frap

frap copied to clipboard

Bumps [globalid](https://github.com/rails/globalid) from 0.4.2 to 1.0.1. Release notes Sourced from globalid's releases. v1.0.1 Possible ReDoS based DoS vulnerability in GlobalID There is a ReDoS based DoS vulnerability in the GlobalID...

dependabot[bot]

Bumps [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer) from 1.2.0 to 1.4.4. Release notes Sourced from rails-html-sanitizer's releases. 1.4.4 / 2022-12-13 Address inefficient regular expression complexity with certain configurations of Rails::Html::Sanitizer. Fixes CVE-2022-23517. See GHSA-5x79-w82f-gw8w for...

dependabot[bot]

Bumps [loofah](https://github.com/flavorjones/loofah) from 2.2.3 to 2.19.1. Release notes Sourced from loofah's releases. 2.19.1 / 2022-12-13 Security Address CVE-2022-23514, inefficient regular expression complexity. See GHSA-486f-hjj9-9vhh for more information. Address CVE-2022-23515, improper...

dependabot[bot]

Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.4 to 1.13.9. Release notes Sourced from nokogiri's releases. 1.13.9 / 2022-10-18 Security [CRuby] Vendored libxml2 is updated to address CVE-2022-2309, CVE-2022-40304, and CVE-2022-40303. See GHSA-2qc6-mcvw-92cw for...

dependabot[bot]

Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.6.0 to 2.8.1. Changelog Sourced from addressable's changelog. Addressable 2.8.1 refactor Addressable::URI.normalize_path to address linter offenses (#430) remove redundant colon in Addressable::URI::CharacterClasses::AUTHORITY regex (#438) update gemspec to...

dependabot[bot]

Bumps [tzinfo](https://github.com/tzinfo/tzinfo) from 1.2.5 to 1.2.10. Release notes Sourced from tzinfo's releases. v1.2.10 Fixed a relative path traversal bug that could cause arbitrary files to be loaded with require when...

dependabot[bot]

Bumps [rack](https://github.com/rack/rack) from 2.0.7 to 2.2.3. Changelog Sourced from rack's changelog. Changelog All notable changes to this project will be documented in this file. For info on how to format...

dependabot[bot]

Bumps [websocket-extensions](https://github.com/faye/websocket-extensions-ruby) from 0.1.4 to 0.1.5. Changelog Sourced from websocket-extensions's changelog. 0.1.5 / 2020-06-02 Remove a ReDoS vulnerability in the header parser (CVE-2020-7663) Commits 8108e77 Bump version to 0.1.5 c36eb3e...

dependabot[bot]

Updates the requirements on [rake](https://github.com/ruby/rake) to permit the latest version. Changelog *Sourced from [rake's changelog](https://github.com/ruby/rake/blob/master/History.rdoc).* > === 13.0.1 > > ==== Bug fixes > > * Fixed bug: Reenabled task...

dependabot[bot]

V1 has been delayed a bit to fully investigate and test the new bloc implementation. I will keep this thread updated as I go. If there are any comments, please...

flippakitten