🚨 [security] Update sinatra: 2.2.0 → 2.2.3 (patch) #267
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ sinatra (2.2.0 → 2.2.3) · Repo · Changelog
Security Advisories 🚨
🚨 Sinatra vulnerable to Reflected File Download attack
Release Notes
2.2.3 (from changelog)
2.2.2 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
✳️ rack (2.2.3 → 2.2.4) · Repo · Changelog
Security Advisories 🚨
🚨 Denial of Service Vulnerability in Rack Multipart Parsing
🚨 Possible shell escape sequence injection vulnerability in Rack
Commits
See the full diff on Github. The new version differs by 18 commits:
fixup changelog
bump version
Better handling of case-insensitive headers for `Rack::Etag` middleware. (#1919)
Add 'custom exception on params too deep error' change to CHANGELOG. (#1914)
Expect additional optional version segment in version test. (#1913)
Merge branch '2-2-sec' into 2-2-stable
update changelog
bump version
Escape untrusted text when logging
Restrict broken mime parsing
Ensure Rack::QueryParser::ParamsTooDeepError is inherited from RangeError. (#1864)
Add Ruby 2.3 compatibility for tests, add Ruby 2.3 to CI. (#1863)
Merge pull request #1839 from RubyElders/2-2-stable-ci
Replace CircleCI with GitHub Actions.
Newer rubies spec compatibility.
Merge pull request #1838 from RubyElders/custom-range-exception-2-2
Use custom exception on params too deep error.
Don't ary.inspect in the lint assertions (backport) (#1765)
Commits
See the full diff on Github. The new version differs by 64 commits:
Bump version to 2.0.2
Merge pull request #134 from magni-/pp/ruby-3.2-fix
Don't call #=~ on objects that don't respond to it
Update Node.parse parameter definition to work in Ruby 3.2
Test on Ruby@head as well
Bump version to 2.0.1
Merge pull request #129 from dentarg/improve-ci
Test with Ruby 2.2 to 2.5
Allow JRuby to fail, as it isn't supported yet
Bump actions/checkout
Set a resonable timeout for CI
Run CI on all branches
Remove superfluous comments
Merge pull request #132 from eregon/ci-no-fail-fast
Only use coverage on CRuby
Do not cancel other CI jobs when one fails
Merge pull request #131 from eregon/truffleruby-ci
Merge pull request #130 from eregon/fix-ruby2_keywords-usage
Fix usage of PP in tests
Add TruffleRuby in CI
Fix usage of ruby2_keywords, only use it for blocks which delegate
Bump version to 2.0
Merge pull request #127 from sinatra/fix-circular-dependency
Fix circular dependency warning
Merge pull request #126 from sinatra/ruby3-support
Update code climate badge
Fix issue with Ruby 3 keyword arguments
Merge pull request #116 from epergo/ep/remove-sinatra-extension
Merge pull request #120 from olleolleolle/patch-2
Merge pull request #121 from olleolleolle/patch-3
Merge pull request #123 from mishina2228/show-ci-results
Bump version to v1.1.2
Pin simplecov to ~> 0.17.0
Add jruby 9.3 to CI
Merge pull request #119 from olleolleolle/patch-1
Merge pull request #124 from mishina2228/update-document-for-edge-version
Update doc for using the edge version [ci skip]
Remove `--tty` option to show test results
Merge pull request #122 from michal-granec/handle-frozen-string-literal
Use String.new instead of quotes #110
Drop "executables" directive from mustermann
Drop "executables" directive from gemspec
CI: Add Ruby 3.1 to build matrix
Remove extension for Sinatra
update build status badge
Merge pull request #117 from namusyaka/actions
delete .travis.yml
switch ci from travis to GitHub Actions
Merge pull request #111 from olleolleolle/patch-1
Merge pull request #113 from olleolleolle/patch-3
Merge pull request #112 from olleolleolle/patch-2
Merge pull request #115 from epergo/ep/remove-redcarpet-dependency
Remove redcarpet dependency as it not being used
CI: Drop EOL'd Ruby versions
CI: Allow 3.0&JRuby to fail, shorthand Ruby names
CI: Update patch versions of Ruby in the matrix
Avoid "deprecated Object#=~ is called on Integer"
CI: sudo: false is a noop, now
Merge pull request #109 from nateberkopec/patch-1
Update/reword Ruby version support
Merge pull request #108 from olleolleolle/patch-1
README: Drop defunct badge for gemnasium
YARD: avoid redundant @see braces
Update mustermann.rb
Release Notes
2.2.3 (from changelog)
2.2.2 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
2.0.11 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 23 commits:
v2.0.11
Update CHANGELOG
GitHub Workflow: Be consistent in variable formatting
GitHub Workflow: Add title for the different variations
Work around heredoc line number bug in tests
Gemfile: Only load one of RDiscount and BlueCloth
Gemfile: Remove support for 1.9
WikiCloth: Use rinku for auto-linking in tests
Pandoc: Make footnote test less specific
Pandoc: Handle the new way of specifying smartypants
CommonMarker: Remove test for options
AsciiDoctor: Remove test for deprecated docbook45
Initial GitHub Actions support
Update .travis.yml
Sass: Support sass-embedded gem
Add Tilt::EmacsOrg support
Allow all options available in CommonMarker
Fix Ruby 3.0 compatibility.
GitHub is HTTPS by default
Update .travis.yml
Fix markdown documentation 404
Fix #extensions_for for RedcarpetTemplate
Handle rendering BasicObject instances
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase
.All Depfu comment commands