🚨 [security] Update better_errors: 2.5.1 → 2.9.1 (minor) #116
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ better_errors (2.5.1 → 2.9.1) · Repo · Changelog
Security Advisories 🚨
🚨 Older releases of better_errors open to Cross-Site Request Forgery attack
Release Notes
2.9.1
2.9.0
2.8.3
2.8.2
2.8.1
2.8.0
2.7.1
2.7.0
2.6.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
1.1.3
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 56 commits:
bump version
like this?
trying to fix tests for 1.9.3
add changelog
Merge pull request #246 from deivid-rodriguez/fix_rubygems_deprecation
Fix rubygems deprecation
don't load simplecov on Ruby 1.8.7
Merge branch 'extend-specs'
merge coverage
Merge pull request #243 from rubychan/extend-specs
add simple spec for CodeRay.scan
disable specs for Ruby 1.8.7
maybe like this?
reorder gems
also test with 2.7.0-preview3
also disable for Ruby 1.8.7
actually, we only need to disable SimpleCov
fix tests for Ruby 2.3
add spec for CodeRay.coderay_path
fix tests for Ruby Enterprise Edition?
add SimpleCov
still not loaded?
fix load path
run specs on rake test
add RSpec
enforce UselessAccessModifier
fix spaces around operators (RuboCop)
fix spaces in JSONEncoderTest
tunr off maintainability checks
enforce RuboCop version
tweaks to RuboCop config
enfore SpaceAroundOperators
try setting up code climate test coverage
Update README.markdown
not available on CodeClimate
start using RuboCop
reorder gems
fix heredoc indentation
remove .codeclimate.yml
add CodeClimate config
apparently, 1.8.7 fails on Travis?
update changelog
Merge branch 'master' of github.com:rubychan/coderay
Merge pull request #229 from dfa1/java10-support
remove defunct Gemnasium badge
add numeric to SQL types
Merge pull request #227 from junaruga/hotfix/not-reached-statement
Merge pull request #233 from junaruga/hotfix/ruby26-expression-enumerator
Add Ruby 2.6 fixing issues
support for special type 'var'
Remove the statement that is not always reached.
tweak list of rubies to test
test with ruby 2.5, too
trying to fix tests for Ruby 2.4
backport .gitignore from dsl branch
port a few tweaks from dsl branch
Release Notes
1.10.0 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 22 commits:
Bump version to 1.10.0
Enable branch coverage when testing
Move <% case above <%# and <%% cases as it is more common
Cover some rspace/lspace branches in CaptureEndEngine
Test <%= tailch rspace branch and src ending with newline branch
Remove unnecessary line
Remove unnecessary branch
Adjust nocov markings
Don't call add_text with nil
Fix regression where only first backslash/apostrophe was escaped
Improve template parsing, mostly by reducing allocations
Do not ship tests in the gem, reducing gem size about 20%
Start testing Ruby 2.7 on Travis
Update copyright year
Add nocov markers
Make spec_w task use warning gem instead of egrep for filtering
Improve rdoc formatting
Update CHANGELOG
Allow the literal prefix/postfix to be configured (Fixes #26, #27)
Refactor and simplify internals
Reduce memory usage when escaping text
Fix documentation of options bufval, bufvar in Erubi::Engine's initializer
Security Advisories 🚨
🚨 Percent-encoded cookies can be used to overwrite existing prefixed cookie names
🚨 Percent-encoded cookies can be used to overwrite existing prefixed cookie names
🚨 Directory traversal in Rack::Directory app bundled with Rack
🚨 Directory traversal in Rack::Directory app bundled with Rack
Release Notes
2.2.2 (from changelog)
2.2.1 (from changelog)
2.2.0 (from changelog)
2.1.2 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase
.All Depfu comment commands