🚨 [security] Update html-proofer: 3.17.4 → 5.0.6 (major)

[depfu[bot]]

---

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

---

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ html-proofer (3.17.4 → 5.0.6) · Repo · Changelog

Release Notes

5.0.6

More info than we can show here.

5.0.5

More info than we can show here.

5.0.4

More info than we can show here.

5.0.3

More info than we can show here.

5.0.2

More info than we can show here.

4.4.3 (from changelog)

More info than we can show here.

4.4.2 (from changelog)

More info than we can show here.

4.1.0 (from changelog)

More info than we can show here.

4.0.1 (from changelog)

More info than we can show here.

3.19.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

✳️ github-pages (207 → 228) · Repo

Release Notes

Too many releases to show here. View the full release notes.

Sorry, we couldn't find anything useful about this release.

↗️ activesupport (indirect, 6.0.3.2 → 7.0.4.3) · Repo · Changelog

Security Advisories 🚨

🚨 Possible XSS Security Vulnerability in SafeBuffer#bytesplice

More info than we can show here.

🚨 Possible XSS Security Vulnerability in SafeBuffer#bytesplice

More info than we can show here.

🚨 ReDoS based DoS vulnerability in Active Support’s underscore

More info than we can show here.

🚨 ReDoS based DoS vulnerability in Active Support’s underscore

More info than we can show here.

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ addressable (indirect, 2.7.0 → 2.8.3) · Repo · Changelog

Security Advisories 🚨

🚨 Regular Expression Denial of Service in Addressable templates

More info than we can show here.

Release Notes

2.8.2 (from changelog)

More info than we can show here.

2.8.1 (from changelog)

More info than we can show here.

2.8.0 (from changelog)

More info than we can show here.

Does any of this look wrong? Please let us know.

↗️ commonmarker (indirect, 0.17.13 → 0.23.8) · Repo · Changelog

Security Advisories 🚨

🚨 Several quadratic complexity bugs may lead to denial of service in Commonmarker

More info than we can show here.

🚨 Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service

More info than we can show here.

🚨 Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption

More info than we can show here.

Release Notes

0.23.8

More info than we can show here.

0.23.7

More info than we can show here.

0.23.6

More info than we can show here.

0.22.0

More info than we can show here.

0.21.0

More info than we can show here.

0.19.0

More info than we can show here.

0.18.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ concurrent-ruby (indirect, 1.1.7 → 1.2.2) · Repo · Changelog

Release Notes

1.2.2

More info than we can show here.

1.2.1

More info than we can show here.

1.2.0

More info than we can show here.

1.1.10

More info than we can show here.

1.1.9 (from changelog)

More info than we can show here.

1.1.8 (from changelog)

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ dnsruby (indirect, 1.61.4 → 1.61.9) · Repo

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ em-websocket (indirect, 0.5.1 → 0.5.3) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ ethon (indirect, 0.12.0 → 0.16.0) · Repo · Changelog

Release Notes

0.15.0 (from changelog)

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ execjs (indirect, 2.7.0 → 2.8.1) · Repo

Release Notes

2.8.1

More info than we can show here.

2.8.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ faraday (indirect, 1.0.1 → 2.7.4) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ ffi (indirect, 1.13.1 → 1.15.5) · Repo · Changelog

Release Notes

1.15.5 (from changelog)

More info than we can show here.

1.15.4 (from changelog)

More info than we can show here.

1.15.3 (from changelog)

More info than we can show here.

1.15.2 (from changelog)

More info than we can show here.

1.15.1 (from changelog)

More info than we can show here.

1.15.0 (from changelog)

More info than we can show here.

1.14.2 (from changelog)

More info than we can show here.

1.14.1 (from changelog)

More info than we can show here.

1.14.0 (from changelog)

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ github-pages-health-check (indirect, 1.16.1 → 1.17.9) · Repo

Release Notes

1.17.9

More info than we can show here.

1.17.8

More info than we can show here.

1.17.6

More info than we can show here.

1.17.2

More info than we can show here.

1.17.1

More info than we can show here.

1.17.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ html-pipeline (indirect, 2.14.0 → 2.14.3) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ http_parser.rb (indirect, 0.6.0 → 0.8.0) · Repo

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ i18n (indirect, 0.9.5 → 1.12.0) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll (indirect, 3.9.0 → 3.9.3) · Repo · Changelog

Release Notes

3.9.3

More info than we can show here.

3.9.2

More info than we can show here.

