Automated Bundle Update #8
Conversation
| @@ -13,9 +13,9 @@ GEM | |||
| execjs | |||
| coffee-script-source (1.11.1) | |||
| colorator (1.1.0) | |||
| commonmarker (0.17.11) | |||
| commonmarker (0.17.13) | |||
There was a problem hiding this comment.
commonmarker
Patch version upgrade 📈🔹 0.17.11 → 0.17.13
[change-log, source-code]
Commits
A change of 6 commits. See the full changes on the compare page.
These are the individual commits:
- (a922188) grab header/define fixes (#76)
- (daca2e2) Update cmark-upstream to https://github.com/github/cmark/com…
- (3d0dae3) Merge pull request #78 from gjtorikian/bump-cmark-upstream
- (d078e5e) 💎 bump to 0.17.12
- (ea55a21) bump to cmark-gfm 0.28.3.gfm.16 (#79)
- (c909c38) 💎 bump to 0.17.13
| ruby-enum (~> 0.5) | ||
| concurrent-ruby (1.0.5) | ||
| concurrent-ruby (1.1.4) |
There was a problem hiding this comment.
concurrent-ruby
Minor version upgrade 📈🔶 1.0.5 → 1.1.4
[change-log, source-code]
Commits
A change of 286 commits. See the full changes on the compare page.
These are the first 10 commits:
- (ce45053) Examples: Try to make sentence read clearer
- (b6c648c) Misspellings
- (d3ce358) Merge pull request #673 from olleolleolle/patch-3
- (f75d5b2) Merge branch 'master' into fix/misspellings
- (01f5397) RSpec - avoid monkey patching
- (bb087da) bumping ruby version on travis yaml file
- (cf1e262) Actor spec: avoid RSpec warnings
- (7f84d02) fixed_thread_pool_spec.rb: Avoid RSpec warning
- (c37e70f) Fix issue in test: raise_error had hidden an error
- (a052e7c) Dataflow spec: avoid RSpec warning
| @@ -25,20 +25,20 @@ GEM | |||
| ffi (>= 1.3.0) | |||
| eventmachine (1.2.7) | |||
| execjs (2.7.0) | |||
| faraday (0.15.2) | |||
| faraday (0.15.4) | |||
There was a problem hiding this comment.
faraday
Patch version upgrade 📈🔹 0.15.2 → 0.15.4
[change-log, source-code]
Commits
A change of 8 commits. See the full changes on the compare page.
These are the individual commits:
- (f08a985) Make Faraday::Request serialisable with Marshal. (#803)
- (f26a8d6) Add DEFAULT_EXCEPTIONS constant to Request::Retry (#814)
- (9478d59) ISSUE_TEMPLATE: Fix a typo (#820)
- (e306bd6) Add support for Ruby 2.6 Net::HTTP write_timeout (#824)
- (81274c9) Version bump to 0.15.3
- (88de44e) Fix label name for contributing
- (f18a248) Expose
pool_sizeas a option for the NetHttpPersistent ada… - (1db9340) Version bump to 0.15.4
| multipart-post (>= 1.2, < 3) | ||
| ffi (1.9.25) | ||
| forwardable-extended (2.6.0) | ||
| gemoji (3.0.0) | ||
| github-pages (191) | ||
| github-pages (193) |
There was a problem hiding this comment.
github-pages
Major version upgrade 📈❗ 191 → 193
[change-log, source-code]
Commits
A change of 13 commits. See the full changes on the compare page.
These are the first 10 commits:
- (0646fcf) Update to Ruby 2.5.1
- (a767577) Upgrade to Ruby 2.5.1
- (dd5106e) Merge pull request #585 from github/ruby-2-5-1
- (2c04603) Bump jekyll 💎 to v3.7.4
- (73500ed) Merge pull request #590 from github/jekyll-v3-7-4
- (5bc41a9) Bump 💎 to v192
- (efa782b) Update jekyll-feed to version 0.11.0
- (19ab693) Ruby 2.5.3
- (454067a) Update Dockerfile to use Ruby 2.5.3
- (8b199c1) Merge pull request #594 from github/ruby-2-5-3
| @@ -81,13 +81,13 @@ GEM | |||
| octokit (~> 4.0) | |||
| public_suffix (~> 2.0) | |||
| typhoeus (~> 1.3) | |||
| html-pipeline (2.8.4) | |||
| html-pipeline (2.9.1) | |||
There was a problem hiding this comment.
html-pipeline
Minor version upgrade 📈🔶 2.8.4 → 2.9.1
[change-log, source-code]
Commits
A change of 8 commits. See the full changes on the compare page.
