Closed depfu[bot] closed 1 year ago
Hey! Changelogs info seems to be missing or might be in incorrect format. Please use the below template in PR description to ensure Changelogg can detect your changes:
- (tag) changelog_text
or
```
- tag: changelog_text
```
**OR**
You can add tag in PR header or while doing a commit too
```
(tag) PR header
```
or
```
tag: PR header
```
Valid tags: **added** / **feat**, **changed**, **deprecated**, **fixed** / **fix**, **removed**, **security**, **build**, **ci**, **chore**, **docs**, **perf**, **refactor**, **revert**, **style**, **test**
Thanks!
For more info, check out [changelogg docs](https://docs.changelogg.io/)
Unable to locate .performanceTestingBot config file
Denial of Service (DoS) attacks caused by Regular Expression which causes the system to hang or cause them to work very slowly when attacker sends a well-crafted input(exponentially related to input size).Denial of service attacks significantly degrade the service quality experienced by legitimate users. These attacks introduce large response delays, excessive losses, and service interruptions, resulting in direct impact on availability.
The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. Source: https://www.owasp.org/index.php/Denial_of_Service
A regular expression that requires exponential time to match certain inputs can be a performance bottleneck, and may be vulnerable to denial-of-service attacks.
Integer overflow occurs when the result of arithmetic operation is greater than the maximum value the integer data type can store. For example, if an integer data type allows integers up to two bytes or 16 bits in length (or an unsigned number up to decimal 65,535), and two integers are to be added together that will exceed the value of 65,535, the result will be integer overflow.
Path traversal vulnerabilities occur when inputs that have not been sufficiently validated or sanitised are used to build directory or file paths. If an attacker can influence the path being accessed by the server, they may be able to gain unauthorised access to files or even execute arbitrary code on the server (when coupled with file upload functionality).
Allocating objects or timers with user-controlled sizes or durations can cause resource exhaustion.
XML injection is a vulnerability affecting the handling of XML documents used by an application. If an application uses unsafe inputs as part of an XML document, it may result in corrupted XML that changes the behaviour of application components that use the modified document. Where XML documents are accepted by an application, it may allow information disclosure, denial of service or unauthorised file access if certain XML processing is permitted.
An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server-side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.
Denial of Service on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
This PR has 242
quantified lines of changes. In general, a change size of upto 200
lines is ideal for the best PR experience!
Was this comment helpful? :thumbsup: :ok_hand: :thumbsdown: (Email) Customize PullRequestQuantifier for this repository.
Pull request analysis by VIZIPI
Below you will find who is the most qualified team member to review your code. This analysis includes his/her work on the code included in this Pull request, in addition to their experience in code affected by these changes ( partly found within the list of potential missing files below ) Feedback always welcome
Match % | Person | Commit Count | Common Files |
---|---|---|---|
100.00 % | reedhhw | 2 | 1 |
No commonly committed files found with a 40% threashold
99.13%
[Gemfile.lock] Closed in favor of #1487.
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
↗️ commonmarker (indirect, 0.17.13 → 0.23.8) · Repo · Changelog
Security Advisories 🚨
🚨 Several quadratic complexity bugs may lead to denial of service in Commonmarker
🚨 Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service
🚨 Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
Release Notes
0.23.8
0.23.7
0.23.6
0.22.0
0.21.0
0.19.0
0.18.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
✳️ github-pages (207 → 228) · Repo
Release Notes
Too many releases to show here. View the full release notes.
Sorry, we couldn't find anything useful about this release.
↗️ activesupport (indirect, 6.0.3.2 → 7.0.4.2) · Repo · Changelog
Security Advisories 🚨
🚨 ReDoS based DoS vulnerability in Active Support’s underscore
🚨 ReDoS based DoS vulnerability in Active Support’s underscore
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ addressable (indirect, 2.7.0 → 2.8.1) · Repo · Changelog
Security Advisories 🚨
🚨 Regular Expression Denial of Service in Addressable templates
Release Notes
2.8.1 (from changelog)
2.8.0 (from changelog)
Does any of this look wrong? Please let us know.
