rapidfire-app
rapidfire-app copied to clipboard
codemancers
Rails app for managing surveys
Bumps [tzinfo](https://github.com/tzinfo/tzinfo) from 1.2.5 to 1.2.10. Release notes Sourced from tzinfo's releases. v1.2.10 Fixed a relative path traversal bug that could cause arbitrary files to be loaded with require when...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [terser](https://github.com/terser/terser) from 4.2.1 to 4.8.1. Changelog Sourced from terser's changelog. v4.8.1 (backport) Security fix for RegExps that should not be evaluated (regexp DDOS) v4.8.0 Support for numeric separators (million...
Bumps [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer) from 1.2.0 to 1.4.3. Release notes Sourced from rails-html-sanitizer's releases. 1.4.3 / 2022-06-09 Address a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. Prevent the combination of select...
Bumps [eventsource](https://github.com/EventSource/eventsource) from 1.0.7 to 1.1.1. Changelog Sourced from eventsource's changelog. 1.1.1 Do not include authorization and cookie headers on redirect to different origin (#273 Espen Hovlandsdal) 1.1.0 Improve performance...
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.8 to 1.13.6. Release notes Sourced from nokogiri's releases. 1.13.6 / 2022-05-08 Security [CRuby] Address CVE-2022-29181, improper handling of unexpected data types, related to untrusted inputs to...
Bumps [puma](https://github.com/puma/puma) from 3.12.4 to 4.3.12. Release notes Sourced from puma's releases. 4.3.12 Security Close several HTTP Request Smuggling exploits (CVE-2022-24790) 4.3.11 Bugfix/Security Response body will always be closed. (GHSA-rmj8-8hhh-gv5h,...
Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.4.7 to 1.5.10. Commits 8cd4c6c 1.5.10 ce7a01f [fix] Improve handling of empty port 0071490 [doc] Update JSDoc comment a7044e3 [minor] Use more descriptive variable name d547792 [security]...
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.8.1 to 1.14.8. Commits 3d81dc3 Release version 1.14.8 of the npm package. 62e546a Drop confidential headers across schemes. 2ede36d Release version 1.14.7 of the npm package. 8b347cb...
Bumps [ajv](https://github.com/ajv-validator/ajv) from 6.10.2 to 6.12.6. Release notes Sourced from ajv's releases. v6.12.6 Fix performance issue of "url" format. v6.12.5 Fix uri scheme validation (@ChALkeR). Fix boolean schemas with strictKeywords...
Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...