3.9.1

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-commonmark (indirect, 1.3.1 → 1.4.0) · Repo · Changelog

Release Notes

1.4.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-commonmark-ghpages (indirect, 0.1.6 → 0.4.0) · Repo

Release Notes

0.2.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Sorry, we couldn't find anything useful about this release.

↗️ jekyll-feed (indirect, 0.13.0 → 0.15.1) · Repo · Changelog

Release Notes

0.15.1

More info than we can show here.

0.15.0

More info than we can show here.

0.14.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-mentions (indirect, 1.5.1 → 1.6.0) · Repo · Changelog

Release Notes

1.6.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-redirect-from (indirect, 0.15.0 → 0.16.0) · Repo · Changelog

Release Notes

0.16.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-remote-theme (indirect, 0.4.1 → 0.4.3) · Repo

Release Notes

0.4.3

More info than we can show here.

0.4.2

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-seo-tag (indirect, 2.6.1 → 2.8.0) · Repo · Changelog

Release Notes

2.8.0

More info than we can show here.

2.7.1

More info than we can show here.

2.7.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-theme-architect (indirect, 0.1.1 → 0.2.0) · Repo

Release Notes

0.2.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-theme-cayman (indirect, 0.1.1 → 0.2.0) · Repo

Release Notes

0.2.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-theme-dinky (indirect, 0.1.1 → 0.2.0) · Repo

Release Notes

0.2.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-theme-hacker (indirect, 0.1.1 → 0.2.0) · Repo

Release Notes

0.2.0

More info than we can show here.

0.1.2

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-theme-leap-day (indirect, 0.1.1 → 0.2.0) · Repo

Release Notes

0.2.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-theme-merlot (indirect, 0.1.1 → 0.2.0) · Repo

Release Notes

0.2.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-theme-midnight (indirect, 0.1.1 → 0.2.0) · Repo

Release Notes

0.2.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-theme-minimal (indirect, 0.1.1 → 0.2.0) · Repo

Release Notes

0.2.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-theme-modernist (indirect, 0.1.1 → 0.2.0) · Repo

Release Notes

0.2.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-theme-primer (indirect, 0.5.4 → 0.6.0) · Repo

Release Notes

0.6.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-theme-slate (indirect, 0.1.1 → 0.2.0) · Repo

Release Notes

0.2.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-theme-tactile (indirect, 0.1.1 → 0.2.0) · Repo

Release Notes

0.2.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jekyll-theme-time-machine (indirect, 0.1.1 → 0.2.0) · Repo

Release Notes

0.2.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ jemoji (indirect, 0.11.1 → 0.12.0) · Repo · Changelog

Release Notes

0.12.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ kramdown (indirect, 2.3.0 → 2.3.2) · Repo · Changelog

Security Advisories 🚨

🚨 Remote code execution in Kramdown

More info than we can show here.

↗️ liquid (indirect, 4.0.3 → 4.0.4) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ listen (indirect, 3.2.1 → 3.8.0) · Repo · Changelog

Release Notes

3.8.0

More info than we can show here.

3.7.1

More info than we can show here.

3.7.0

More info than we can show here.

3.6.0

More info than we can show here.

3.5.1

More info than we can show here.

3.4.0

More info than we can show here.

3.3.4

More info than we can show here.

3.3.3

More info than we can show here.

3.3.2

More info than we can show here.

3.3.1

More info than we can show here.

3.3.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ mini_portile2 (indirect, 2.4.0 → 2.8.1) · Repo · Changelog

Release Notes

2.8.1

More info than we can show here.

2.8.0

More info than we can show here.

2.7.1

More info than we can show here.

2.7.0

More info than we can show here.

2.6.1

More info than we can show here.

2.6.0

More info than we can show here.

2.5.3

More info than we can show here.

2.5.2

More info than we can show here.

2.5.1

More info than we can show here.

2.5.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ minitest (indirect, 5.14.2 → 5.18.0) · Repo · Changelog

Release Notes

5.18.0 (from changelog)

More info than we can show here.

5.17.0 (from changelog)

More info than we can show here.

5.16.3 (from changelog)

More info than we can show here.

5.16.2 (from changelog)

More info than we can show here.

5.16.1 (from changelog)

More info than we can show here.

5.16.0 (from changelog)

More info than we can show here.

5.15.0 (from changelog)

More info than we can show here.

5.14.4 (from changelog)

More info than we can show here.

5.14.3 (from changelog)

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ nokogiri (indirect, 1.10.10 → 1.14.2) · Repo · Changelog

Security Advisories 🚨

🚨 Unchecked return value from xmlTextReaderExpand

More info than we can show here.

