search

xmppo / xmpp-webhook

Multipurpose XMPP-Webhook (Built for DevOps Alerts)
https://github.com/xmppo/xmpp-webhook
MIT License
22 stars 8 forks source link

Bump mellium.im/xmpp from 0.18.0 to 0.21.2 #29

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps mellium.im/xmpp from 0.18.0 to 0.21.2.

Release notes

Sourced from mellium.im/xmpp's releases.

v0.21.2

Added

Deprecated

  • compress: the compress package has been deprecated and copied to the legacy module as legacy/compress, it will be removed entirely in a future release

Fixed

  • websocket: rewrote WebSocket discovery to remove TXT record lookups and fix broken XRD file lookups
  • pubsub: the IQ passed in by the user was not respected in DeleteIQ
  • mux: fix a possible crash if a whitespace keepalive is encountered

All Changes: https://github.com/mellium/xmpp/compare/v0.21.1...v0.21.2

v0.21.1

This release contains a fix for a security issue in the websocket package. The issue has been assigned CVE ID CVE-2022-24968.

v0.21.0

Breaking

  • xmpp: the deprecated methods InSID and OutSID have been dropped in favor of In and Out

Added:

... (truncated)

Changelog

Sourced from mellium.im/xmpp's changelog.

v0.21.2 — 2022-04-07

Added

Deprecated

  • compress: the compress package has been deprecated and copied to the legacy module as legacy/compress, it will be removed entirely in a future release

Fixed

  • websocket: rewrote WebSocket discovery to remove TXT record lookups and fix broken XRD file lookups
  • pubsub: the IQ passed in by the user was not respected in DeleteIQ
  • mux: fix a possible crash if a whitespace keepalive is encountered

v0.21.1 — 2022-02-11

Security

  • websocket: fix an issue where the wrong hostname was validated in connections made after looking up DNS TXT records, resulting in a potential MITM. A CVE has been issued with the id CVE-2022-24968.

v0.21.0 — 2022-02-08

... (truncated)

Commits
  • c43e76b all: release v0.21.2
  • 4978d7d internal/integration/prosody: replace mod_bidi
  • 140374d examples: make all examples a single module
  • b1ce400 docs: add list of features to readme
  • d3829dd compress: update to use legacy module
  • e5a43e7 xmpp: bump targeted Go version to 1.17
  • b5c761d form: remove reference to for loop variable
  • 00fda2e form: add ability to get drop-down options
  • 3b43ccd stanza: implement default message type
  • e207100 compress: mark package as deprecated
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 2 years ago

Superseded by #30.