These are the individual commits:
- (dad664a) Add irc and ircs URL support
- (4385a51) Fix one more missing freeze
- (642e922) Merge pull request #300 from stanhu/sh-fix-one-more-freeze
- (92fce0d) Adds
UNSAFEoption to CommonMarker usage where needed - (e273878) Merge pull request #304 from jetpackworkflow/allow_commonmar…
- (f48c733) 💎 bump to 2.9.0
- (1031d93) Merge pull request #191 from frozencemetery/irc_urls
- (75516df) 💎 bump to 2.9.1
| activesupport (>= 2) | ||
| nokogiri (>= 1.4) | ||
| http_parser.rb (0.6.0) | ||
| i18n (0.9.5) | ||
| concurrent-ruby (~> 1.0) | ||
| jekyll (3.7.3) | ||
| jekyll (3.7.4) |
There was a problem hiding this comment.
jekyll
Patch version upgrade 📈🔹 3.7.3 → 3.7.4
[change-log, source-code]
Commits
A change of 10 commits. See the full changes on the compare page.
These are the individual commits:
- (2a679e7) Add failing tests for symlink check.
- (a8b91de) EntryFilter#filter: reject all symlinks, even if included
- (2c088e2) Update tests for EntryFilter#filter fix and add comments for…
- (35219a8) Fix fmt errors.
- (f5cd15c) Run this branch.
- (7f1faea) LayoutReader: skip tests if Windows
- (2025d12) Revert "Run this branch."
- (4108ddb) Merge pull request #7224 from jekyll/3.7-entryfilter-symlink…
- (bd70949) Release 💎 v3.7.4
- (07561b3) Release 💎 3.7.4
| @@ -114,7 +114,7 @@ GEM | |||
| rouge (~> 2) | |||
| jekyll-default-layout (0.1.4) | |||
| jekyll (~> 3.0) | |||
| jekyll-feed (0.10.0) | |||
| jekyll-feed (0.11.0) | |||
There was a problem hiding this comment.
jekyll-feed
Minor version upgrade 📈🔶 0.10.0 → 0.11.0
[change-log, source-code]
Commits
A change of 11 commits. See the full changes on the compare page.
These are the first 10 commits:
- (c4872ff) Require Ruby 2.3 (#222)
- (bdd6f1b) Update history to reflect merge of #222 [ci skip]
- (3b71b7e) Rubocop ~> 0.57.2
- (b85ef9a) Categories and collections (#228)
- (bf0b9c5) Update history to reflect merge of #228 [ci skip]
- (b5c5d7f) Remove check for older version of Jekyll (#234)
- (294b131) Update history to reflect merge of #234 [ci skip]
- (2a82f18) Refactor to remove redundant calls and variables (#240)
- (098c741) Update history to reflect merge of #240 [ci skip]
- (e255f2d) Release 💎 0.11 (#241)
| @@ -185,7 +185,7 @@ GEM | |||
| jekyll-seo-tag (~> 2.0) | |||
| jekyll-titles-from-headings (0.5.1) | |||
| jekyll (~> 3.3) | |||
| jekyll-watch (2.0.0) | |||
| jekyll-watch (2.1.2) | |||
There was a problem hiding this comment.
jekyll-watch
Minor version upgrade 📈🔶 2.0.0 → 2.1.2
[change-log, source-code]
Commits
A change of 26 commits. See the full changes on the compare page.
These are the first 10 commits:
- (270833b) Update History.markdown
- (f4cec8f) Update Copyright notice
- (9faa43b) Merge pull request #60 from jekyll/copyright-notice
- (bc4f3ef) Update LICENSE.txt
- (431c45f) Test against Ruby 2.5 (#62)
- (45fb7fd) Update history to reflect merge of #62 [ci skip]
- (b21b016) Use Rubocop w/ config inherited from Jekyll-3.8.0
- (ceefaea) Fix failing Travis build on Ruby 2.5
- (1cce1d0) Merge pull request #66 from ashmaroli/bump-rubocop
- (9dfae4f) Merge pull request #67 from ashmaroli/travis-ruby-25
| @@ -198,30 +198,30 @@ GEM | |||
| rb-inotify (~> 0.9, >= 0.9.7) | |||
| ruby_dep (~> 1.2) | |||
| mercenary (0.3.6) | |||
| mini_portile2 (2.3.0) | |||
| mini_portile2 (2.4.0) | |||
There was a problem hiding this comment.
mini_portile2
Minor version upgrade 📈🔶 2.3.0 → 2.4.0
[change-log, source-code]
Commits
A change of 10 commits. See the full changes on the compare page.