🚨 Nokogiri contains libxml Out-of-bounds Write vulnerability

More info than we can show here.

🚨 Improper Handling of Unexpected Data Type in Nokogiri

More info than we can show here.

🚨 Integer Overflow or Wraparound in libxml2 affects Nokogiri

More info than we can show here.

🚨 Denial of Service (DoS) in Nokogiri on JRuby

More info than we can show here.

🚨 Inefficient Regular Expression Complexity in Nokogiri

More info than we can show here.

🚨 Out-of-bounds Write in zlib affects Nokogiri

More info than we can show here.

🚨 XML Injection in Xerces Java affects Nokogiri

More info than we can show here.

🚨 Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)

More info than we can show here.

🚨 Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby

More info than we can show here.

🚨 Update packaged dependency libxml2 from 2.9.10 to 2.9.12

More info than we can show here.

🚨 Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability

More info than we can show here.

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ octokit (indirect, 4.18.0 → 4.25.1) · Repo · Changelog

Security Advisories 🚨

🚨 Octokit gem published with world-writable files

More info than we can show here.

Release Notes

4.25.1

More info than we can show here.

4.25.0

More info than we can show here.

4.24.0

More info than we can show here.

4.23.0

More info than we can show here.

4.22.0

More info than we can show here.

4.21.0

More info than we can show here.

4.20.0

More info than we can show here.

4.19.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ public_suffix (indirect, 3.1.1 → 4.0.7) · Repo · Changelog

Release Notes

4.0.7 (from changelog)

More info than we can show here.

4.0.6 (from changelog)

More info than we can show here.

4.0.5 (from changelog)

More info than we can show here.

4.0.4 (from changelog)

More info than we can show here.

4.0.3 (from changelog)

More info than we can show here.

4.0.2 (from changelog)

More info than we can show here.

4.0.1 (from changelog)

More info than we can show here.

4.0.0 (from changelog)

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rainbow (indirect, 3.0.0 → 3.1.1) · Repo · Changelog

Release Notes

3.1.1 (from changelog)

More info than we can show here.

3.1.0 (from changelog)

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rb-fsevent (indirect, 0.10.4 → 0.11.2) · Repo

Release Notes

0.11.2

More info than we can show here.

0.11.1

More info than we can show here.

0.11.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rexml (indirect, 3.2.4 → 3.2.5) · Repo · Changelog

Security Advisories 🚨

🚨 XML round-trip vulnerability in REXML

More info than we can show here.

Release Notes

3.2.5 (from changelog)

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rouge (indirect, 3.19.0 → 3.26.0) · Repo · Changelog

Release Notes

3.26.0

More info than we can show here.

3.25.0

More info than we can show here.

3.24.0

More info than we can show here.

3.23.0

More info than we can show here.

3.22.0

More info than we can show here.

3.21.0

More info than we can show here.

3.20.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rubyzip (indirect, 2.3.0 → 2.3.2) · Repo · Changelog

Release Notes

2.3.2 (from changelog)

More info than we can show here.

2.3.1

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ sawyer (indirect, 0.8.2 → 0.9.2) · Repo

Release Notes

0.9.1

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ simpleidn (indirect, 0.1.1 → 0.2.1) · Repo

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ tzinfo (indirect, 1.2.7 → 2.0.6) · Repo · Changelog

Security Advisories 🚨

🚨 TZInfo relative path traversal vulnerability allows loading of arbitrary files

More info than we can show here.

Release Notes

2.0.6

More info than we can show here.

2.0.5

More info than we can show here.

2.0.4

More info than we can show here.

2.0.3

More info than we can show here.

2.0.2

More info than we can show here.

2.0.1

More info than we can show here.

2.0.0

More info than we can show here.

1.2.11

More info than we can show here.

1.2.10

More info than we can show here.

1.2.9

More info than we can show here.

1.2.8

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ unf_ext (indirect, 0.0.7.7 → 0.0.8.2) · Repo · Changelog

Release Notes

0.0.8.2 (from changelog)

More info than we can show here.

0.0.8.1 (from changelog)

More info than we can show here.

