sec
sec copied to clipboard
EFForg
Security Education Companion
Bumps [puma](https://github.com/puma/puma) from 5.3.2 to 5.6.4. Release notes Sourced from puma's releases. 5.6.4 Security Close several HTTP Request Smuggling exploits (CVE-2022-24790) The 5.6.3 release was a mistake (released the wrong...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [minimist](https://github.com/substack/minimist) from 1.2.3 to 1.2.6. Commits 7efb22a 1.2.6 ef88b93 security notice for additional prototype pollution issue c2b9819 isConstructorOrProto adapted from PR bc8ecee test from prototype pollution PR aeb3e27 1.2.5...
Bumps [image_processing](https://github.com/janko/image_processing) from 1.12.1 to 1.12.2. Changelog Sourced from image_processing's changelog. 1.12.2 (2022-03-01) Prevent remote shell execution when using #apply with operations coming from user input (@janko) Commits 12e7cf5 Bump...
Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.7.0 to 2.8.0. **This update includes a security fix.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Regular Expression Denial of Service in Addressable templates Impact...
![dependabot-preview[bot] avatar](https://avatars.githubusercontent.com/in/2141?v=4 "dependabot-preview[bot] avatar"){kind=avatar}
Bumps [ua-parser-js](https://github.com/faisalman/ua-parser-js) from 0.7.17 to 0.7.28. **This update includes a security fix.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Regular Expression Denial of Service (ReDoS) in ua-parser-js ua-parser-js...
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.14 to 4.17.21. **This update includes security fixes.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Prototype Pollution in lodash Versions of lodash prior to 4.17.19...
From https://thoughtbot.com/blog/factory_bot: > As of the 4.9.0 releases of both factory_girl and factory_girl_rails, both gems will be officially deprecated. In the 4.9.0 version, while no functionality is changed, you’ll receive...