These are the individual commits:
- (4fef7ad) convert to using windows-ruby-dev-tools-release
- (f0f6b7d) concourse: test most-recent two rubies
- (82af422) update test:examples to libiconv 1.15
- (a9fd589) Skip progress report when Content-Length is unavailable
- (ede15b9) Make version in changelog fit release version.
- (51f5ac4) Merge pull request #87 from halfbyte/patch-1
- (ce0e270) Merge pull request #86 from eagletmt/skip-progress-when-chun…
- (9e699c6) update dev dependencies
- (2499fcb) update CHANGELOG in preparation for v2.4.0
- (cf441e5) version bump to v2.4.0
| nokogiri (1.8.4) | ||
| mini_portile2 (~> 2.3.0) | ||
| octokit (4.10.0) | ||
| nokogiri (1.9.1) |
There was a problem hiding this comment.
nokogiri
Minor version upgrade 📈🔶 1.8.4 → 1.9.1
[change-log, source-code]
🎉 Patched vulnerabilities:
-
CVE-2018-14404
Nokogiri gem, via libxml2, is affected by multiple vulnerabilitiesURL: Investigate Ubuntu libxml2 patches in USN-3739-1 and USN-3739-2 sparklemotion/nokogiri#1785
Nokogiri 1.8.5 has been released. This is a security and bugfix release. It addresses two CVEs in upstream libxml2 rated as "medium" by Red Hat, for which details are below. If you're using your distro's system libraries, rather than Nokogiri's vendored libraries, there's no security need to upgrade at this time, though you may want to check with your distro whether they've patched this (Canonical has patched Ubuntu packages). Note that these patches are not yet (as of 2018-10-04) in an upstream release of libxml2. Full details about the security update are available in Github Issue #1785. [#1785]: Investigate Ubuntu libxml2 patches in USN-3739-1 and USN-3739-2 sparklemotion/nokogiri#1785 ----- [MRI] Pulled in upstream patches from libxml2 that address CVE-2018-14404 and CVE-2018-14567. Full details are available in #1785. Note that these patches are not yet (as of 2018-10-04) in an upstream release of libxml2. ----- CVE-2018-14404 Permalink: https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14404.html Description: A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application Canonical rates this vulnerability as "Priority: Medium" ----- CVE-2018-14567 Permalink: https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14567.html Description: infinite loop in LZMA decompression Canonical rates this vulnerability as "Priority: Medium"
Commits
A change of 92 commits. See the full changes on the compare page.
These are the first 10 commits:
- (91a63d5) add tests for pkg-config failure scenario
- (b3750eb) remove
-WextraCFLAG - (862b88f) changelog
- (c232226) changelog
- (5bff4bb) pull in upstream libxml2 patches
- (7b8cd0f) Merge pull request #1786 from sparklemotion/1785-canonical-u…
- (1697442) Allow reparenting nodes to be a child of an empty document.
- (7cc6cf6) Organize imports in XmlNode.java.
- (7feb4c1) Merge branch 'fix-1773'
- (712edef) update changelog
| octokit (4.10.0) | ||
| nokogiri (1.9.1) | ||
| mini_portile2 (~> 2.4.0) | ||
| octokit (4.13.0) |
There was a problem hiding this comment.
octokit
Minor version upgrade 📈🔶 4.10.0 → 4.13.0
[change-log, source-code]
Commits
A change of 93 commits. See the full changes on the compare page.
These are the first 10 commits:
- (0fc1f3f) Add support for Community Profile API
- (e2b6b38) Adds finders for app installations
- (a31a93c) Adds finders for app installations
- (45a9c05) Merge branch 'app-installation-finders' of github.com:codesh…
- (0a40fcd) Add in note about require
- (f5c5951) Tests for app installation finders
- (e5fa719) Remove the :name key from #add_team_repository request
- (3eb1e97) Merge pull request #1054 from BenEmdon/fix-add_team_reposito…
- (9a2c2a8) Use new app installation token endpoint
- (4f65885) Use a modern version of Bundler on Ruby 2.0.0 box
| sawyer (~> 0.8.0, >= 0.5.3) | ||
| pathutil (0.16.1) | ||
| pathutil (0.16.2) |
There was a problem hiding this comment.
pathutil
Patch version upgrade 📈🔹 0.16.1 → 0.16.2
[change-log, source-code]
Commits
A change of 8 commits. See the full changes on the compare page.
These are the individual commits:
- (5976f2a) Update the Gitignore.
- (ff19319) Fix deprecation with RubyGems.
- (e34c06f) Sync development files.
- (376ea32) Add Pathname.
- (4ec47fd) Update .travis.yml
- (372ef53) Fix Benchmarking.
- (99f3d30) Bring back Ruby 2.5 compatibility.