0.0.8 (from changelog)

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ unicode-display_width (indirect, 1.7.0 → 1.8.0) · Repo · Changelog

Release Notes

1.8.0 (from changelog)

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ zeitwerk (indirect, 2.4.0 → 2.6.7) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

🆕 Ascii85 (added, 1.1.0)

🆕 afm (added, 0.2.2)

🆕 async (added, 2.5.0)

🆕 console (added, 1.16.2)

🆕 faraday-net_http (added, 3.0.2)

🆕 fiber-local (added, 1.0.0)

🆕 hashery (added, 2.1.2)

🆕 io-event (added, 1.1.7)

🆕 jekyll-include-cache (added, 0.2.1)

🆕 pdf-reader (added, 2.11.0)

🆕 racc (added, 1.6.2)

🆕 ruby-rc4 (added, 0.1.5)

🆕 ruby2_keywords (added, 0.0.5)

🆕 timers (added, 4.3.5)

🆕 ttfunk (added, 1.7.0)

🗑️ multipart-post (removed)

🗑️ nokogumbo (removed)

🗑️ parallel (removed)

🗑️ ruby-enum (removed)

🗑️ thread_safe (removed)

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)

[changelogg[bot]]

Hey! Changelogs info seems to be missing or might be in incorrect format. Please use the below template in PR description to ensure Changelogg can detect your changes:

    - (tag) changelog_text

or
```
- tag: changelog_text
```
**OR**
You can add tag in PR header or while doing a commit too
```    
(tag) PR header
```
or
```
tag: PR header
```
Valid tags: **added** / **feat**, **changed**, **deprecated**, **fixed** / **fix**, **removed**, **security**, **build**, **ci**, **chore**, **docs**, **perf**, **refactor**, **revert**, **style**, **test**
Thanks!
For more info, check out [changelogg docs](https://docs.changelogg.io/)

[performance-testing-bot[bot]]

Unable to locate .performanceTestingBot config file

[pull-request-quantifier-deprecated[bot]]

