civic-server
civic-server copied to clipboard
griffithlab
Backend Server for CIViC Project
Bumps [omniauth](https://github.com/omniauth/omniauth), [rack-cors](https://github.com/cyu/rack-cors), [rack-attack](https://github.com/rack/rack-attack), [sidekiq](https://github.com/sidekiq/sidekiq), [rails](https://github.com/rails/rails), [activeadmin](https://github.com/activeadmin/activeadmin) and [omniauth-github](https://github.com/intridea/omniauth-github). These dependencies needed to be updated together. Updates `omniauth` from 1.9.2 to 2.1.1 Release notes Sourced from omniauth's releases. v2.1.0 This...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [sanitize](https://github.com/rgrove/sanitize) from 5.2.1 to 6.0.1. Release notes Sourced from sanitize's releases. v6.0.1 Bug Fixes Sanitize now always removes <noscript> elements and their contents, even when noscript is in the...
Bumps [globalid](https://github.com/rails/globalid) from 0.4.2 to 1.0.1. Release notes Sourced from globalid's releases. v1.0.1 Possible ReDoS based DoS vulnerability in GlobalID There is a ReDoS based DoS vulnerability in the GlobalID...
Bumps [rack](https://github.com/rack/rack) from 2.2.4 to 2.2.6.2. Changelog Sourced from rack's changelog. Changelog All notable changes to this project will be documented in this file. For info on how to format...
Bumps [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer) from 1.3.0 to 1.4.4. Release notes Sourced from rails-html-sanitizer's releases. 1.4.4 / 2022-12-13 Address inefficient regular expression complexity with certain configurations of Rails::Html::Sanitizer. Fixes CVE-2022-23517. See GHSA-5x79-w82f-gw8w for...
Bumps [loofah](https://github.com/flavorjones/loofah) from 2.10.0 to 2.19.1. Release notes Sourced from loofah's releases. 2.19.1 / 2022-12-13 Security Address CVE-2022-23514, inefficient regular expression complexity. See GHSA-486f-hjj9-9vhh for more information. Address CVE-2022-23515, improper...
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.9 to 1.13.10. Release notes Sourced from nokogiri's releases. 1.13.10 / 2022-12-07 Security [CRuby] Address CVE-2022-23476, unchecked return value from xmlTextReaderExpand. See GHSA-qv4q-mr5r-qprj for more information. Improvements...
Bumps [tzinfo](https://github.com/tzinfo/tzinfo) from 1.2.9 to 1.2.10. Release notes Sourced from tzinfo's releases. v1.2.10 Fixed a relative path traversal bug that could cause arbitrary files to be loaded with require when...
Bumps [diffy](https://github.com/samg/diffy) from 3.3.0 to 3.4.1. Changelog Sourced from diffy's changelog. == 3.4.1 == Prevent remote code execution from user controlled diff file paths. This issue was only present in...
Bumps [jmespath](https://github.com/trevorrowe/jmespath.rb) from 1.4.0 to 1.6.1. Release notes Sourced from jmespath's releases. Release v1.6.1 - 2022-03-07 Issue - Use JSON.parse instead of JSON.load. Release v1.6.0 - 2022-02-14 Feature - Add...