automate
automate copied to clipboard
chef
Bump rack from 2.2.3 to 2.2.6.4 in /components/compliance-service/smokin
Bumps rack from 2.2.3 to 2.2.6.4.
Changelog
Sourced from rack's changelog.
Changelog
All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.
[3.0.7] - 2023-03-16
- Make query parameters without
=havenilvalues. (#2059, [@jeremyevans])[3.0.6.1] - 2023-03-13
- [CVE-2023-27539] Avoid ReDoS in header parsing
[3.0.6] - 2023-03-13
- Add
QueryParser#missing_valuefor handling missing values + tests. (#2052, [@ioquatix])[3.0.5] - 2023-03-13
- Split form/query parsing into two steps. (#2038,
@matthewd)[3.0.4.1] - 2023-03-02
SPEC Changes
rack.inputis now optional. (#1997, [@ioquatix])Changed
rack.inputis now optional, and if missing, will raise an error. Use this to fail on multipart parsing a request without an input body. (#2018, [@ioquatix])- Introduce
module Rack::BadRequestwhich is included in multipart and query parser errors. (#2019, [@ioquatix])- MIME type for JavaScript files (
.js) changed fromapplication/javascripttotext/javascript(1bd0f15)- Add
.mjsMIME type (#2057, [@axilleas])[3.0.4.1] - 2023-01-17
- [CVE-2022-44571] Fix ReDoS vulnerability in multipart parser
- [CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges
- [CVE-2022-44572] Forbid control characters in attributes (also ReDoS)
[3.0.4] - 2023-01-17
Rack::Request#POSTshould consistently raise errors. Cache errors that occur when invokingRack::Request#POSTso they can be raised again later. (#2010, [@ioquatix])- Fix
Rack::Linterror message forHTTP_CONTENT_TYPEandHTTP_CONTENT_LENGTH. (#2007,@byroot)- Extend
Rack::MethodOverrideto handleQueryParser::ParamsTooDeepErrorerror. (#2006,@byroot)[3.0.3] - 2022-12-27
Fixed
Rack::URLMapuses non-deprecated form ofRegexp.new. (#1998,@weizheheng)
... (truncated)
Commits
27addc7bump versionee7919eAvoid ReDoS problemd6b5b2bbump version9aac375Limit all multipart parts, not just files2606ac5bumping versionf6d4f52Fix ReDoS in Rack::Utils.get_byte_ranges20bc90cbump version3677f17Update changelogee25ab9Fix ReDoS vulnerability in multipart parser19e49f0Forbid control characters in attributes- Additional commits viewable in compare view
You can trigger a rebase of this PR by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labelswill set the current labels as the default for future PRs for this repo and language@dependabot use these reviewerswill set the current reviewers as the default for future PRs for this repo and language@dependabot use these assigneeswill set the current assignees as the default for future PRs for this repo and language@dependabot use this milestonewill set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}
Deploy Preview for chef-automate processing.
| Name | Link |
|---|---|
| Latest commit | dee4620f84758da9be4896af17cae63e6b05d3ad |
| Latest deploy log | https://app.netlify.com/sites/chef-automate/deploys/6412b39541a3750008d3c959 |
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}
Deploy Preview for chef-automate processing.
| Name | Link |
|---|---|
| Latest commit | 14d0ee441f47b3129a58ef9fc37975d7d6acd573 |
| Latest deploy log | https://app.netlify.com/sites/chef-automate/deploys/6594feed1bcd920008a53630 |
SonarQube Quality Gate
0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells
No Coverage information
No Duplication information
![sonarqube-for-infrastructure-prod[bot] avatar](https://avatars.githubusercontent.com/in/285599?v=4 "Published by a pub.dev verified publisher"){kind=small}
A newer version of rack exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.