-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
π¨ [security] Update rexml 3.3.2 β 3.3.4 (patch) #39
Conversation
Codecov ReportAll modified and coverable lines are covered by tests β
Additional details and impacted files@@ Coverage Diff @@
## main #39 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 16 16
Lines 362 362
=========================================
Hits 362 362 β View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@depfu merge
392a1a1
to
80ba0a9
Compare
Quality Gate passedIssues Measures |
Sorry, but Depfu wasn't able to merge this PR. An error has been logged and we'll take a look at it. |
2 similar comments
Sorry, but Depfu wasn't able to merge this PR. An error has been logged and we'll take a look at it. |
Sorry, but Depfu wasn't able to merge this PR. An error has been logged and we'll take a look at it. |
π¨ Your current dependencies have known security vulnerabilities π¨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
Security Advisories π¨
π¨ REXML DoS vulnerability
π¨ REXML DoS vulnerability
Release Notes
3.3.4
3.3.3
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 24 commits:
Add 3.3.4 entry
Add missing rexml/security require in rexml/parsers/baseparser.rb (#189)
Bump version
Add 3.3.3 entry
test: add a performance test for attribute list declaration
test: fix wrong test name
test: use double quote for string literal
test: don't use abbreviated name
test: add a performance test for PI with many tabs
parse pi: improve invalid case detection
test: fix a typo
test: use double quote for string literal
test: add performance tests for entity declaration
test: use double quote for string literal
test: add a performance test for %...; in document declaration
test: use double quote for string literal
test: fix location
Fix source.match performance without specifying term string (#186)
Add support for XML entity expansion limitation in SAX and pull parsers (#187)
Add more invalid test cases for parsing entitly declaration (#183)
Add support for detecting invalid XML that has unsupported content before root element (#184)
Fix method scope in test in order to invoke the tests properly and fix exception message (#182)
Add missing references in 3.3.2 entry
Bump version
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase
.All Depfu comment commands