dependabot-preview[bot]
commented
5 years ago Superseded by #25.
Closed dependabot-preview[bot] closed 5 years ago
dependabot-preview[bot]
commented
5 years ago Superseded by #25.
Bumps yard from 0.8.6.2 to 0.9.19. This update includes security fixes.
Vulnerabilities fixed
*Sourced from [The Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db/blob/master/gems/yard/CVE-2017-17042.yml).* > **Potential arbitrary file read vulnerability in yard server** > lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block > relative paths with an initial ../ sequence, which allows attackers to conduct > directory traversal attacks and read arbitrary files. > > Patched versions: >= 0.9.11 > Unaffected versions: noneRelease notes
*Sourced from [yard's releases](https://github.com/lsegal/yard/releases).* > ## Release v0.9.19 > > [0.9.19]: https://github.com/lsegal/yard/compare/v0.9.16...v0.9.19 > > - Fixed bug in browser back button ([#1071](https://github-redirect.dependabot.com/lsegal/yard/issues/1071), [#1228](https://github-redirect.dependabot.com/lsegal/yard/issues/1228)) > - Fixed handling of ArgumentError in ExtraFileObject ([#1198](https://github-redirect.dependabot.com/lsegal/yard/issues/1198)) > - Fixed double return tag displaying on boolean methods ([#1226](https://github-redirect.dependabot.com/lsegal/yard/issues/1226)) > - Removed unused `Module#namespace_name` function ([#1229](https://github-redirect.dependabot.com/lsegal/yard/issues/1229)) > - Fixed parsing order of README files. YARD will now prefer README over > README.md over README.x.md or README-x.md (and the like). READMEs will now > also be ordered by filename; the first README is still chosen unless > `--readme` is provided. > - Updated AsciiDoc markup support to use non-deprecated calls. > > ## v0.9.18 > No release notes provided. > > ## Release v0.9.17 > No release notes provided. > > ## Release v0.9.16 > No release notes provided. > > ## Release v0.9.15 > # [0.9.15] - July 17th, 2018 > > [0.9.15]: https://github.com/lsegal/yard/compare/v0.9.14...v0.9.15 > > - Fixed security issue in parsing of Ruby code that could allow for arbitrary > execution. Credit to Nelson ElhageChangelog
*Sourced from [yard's changelog](https://github.com/lsegal/yard/blob/master/CHANGELOG.md).* > # 0.9.19 - April 2nd, 2019 > > [0.9.19]: https://github.com/lsegal/yard/compare/v0.9.16...v0.9.19 > > - Fixed bug in browser back button ([#1071](https://github-redirect.dependabot.com/lsegal/yard/issues/1071), [#1228](https://github-redirect.dependabot.com/lsegal/yard/issues/1228)) > - Fixed handling of ArgumentError in ExtraFileObject ([#1198](https://github-redirect.dependabot.com/lsegal/yard/issues/1198)) > - Fixed double return tag displaying on boolean methods ([#1226](https://github-redirect.dependabot.com/lsegal/yard/issues/1226)) > - Removed unused `Module#namespace_name` function ([#1229](https://github-redirect.dependabot.com/lsegal/yard/issues/1229)) > - Fixed parsing order of README files. YARD will now prefer README over > README.md over README.x.md or README-x.md (and the like). READMEs will now > also be ordered by filename; the first README is still chosen unless > `--readme` is provided. > - Updated AsciiDoc markup support to use non-deprecated calls. > > # [0.9.16] - August 11th, 2018 > > [0.9.16]: https://github.com/lsegal/yard/compare/v0.9.15...v0.9.16 > > - Documentation fixes ([#1175](https://github-redirect.dependabot.com/lsegal/yard/issues/1175), [#1178](https://github-redirect.dependabot.com/lsegal/yard/issues/1178)). > - Fixed stack overflow issue when parsing extremely large lists ([#1176](https://github-redirect.dependabot.com/lsegal/yard/issues/1176)). > > # [0.9.15] - July 17th, 2018 > > [0.9.15]: https://github.com/lsegal/yard/compare/v0.9.14...v0.9.15 > > - Fixed security issue in parsing of Ruby code that could allow for arbitrary > execution. Credit to Nelson ElhageCommits
- [`12f56cf`](https://github.com/lsegal/yard/commit/12f56cf7d58e7025085f00b9f9f2f62c24b13d93) Tag release v0.9.19 - [`6205335`](https://github.com/lsegal/yard/commit/6205335fd58d063f8d1d4e6b5833b2ca8de6c687) Update dockerfile.samus - [`1303dbc`](https://github.com/lsegal/yard/commit/1303dbccec6a4b00b84ff2ee1ca3bf291f0ce58f) Use credentials in git push - [`a008d07`](https://github.com/lsegal/yard/commit/a008d079c1365b83cdd2425cbd9ae0f37228d25e) Fix timezone handling issue in Samus - [`350c064`](https://github.com/lsegal/yard/commit/350c064e44dd88945e60788fe795f2a02143d9c4) Add changelog-rotate command to samus config - [`f16df91`](https://github.com/lsegal/yard/commit/f16df91a2680eacf48209e403d7e7ea77f3d740c) Remove unused Samus action - [`c29fb92`](https://github.com/lsegal/yard/commit/c29fb9207314fe7d35d69845887ef013b61b63e8) Use skip-restore in docker build - [`88c6015`](https://github.com/lsegal/yard/commit/88c60154ecb167055c46399b4a5bedaf666d1989) Update samus dependency - [`add8ea9`](https://github.com/lsegal/yard/commit/add8ea9240fdd675e72d2a90a1d10b5aa8a6cc80) Ignore doc and .yardoc directories - [`526adba`](https://github.com/lsegal/yard/commit/526adbac8862135d255b463021c46d2f91206375) Use Samus 3.x to build - Additional commits viewable in [compare view](https://github.com/lsegal/yard/compare/v0.8.6.2...v0.9.19)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.