changelog
Release Notes
1.2.9
1.2.8
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ unf_ext (indirect, 0.0.7.7 → 0.0.8) · Repo · Changelog
Release Notes
0.0.8 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ unicode-display_width (indirect, 1.7.0 → 1.8.0) · Repo · Changelog
Release Notes
1.8.0 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ zeitwerk (indirect, 2.4.0 → 2.5.3) · Repo · Changelog
Release Notes
2.5.3 (from changelog)
2.5.1 (from changelog)
2.5.0 (from changelog)
2.4.2 (from changelog)
2.4.1 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
🆕 faraday-em_http (added, 1.0.0)
🆕 faraday-em_synchrony (added, 1.0.0)
🆕 faraday-excon (added, 1.1.0)
🆕 faraday-httpclient (added, 1.0.1)
🆕 faraday-net_http (added, 1.0.1)
🆕 faraday-net_http_persistent (added, 1.2.0)
🆕 faraday-patron (added, 1.0.0)
🆕 faraday-rack (added, 1.0.0)
🆕 jekyll-include-cache (added, 0.2.1)
🆕 racc (added, 1.6.0)
🆕 ruby2_keywords (added, 0.0.5)
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase
.All Depfu comment commands