Closed depfu[bot] closed 6 months ago
Hey! Changelogs info seems to be missing or might be in incorrect format. Please use the below template in PR description to ensure Changelogg can detect your changes:
- (tag) changelog_text
or
```
- tag: changelog_text
```
**OR**
You can add tag in PR header or while doing a commit too
```
(tag) PR header
```
or
```
tag: PR header
```
Valid tags: **added** / **feat**, **changed**, **deprecated**, **fixed** / **fix**, **removed**, **security**, **build**, **ci**, **chore**, **docs**, **perf**, **refactor**, **revert**, **style**, **test**
Thanks!
For more info, check out [changelogg docs](https://docs.changelogg.io/)
Unable to locate .performanceTestingBot config file
This PR has 28
quantified lines of changes. In general, a change size of upto 200
lines is ideal for the best PR experience!
Was this comment helpful? :thumbsup: :ok_hand: :thumbsdown: (Email) Customize PullRequestQuantifier for this repository.
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
The software writes data past the end, or before the beginning, of the intended buffer.
The software does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.
An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server-side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.
XML injection is a vulnerability affecting the handling of XML documents used by an application. If an application uses unsafe inputs as part of an XML document, it may result in corrupted XML that changes the behaviour of application components that use the modified document. Where XML documents are accepted by an application, it may allow information disclosure, denial of service or unauthorised file access if certain XML processing is permitted.
XPath injection is a vulnerability that arises when unsafe input is used in the construction of XPath query strings. Since XPath does not allow for data manipulation, exploiting an XPath injection vulnerability cannot result in unauthorised modification of the target XML document. However, depending on how the application uses the result of an XPath query, it may affect subsequent processing and allow unauthorised access to data or application functionality.
A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer.
Also referred to as Heap buffer overflows. Memory buffers, arrays and strings allocated from the heap are prime candidates for this type of overflow vulnerability.
Dereferencing a pointer value of 0 (Null) usually leads to program termination. Exploiters of this vulnerability can cause a Denial of Service (DoS).
Integer overflow occurs when the result of arithmetic operation is greater than the maximum value the integer data type can store. For example, if an integer data type allows integers up to two bytes or 16 bits in length (or an unsigned number up to decimal 65,535), and two integers are to be added together that will exceed the value of 65,535, the result will be integer overflow.
Dereferencing pointers to objects that have already been freed opens the door to execution of arbitrary code. Attackers may be able to insert instructions at the freed memory location in order to trigger the exploit when the pointer is used after the memory has been freed.
This vulnerability refers to the insecure transport of sensitive data between two parties. This typically takes the form of HTTP transport for web applications, or other plain-text protocols when working with other types of applications.
Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare, and PII. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data may be compromised without extra protection, such as encryption at rest or in transit, and requires special precautions when exchanged with the browser. Source: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
Denial of Service (DoS) attacks caused by Regular Expression which causes the system to hang or cause them to work very slowly when attacker sends a well-crafted input(exponentially related to input size).Denial of service attacks significantly degrade the service quality experienced by legitimate users. These attacks introduce large response delays, excessive losses, and service interruptions, resulting in direct impact on availability.
The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. Source: https://www.owasp.org/index.php/Denial_of_Service
Server-Side Request Forgery (SSRF) vulnerabilities are caused when an attacker can supply or modify a URL that reads or sends data to the server. The attacker can create a malicious request with a manipulated URL, when this request reaches the server, the server-side code executes the exploit URL causing the attacker to be able to read data from services that shouldn't be exposed.
The OWASP Top 10 is the reference standard for the most critical web application security risks. Adopting the OWASP Top 10 is perhaps the most effective first step towards changing your software development culture focused on producing secure code.
Denial of Service on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
Pull request analysis by VIZIPI
Below you will find who is the most qualified team member to review your code. This analysis includes his/her work on the code included in this Pull request, in addition to their experience in code affected by these changes ( partly found within the list of potential missing files below ) Feedback always welcome
Match % | Person | Commit Count | Common Files |
---|---|---|---|
100.00 % | reedhhw | 2 | 1 |
No commonly committed files found with a 40% threashold
99.13%
[Gemfile.lock] Closing because this update has already been applied
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ html-proofer (3.17.4 → 3.19.4) · Repo · Changelog
Release Notes
3.19.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ addressable (indirect, 2.7.0 → 2.8.0) · Repo · Changelog
Security Advisories 🚨
🚨 Regular Expression Denial of Service in Addressable templates
Release Notes
2.8.0 (from changelog)
Does any of this look wrong? Please let us know.