↗️ concurrent-ruby (indirect, 1.1.7 → 1.2.0) · Repo · Changelog
Release Notes
1.2.0
1.1.10
1.1.9 (from changelog)
1.1.8 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ dnsruby (indirect, 1.61.4 → 1.61.9) · Repo
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ em-websocket (indirect, 0.5.1 → 0.5.3) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ ethon (indirect, 0.12.0 → 0.16.0) · Repo · Changelog
Release Notes
0.15.0 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ execjs (indirect, 2.7.0 → 2.8.1) · Repo
Release Notes
2.8.1
2.8.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ faraday (indirect, 1.0.1 → 2.7.4) · Repo · Changelog
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ ffi (indirect, 1.13.1 → 1.15.5) · Repo · Changelog
Release Notes
1.15.5 (from changelog)
1.15.4 (from changelog)
1.15.3 (from changelog)
1.15.2 (from changelog)
1.15.1 (from changelog)
1.15.0 (from changelog)
1.14.2 (from changelog)
1.14.1 (from changelog)
1.14.0 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ github-pages-health-check (indirect, 1.16.1 → 1.17.9) · Repo
Release Notes
1.17.9
1.17.8
1.17.6
1.17.2
1.17.1
1.17.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ html-pipeline (indirect, 2.14.0 → 2.14.3) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ http_parser.rb (indirect, 0.6.0 → 0.8.0) · Repo
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ i18n (indirect, 0.9.5 → 1.12.0) · Repo · Changelog
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll (indirect, 3.9.0 → 3.9.3) · Repo · Changelog
Release Notes
3.9.3
3.9.2
3.9.1
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-commonmark (indirect, 1.3.1 → 1.4.0) · Repo · Changelog
Release Notes
1.4.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-commonmark-ghpages (indirect, 0.1.6 → 0.4.0) · Repo
Release Notes
0.2.0
Does any of this look wrong? Please let us know.
Sorry, we couldn't find anything useful about this release.
↗️ jekyll-feed (indirect, 0.13.0 → 0.15.1) · Repo · Changelog
Release Notes
0.15.1
0.15.0
0.14.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-mentions (indirect, 1.5.1 → 1.6.0) · Repo · Changelog
Release Notes
1.6.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-redirect-from (indirect, 0.15.0 → 0.16.0) · Repo · Changelog
Release Notes
0.16.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-remote-theme (indirect, 0.4.1 → 0.4.3) · Repo
Release Notes
0.4.3
0.4.2
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-seo-tag (indirect, 2.6.1 → 2.8.0) · Repo · Changelog
Release Notes
2.8.0
2.7.1
2.7.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-theme-architect (indirect, 0.1.1 → 0.2.0) · Repo
Release Notes
0.2.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-theme-cayman (indirect, 0.1.1 → 0.2.0) · Repo
Release Notes
0.2.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-theme-dinky (indirect, 0.1.1 → 0.2.0) · Repo
Release Notes
0.2.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-theme-hacker (indirect, 0.1.1 → 0.2.0) · Repo
Release Notes
0.2.0
0.1.2
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-theme-leap-day (indirect, 0.1.1 → 0.2.0) · Repo
Release Notes
0.2.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-theme-merlot (indirect, 0.1.1 → 0.2.0) · Repo
Release Notes
0.2.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-theme-midnight (indirect, 0.1.1 → 0.2.0) · Repo
Release Notes
0.2.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-theme-minimal (indirect, 0.1.1 → 0.2.0) · Repo
Release Notes
0.2.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-theme-modernist (indirect, 0.1.1 → 0.2.0) · Repo
Release Notes
0.2.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-theme-primer (indirect, 0.5.4 → 0.6.0) · Repo
Release Notes
0.6.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-theme-slate (indirect, 0.1.1 → 0.2.0) · Repo
Release Notes
0.2.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-theme-tactile (indirect, 0.1.1 → 0.2.0) · Repo
Release Notes
0.2.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jekyll-theme-time-machine (indirect, 0.1.1 → 0.2.0) · Repo
