tumbleweed_gdax

tumbleweed_gdax copied to clipboard

Bumps [globalid](https://github.com/rails/globalid) from 0.4.2 to 1.0.1. Release notes Sourced from globalid's releases. v1.0.1 Possible ReDoS based DoS vulnerability in GlobalID There is a ReDoS based DoS vulnerability in the GlobalID...

dependabot[bot]

Bumps [active_attr](https://github.com/cgriego/active_attr) from 0.13.0 to 0.15.4. Changelog Sourced from active_attr's changelog. ActiveAttr 0.15.3 (December 16, 2021) ActiveAttr now supports Rails 7.0 (Steve Hoeksema) ActiveAttr 0.15.3 (April 12, 2021) #185 Fixed...

dependabot[bot]

Bumps [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer) from 1.0.4 to 1.4.4. Release notes Sourced from rails-html-sanitizer's releases. 1.4.4 / 2022-12-13 Address inefficient regular expression complexity with certain configurations of Rails::Html::Sanitizer. Fixes CVE-2022-23517. See GHSA-5x79-w82f-gw8w for...

dependabot[bot]

Bumps [loofah](https://github.com/flavorjones/loofah) from 2.2.3 to 2.19.1. Release notes Sourced from loofah's releases. 2.19.1 / 2022-12-13 Security Address CVE-2022-23514, inefficient regular expression complexity. See GHSA-486f-hjj9-9vhh for more information. Address CVE-2022-23515, improper...

dependabot[bot]

Bumps [sinatra](https://github.com/sinatra/sinatra) from 2.0.5 to 2.2.3. Changelog Sourced from sinatra's changelog. 2.2.3 / 2022-11-25 Fix: Escape filename in the Content-Disposition header. #1841 by Kunpei Sakai Fix: fixed ReDoS for Rack::Protection::IPSpoofing....

dependabot[bot]

Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.4 to 1.13.9. Release notes Sourced from nokogiri's releases. 1.13.9 / 2022-10-18 Security [CRuby] Vendored libxml2 is updated to address CVE-2022-2309, CVE-2022-40304, and CVE-2022-40303. See GHSA-2qc6-mcvw-92cw for...

dependabot[bot]

Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.6.0 to 2.8.1. Changelog Sourced from addressable's changelog. Addressable 2.8.1 refactor Addressable::URI.normalize_path to address linter offenses (#430) remove redundant colon in Addressable::URI::CharacterClasses::AUTHORITY regex (#438) update gemspec to...

dependabot[bot]

Bumps [tzinfo](https://github.com/tzinfo/tzinfo) from 1.2.5 to 1.2.10. Release notes Sourced from tzinfo's releases. v1.2.10 Fixed a relative path traversal bug that could cause arbitrary files to be loaded with require when...

dependabot[bot]

Bumps [puma](https://github.com/puma/puma) from 3.12.1 to 4.3.12. Release notes Sourced from puma's releases. 4.3.12 Security Close several HTTP Request Smuggling exploits (CVE-2022-24790) 4.3.11 Bugfix/Security Response body will always be closed. (GHSA-rmj8-8hhh-gv5h,...

dependabot[bot]

Bumps [em-http-request](https://github.com/igrigorik/em-http-request) from 1.1.5 to 1.1.7. Commits d97d572 bump to 1.1.7 157d5ff don't warn about TLS host verification when verify_peer is explicitly false (... 4d69fac release 1.1.6 a91c0f1 IPv6 literal...

dependabot[bot]