- (87ffd53) 📦 v0.16.2
| forwardable-extended (~> 2.6) | ||
| public_suffix (2.0.5) | ||
| rb-fsevent (0.10.3) | ||
| rb-inotify (0.9.10) | ||
| ffi (>= 0.5.0, < 2) | ||
| rb-inotify (0.10.0) |
There was a problem hiding this comment.
rb-inotify
Minor version upgrade 📈🔶 0.9.10 → 0.10.0
[change-log, source-code]
Commits
A change of 23 commits. See the full changes on the compare page.
These are the first 10 commits:
- (fe43f15) Fix skipped tests logic in Rakefile
- (dec229c) Add install test on Travis
- (e3f572c) Drop all unsupported ruby versions
- (20e1a1a) Try to run the guard specs too
- (0b211c8) Run listen specs as well
- (08364bc) Merge pull request #74 from matthewd/bump-ruby-more
- (8472924) Merge pull request #77 from matthewd/travis-guard
- (1c7bf20) Add some initial tests of the Notifier API
- (9586290) Use native ruby IO objects on JRuby too
- (08fe2db) Merge pull request #78 from matthewd/java-native
| rouge (2.2.1) | ||
| ruby-enum (0.7.2) | ||
| i18n | ||
| ruby_dep (1.5.0) | ||
| rubyzip (1.2.1) | ||
| rubyzip (1.2.2) |
There was a problem hiding this comment.
rubyzip
Patch version upgrade 📈🔹 1.2.1 → 1.2.2
[change-log, source-code]
🎉 Patched vulnerabilities:
-
CVE-2018-1000544
Directory Traversal in rubyzipURL: Several directory traversal vulnerabilities rubyzip/rubyzip#369
rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. If a site allows uploading of .zip files, an attacker can upload a malicious file which contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem.
Commits
A change of 54 commits. See the full changes on the compare page.
These are the first 10 commits:
- (722ee6e) File.join() is our friend for joining paths
- (258ef02) Save temporary files to a temporary directory
- (d80e720) Add rubocop dependency and correct settings
- (9bfc52b) Disable Style/MutableConstant because existent code relies o…
- (cf91112) Apply automatic correction by rubocop
- (41fcf0a) Merge pull request #332 from aeroastro/feature/rubocop-updat…
- (fc83680) Merge pull request #321 from gaurish/patch-1
- (3c0de6c) Make naming on README more consistent
- (a9f020c) add option to force entry names encoding
- (deb6616) Merge branch 'master' into force-entry-names-encoding-option
| safe_yaml (1.0.4) | ||
| sass (3.5.7) | ||
| sass (3.7.2) |
There was a problem hiding this comment.
sass
Minor version upgrade 📈🔶 3.5.7 → 3.7.2
[change-log, source-code]
Commits
A change of 34 commits. See the full changes on the compare page.
These are the first 10 commits:
- (ad7760a) Add support for _index files (#2456)
- (4588331) Merge branch 'stable' into next
- (609183e) Merge branch 'stable' into next
- (c7a91e8) Merge branch 'stable' into next
- (8d70c2c) Merge branch 'stable' into next
- (4e2e1cd) Parse hex colors with alpha channels
- (987aa68) Remove tests that assumed four-digit hex colors were invalid
- (c75bb8d) Fetch the pull request number using @sassbot's credentials
- (d7d485e) Look for pull requests in the correct repository
- (06661cc) Merge pull request #67 from sass/alpha-hex
| @@ -232,7 +232,7 @@ GEM | |||
| terminal-table (1.8.0) | |||
| unicode-display_width (~> 1.1, >= 1.1.1) | |||
| thread_safe (0.3.6) | |||
| typhoeus (1.3.0) | |||
| typhoeus (1.3.1) | |||
There was a problem hiding this comment.
typhoeus
Patch version upgrade 📈🔹 1.3.0 → 1.3.1
[change-log, source-code]
Commits
A change of 28 commits. See the full changes on the compare page.
These are the first 10 commits:
- (5f57ac1) Add note to the readme about :abort stream feature
- (04253b1) Merge pull request #577 from jarthod/add-readme-notes-about-…
- (be62451) Add missing require for DelegateClass
- (8485e33) Merge pull request #588 from typhoeus/add-missing-require
- (44002e5) Check Responses Return code
- (e5d6a78) Take mocks into account
- (fa7691d) Merge pull request #591 from kwasimensah/patch-1
- (82fcec6) Docs - Update Request::Actions rdoc
- (fc089ea) Merge pull request #598 from theoretick/patch-1
- (c790ca0) add on_progress callback
Gems brought up-to-date with ❤️ by Unwrappr.
See individual annotations below for details.