Release Notes
0.2.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ jemoji (indirect, 0.11.1 → 0.12.0) · Repo · Changelog
Release Notes
0.12.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ kramdown (indirect, 2.3.0 → 2.3.2) · Repo · Changelog
Security Advisories 🚨
🚨 Remote code execution in Kramdown
↗️ liquid (indirect, 4.0.3 → 4.0.4) · Repo · Changelog
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ listen (indirect, 3.2.1 → 3.8.0) · Repo · Changelog
Release Notes
3.8.0
3.7.1
3.7.0
3.6.0
3.5.1
3.4.0
3.3.4
3.3.3
3.3.2
3.3.1
3.3.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ mini_portile2 (indirect, 2.4.0 → 2.8.1) · Repo · Changelog
Release Notes
2.8.1
2.8.0
2.7.1
2.7.0
2.6.1
2.6.0
2.5.3
2.5.2
2.5.1
2.5.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ minitest (indirect, 5.14.2 → 5.17.0) · Repo · Changelog
Release Notes
5.17.0 (from changelog)
5.16.3 (from changelog)
5.16.2 (from changelog)
5.16.1 (from changelog)
5.16.0 (from changelog)
5.15.0 (from changelog)
5.14.4 (from changelog)
5.14.3 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ nokogiri (indirect, 1.10.10 → 1.14.1) · Repo · Changelog
Security Advisories 🚨
🚨 Unchecked return value from xmlTextReaderExpand
🚨 Improper Handling of Unexpected Data Type in Nokogiri
🚨 Integer Overflow or Wraparound in libxml2 affects Nokogiri
🚨 Denial of Service (DoS) in Nokogiri on JRuby
🚨 Inefficient Regular Expression Complexity in Nokogiri
🚨 Out-of-bounds Write in zlib affects Nokogiri
🚨 XML Injection in Xerces Java affects Nokogiri
🚨 Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
🚨 Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
🚨 Update packaged dependency libxml2 from 2.9.10 to 2.9.12
🚨 Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ octokit (indirect, 4.18.0 → 4.25.1) · Repo · Changelog
Security Advisories 🚨
🚨 Octokit gem published with world-writable files
Release Notes
4.25.1
4.25.0
4.24.0
4.23.0
4.22.0
4.21.0
4.20.0
4.19.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ public_suffix (indirect, 3.1.1 → 4.0.7) · Repo · Changelog
Release Notes
4.0.7 (from changelog)
4.0.6 (from changelog)
4.0.5 (from changelog)
4.0.4 (from changelog)
4.0.3 (from changelog)
4.0.2 (from changelog)
4.0.1 (from changelog)
4.0.0 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ rb-fsevent (indirect, 0.10.4 → 0.11.2) · Repo
Release Notes
0.11.2
0.11.1
0.11.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ rexml (indirect, 3.2.4 → 3.2.5) · Repo · Changelog
Security Advisories 🚨
🚨 XML round-trip vulnerability in REXML
Release Notes
3.2.5 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ rouge (indirect, 3.19.0 → 3.26.0) · Repo · Changelog
Release Notes
3.26.0
3.25.0
3.24.0
3.23.0
3.22.0
3.21.0
3.20.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ rubyzip (indirect, 2.3.0 → 2.3.2) · Repo · Changelog
Release Notes
2.3.2 (from changelog)
2.3.1
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ sawyer (indirect, 0.8.2 → 0.9.2) · Repo
Release Notes
0.9.1
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ simpleidn (indirect, 0.1.1 → 0.2.1) · Repo
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ tzinfo (indirect, 1.2.7 → 2.0.6) · Repo · Changelog
Security Advisories 🚨
🚨 TZInfo relative path traversal vulnerability allows loading of arbitrary files
Release Notes
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.1
2.0.0
1.2.11
1.2.10
1.2.9
1.2.8
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ unf_ext (indirect, 0.0.7.7 → 0.0.8.2) · Repo · Changelog
Release Notes
0.0.8.2 (from changelog)
0.0.8.1 (from changelog)
0.0.8 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
↗️ unicode-display_width (indirect, 1.7.0 → 1.8.0) · Repo · Changelog
Release Notes
1.8.0 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
🆕 faraday-net_http (added, 3.0.2)
🆕 jekyll-include-cache (added, 0.2.1)
🆕 racc (added, 1.6.2)
🆕 ruby2_keywords (added, 0.0.5)
🗑️ multipart-post (removed)
🗑️ ruby-enum (removed)
🗑️ thread_safe (removed)
🗑️ zeitwerk (removed)
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase
.All Depfu comment commands