slovensko-digital / harvester.ecosystem

App for pushing data to ekosystem.slovensko.digital
https://ekosystem.slovensko.digital
European Union Public License 1.1
20 stars 5 forks source link

Bump rack from 2.0.5 to 2.0.7 #48

Closed dependabot[bot] closed 4 years ago

dependabot[bot] commented 4 years ago

Bumps rack from 2.0.5 to 2.0.7.

Changelog *Sourced from [rack's changelog](https://github.com/rack/rack/blob/master/CHANGELOG.md).* > ## [2.0.7] - 2019-04-02 > > ### Fixed > > - Remove calls to `#eof?` on Rack input in `Multipart::Parser`, as this breaks the specification. ([@​matthewd](https://github.com/matthewd)) > - Preserve forwarded IP addresses for trusted proxy chains. ([@​SamSaffron](https://github.com/SamSaffron)) > > ## [2.0.6] - 2018-11-05 > > ### Fixed > > - [[CVE-2018-16470](https://nvd.nist.gov/vuln/detail/CVE-2018-16470)] Reduce buffer size of `Multipart::Parser` to avoid pathological parsing. ([@​tenderlove](https://github.com/tenderlove)) > - Fix a call to a non-existing method `#accepts_html` in the `ShowExceptions` middleware. ([@​tomelm](https://github.com/tomelm)) > - [[CVE-2018-16471](https://nvd.nist.gov/vuln/detail/CVE-2018-16471)] Whitelist HTTP and HTTPS schemes in `Request#scheme` to prevent a possible XSS attack. ([@​PatrickTulskie](https://github.com/PatrickTulskie))
Commits - [`7fb95db`](https://github.com/rack/rack/commit/7fb95dbec28dc70f3cfbba0a684db0735d8ab2ca) Bumping to 2.0.7 for release - [`ea57610`](https://github.com/rack/rack/commit/ea576109c1b9fd444e6f0e728f8db74c33786674) Merge pull request [#1343](https://github-redirect.dependabot.com/rack/rack/issues/1343) from larsxschneider/ls/forward-fix - [`1bf2188`](https://github.com/rack/rack/commit/1bf218818502e820192a41c4da61aa0b0b6109af) Preserve forwarded IP address for trusted proxy chains - [`cb1fdb6`](https://github.com/rack/rack/commit/cb1fdb600bc525258b3c34ea95f1598ee6def9c6) Merge pull request [#1201](https://github-redirect.dependabot.com/rack/rack/issues/1201) from janko-m/make-multipart-parsing-work-for-chunked... - [`8376dd1`](https://github.com/rack/rack/commit/8376dd11e6526a53432ee59b7a5d092bda9fc901) Bumping version for release - [`313dd6a`](https://github.com/rack/rack/commit/313dd6a05a5924ed6c82072299c53fed09e39ae7) Whitelist http/https schemes - [`37c1160`](https://github.com/rack/rack/commit/37c1160b2360074d20858792f23a7eb3afeabebd) Reduce buffer size to avoid pathological parsing - [`99fea65`](https://github.com/rack/rack/commit/99fea65cc04eaaad8e59b1a78440a2616e0dc55a) Merge tag '2.0.5' into 2-0-stable - [`216b7ca`](https://github.com/rack/rack/commit/216b7cad1baa65ba1213ae51c85776928d6e2d86) Merge pull request [#1296](https://github-redirect.dependabot.com/rack/rack/issues/1296) from tomelm/fix-prefers-plaintext - See full diff in [compare view](https://github.com/rack/rack/compare/2.0.5...2.0.7)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/slovensko-digital/harvester.ecosystem/network/alerts).