↗️ ethon (indirect, 0.12.0 → 0.15.0) · Repo · Changelog
Release Notes
0.15.0 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ ffi (indirect, 1.13.1 → 1.15.5) · Repo · Changelog
Release Notes
1.15.5 (from changelog)
1.15.4 (from changelog)
1.15.3 (from changelog)
1.15.2 (from changelog)
1.15.1 (from changelog)
1.15.0 (from changelog)
1.14.2 (from changelog)
1.14.1 (from changelog)
1.14.0 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ mini_portile2 (indirect, 2.4.0 → 2.8.0) · Repo · Changelog
Release Notes
2.8.0
2.7.1
2.7.0
2.6.1
2.6.0
2.5.3
2.5.2
2.5.1
2.5.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ nokogiri (indirect, 1.10.10 → 1.13.6) · Repo · Changelog
Security Advisories 🚨
🚨 Improper Handling of Unexpected Data Type in Nokogiri
🚨 Integer Overflow or Wraparound in libxml2 affects Nokogiri
🚨 Denial of Service (DoS) in Nokogiri on JRuby
🚨 Inefficient Regular Expression Complexity in Nokogiri
🚨 Out-of-bounds Write in zlib affects Nokogiri
🚨 XML Injection in Xerces Java affects Nokogiri
🚨 Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
🚨 Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
🚨 Update packaged dependency libxml2 from 2.9.10 to 2.9.12
🚨 Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ parallel (indirect, 1.20.1 → 1.22.1) · Repo
Commits
See the full diff on Github. The new version differs by 36 commits:
v1.22.1
Merge pull request #322 from enumag/patch-1
Fix compilation on windows
v1.22.0
Merge pull request #317 from grosser/grosser/ractor
WIP
Merge pull request #321 from grosser/grosser/31
add ruby 3.1
Merge pull request #320 from grosser/grosser/rspec
gem update
Merge pull request #313 from grosser/grosser/flake
make test not be flaky when other ruby processes get started
Merge pull request #312 from grosser/grosser/ruby
Make sure to run test cases with target Ruby version
Merge pull request #309 from olleolleolle/patch-2
CI: use matrix.task to select Rake task
Merge pull request #308 from grosser/grosser/spec
do not run rubocop for each ruby version
v1.21.0
Add support for darwin20
fix rubocop
rubocop
Merge pull request #303 from henrich/patch-1
Avoid thousands of lsof warnings in chroot
Merge pull request #301 from pedromartinez/revert-299-patch-1
Revert "Add support for darwin20"
v1.20.2
Merge pull request #299 from pedromartinez/patch-1
Add support for darwin20
Merge pull request #295 from okuramasafumi/patch-1
Change CI badge from Travis to GitHub Actions
Merge pull request #293 from kachick/tomosan
Merge pull request #292 from kachick/follow-ruby-3
Fix Contributors link
Test against ruby 3.0
`bundle update --conservative minitest`
↗️ rainbow (indirect, 3.0.0 → 3.1.1) · Repo · Changelog
Release Notes
3.1.1 (from changelog)
3.1.0 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 29 commits:
v3.1.1
fix: Include all lib/ files
Add screenshot of example in README
Update .travis.yml
Update .travis.yml
RuboCop: configure new 0.81.0 rules
Pin RuboCop to 0.81.0 to support Ruby 2.3
v3.1.0
v3.1.0 Changelog
(chore) Add v0.80 RuboCop cops
CI: Use JRuby 9.2.11.0
CI: Update matrix
Fix RuboCop offenses and warnings about .rubocop.yml
Gemspec: List files using Ruby
CI: Use 2.4.6, 2.5.5, 2.6.3, jruby-9.2.7.0 (#94)
Use rubocop latest, drop support for Ruby 2.1, 2.2 (#91)
CI: Allow Bundler 2, add Rubies to CI matrix (#89)
Remove specific TargetRubyVersion from .rubocop.yml (#88)
README: Add cross_out, strike to presenters docs
Add test with non-existent :color (#86)
introducing #cross_out (#84)
Simplify `wrap_with_sgr` method (#85)
Merge pull request #83 from chiting/add-hex-check
Make rubocop happy
Add hexadecimal format checking
Add unit test for non hexadecimal string
Merge pull request #81 from nicolasleger/patch-1
[CI] Test against new Ruby 2.5 and patched
Update changelog
🆕 racc (added, 1.6.0)
🗑️ nokogumbo (removed)
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase
.All Depfu comment commands