This PR has 277 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

---

Quantification details

``` Label : Large Size : +149 -128 Percentile : 67.7% Total files changed: 1 Change summary by file extension: .lock : +149 -128 ``` > Change counts above are quantified counts, based on the [PullRequestQuantifier customizations](https://github.com/microsoft/PullRequestQuantifier/blob/main/docs/prquantifier-yaml.md).

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a balance between between PR complexity and PR review overhead. PRs within the optimal size (typical small, or medium sized PRs) mean: - Fast and predictable releases to production: - Optimal size changes are more likely to be reviewed faster with fewer iterations. - Similarity in low PR complexity drives similar review times. - Review quality is likely higher as complexity is lower: - Bugs are more likely to be detected. - Code inconsistencies are more likely to be detected. - Knowledge sharing is improved within the participants: - Small portions can be assimilated better. - Better engineering practices are exercised: - Solving big problems by dividing them in well contained, smaller problems. - Exercising separation of concerns within the code changes. #### What can I do to optimize my changes - Use the PullRequestQuantifier to quantify your PR accurately - Create a context profile for your repo using the [context generator](https://github.com/microsoft/PullRequestQuantifier/releases) - Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the `Excluded` section from your `prquantifier.yaml` context profile. - Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your `prquantifier.yaml` context profile. - Only use the labels that matter to you, [see context specification](./docs/prquantifier-yaml.md) to customize your `prquantifier.yaml` context profile. - Change your engineering behaviors - For PRs that fall outside of the desired spectrum, review the details and check if: - Your PR could be split in smaller, self-contained PRs instead - Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR). #### How to interpret the change counts in git diff output - One line was added: `+1 -0` - One line was deleted: `+0 -1` - One line was modified: `+1 -1` (git diff doesn't know about modified, it will interpret that line like one addition plus one deletion) - Change percentiles: Change characteristics (addition, deletion, modification) of this PR in relation to all other PRs within the repository.

---

Was this comment helpful? :thumbsup:  :ok_hand:  :thumbsdown: (Email) Customize PullRequestQuantifier for this repository.

[squash-labs[bot]]

Manage this branch in Squash

Test this branch here: https://depfuupdatehtml-proofer-506-uchjw.squash.io

[secure-code-warrior-for-github[bot]]

Micro-Learning Topic: Regular expression denial of service (Detected by phrase)

Matched on "Regular Expression Denial of Service"

What is this? (2min video)

Denial of Service (DoS) attacks caused by Regular Expression which causes the system to hang or cause them to work very slowly when attacker sends a well-crafted input(exponentially related to input size).Denial of service attacks significantly degrade the service quality experienced by legitimate users. These attacks introduce large response delays, excessive losses, and service interruptions, resulting in direct impact on availability.

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Denial of service (Detected by phrase)

Matched on "Denial of Service"

The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. Source: https://www.owasp.org/index.php/Denial_of_Service

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Inefficient regular expression (Detected by phrase)

Matched on "Inefficient Regular Expression"

What is this? (2min video)

A regular expression that requires exponential time to match certain inputs can be a performance bottleneck, and may be vulnerable to denial-of-service attacks.

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Integer overflow (Detected by phrase)

Matched on "Integer overflow"

What is this? (2min video)

Integer overflow occurs when the result of arithmetic operation is greater than the maximum value the integer data type can store. For example, if an integer data type allows integers up to two bytes or 16 bits in length (or an unsigned number up to decimal 65,535), and two integers are to be added together that will exceed the value of 65,535, the result will be integer overflow.

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Path traversal (Detected by phrase)

Matched on "path traversal"

What is this? (2min video)

Path traversal vulnerabilities occur when inputs that have not been sufficiently validated or sanitised are used to build directory or file paths. If an attacker can influence the path being accessed by the server, they may be able to gain unauthorised access to files or even execute arbitrary code on the server (when coupled with file upload functionality).

Try a challenge in Secure Code Warrior

Helpful references

• OWASP Input Validation Cheat Sheet - This cheatsheet is focused on providing clear, simple, actionable guidance for preventing injection and input validation flaws in your applications, including defence against path traversal.
• OWASP Path Traversal - OWASP community page with comprehensive information about path traversal, and links to various OWASP resources to help detect or prevent it.

Micro-Learning Topic: Resource exhaustion (Detected by phrase)

Matched on "resource exhaustion"

What is this? (2min video)

Allocating objects or timers with user-controlled sizes or durations can cause resource exhaustion.

Try a challenge in Secure Code Warrior

Micro-Learning Topic: XML injection (Detected by phrase)

Matched on "XML Injection"

What is this? (2min video)

XML injection is a vulnerability affecting the handling of XML documents used by an application. If an application uses unsafe inputs as part of an XML document, it may result in corrupted XML that changes the behaviour of application components that use the modified document. Where XML documents are accepted by an application, it may allow information disclosure, denial of service or unauthorised file access if certain XML processing is permitted.

Try a challenge in Secure Code Warrior

Helpful references

• OWASP XML Injection prevention cheat sheet - This article is focused on providing clear, simple, actionable guidance for preventing XML injection flaws in your Java applications.
• OWASP testing for XML Injection - This article is focused on providing testing techniques for identifying XML injection flaws in your applications

Micro-Learning Topic: Cross-site scripting (Detected by phrase)

Matched on "xss"

What is this? (2min video)

Cross-site scripting vulnerabilities occur when unescaped input is rendered into a page displayed to the user. When HTML or script is included in the input, it will be processed by a user's browser as HTML or script and can alter the appearance of the page or execute malicious scripts in their user context.

Try a challenge in Secure Code Warrior

Helpful references

• Prevent Cross-Site Scripting (XSS) in ASP.NET Core - A detailed Microsoft article on how to prevent cross-site scripting in ASP.NET Core.
• OWASP Cross Site Scripting (XSS) Software Attack - OWASP community page with comprehensive information about cross site scripting, and links to various OWASP resources to help detect or prevent it.
• OWASP Cross Site Scripting Prevention Cheat Sheet - This article provides a simple positive model for preventing XSS using output encoding properly.

Micro-Learning Topic: External entity injection (Detected by phrase)

Matched on "XXE"

What is this? (2min video)

An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server-side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.

Try a challenge in Secure Code Warrior

Helpful references

• OWASP XML External Entity (XXE) Processing - OWASP community page with comprehensive information about XML external entity attacks, and links to various OWASP resources to help detect or prevent it.
• MSDN Security Briefs - XML Denial of Service Attacks and Defenses - An MSDN Magazine article that goes into detail on XML entity attacks and how to defend against them.
• OWASP XML External Entity Prevention Cheat Sheet - This article is focused on providing clear, simple, actionable guidance for preventing XML external entity flaws in your applications.

Denial of Service | OWASP Foundation

Denial of Service on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.

[vizipi[bot]]

Pull request analysis by VIZIPI

Below you will find who is the most qualified team member to review your code. This analysis includes his/her work on the code included in this Pull request, in addition to their experience in code affected by these changes ( partly found within the list of potential missing files below )   Feedback always welcome

Reviewers with knowledge related to these changes

Match %	Person	Commit Count	Common Files
100.00 %	reedhhw	2	1

---

Potential missing files from this Pull request

No commonly committed files found with a 40% threashold

---

Committed file ranks

(click to expand)

99.13%[Gemfile.lock]

[depfu[bot]]

Closed in favor of #1486.