fu2
fu2 copied to clipboard
mutle
private community forum-like software
Bumps [loofah](https://github.com/flavorjones/loofah) from 2.0.3 to 2.19.1. Release notes Sourced from loofah's releases. 2.19.1 / 2022-12-13 Security Address CVE-2022-23514, inefficient regular expression complexity. See GHSA-486f-hjj9-9vhh for more information. Address CVE-2022-23515, improper...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer) from 1.0.3 to 1.4.4. Release notes Sourced from rails-html-sanitizer's releases. 1.4.4 / 2022-12-13 Address inefficient regular expression complexity with certain configurations of Rails::Html::Sanitizer. Fixes CVE-2022-23517. See GHSA-5x79-w82f-gw8w for...
Bumps [sinatra](https://github.com/sinatra/sinatra) from 1.0 to 3.0.4. Changelog Sourced from sinatra's changelog. 3.0.4 / 2022-11-25 Fix: Escape filename in the Content-Disposition header. #1841 by Kunpei Sakai 3.0.3 / 2022-11-11 Fix: fixed...
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.6.7.2 to 1.13.9. Release notes Sourced from nokogiri's releases. 1.13.9 / 2022-10-18 Security [CRuby] Vendored libxml2 is updated to address CVE-2022-2309, CVE-2022-40304, and CVE-2022-40303. See GHSA-2qc6-mcvw-92cw for...
Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.4.0 to 2.8.1. Changelog Sourced from addressable's changelog. Addressable 2.8.1 refactor Addressable::URI.normalize_path to address linter offenses (#430) remove redundant colon in Addressable::URI::CharacterClasses::AUTHORITY regex (#438) update gemspec to...
Bumps [tzinfo](https://github.com/tzinfo/tzinfo) from 1.2.2 to 1.2.10. Release notes Sourced from tzinfo's releases. v1.2.10 Fixed a relative path traversal bug that could cause arbitrary files to be loaded with require when...
Bumps [i18n](https://github.com/ruby-i18n/i18n) from 0.7.0 to 0.9.5. Release notes Sourced from i18n's releases. v0.9.5 #404 reported a regression in 0.9.3, which wasn't fixed by 0.9.4. #408 fixes this issue. Thanks @wjordan!...
Bumps [carrierwave](https://github.com/carrierwaveuploader/carrierwave) from 0.11.2 to 1.3.2. Changelog Sourced from carrierwave's changelog. 1.3.2 - 2021-02-08 Fixed Fix Ruby 2.7 deprecations(@aubinlrx #2462) Security Fix Code Injection vulnerability in CarrierWave::RMagick (@mshibuya eb9346df, GHSA-cf3w-g86h-35x4)...
Bumps [json](https://github.com/flori/json) from 1.8.3 to 2.3.0. Changelog Sourced from json's changelog. 2019-12-11 (2.3.0) Fix default of create_additions to always be false for JSON(user_input) and JSON.parse(user_input, nil). Note that JSON.load remains...
Bumps [rack](https://github.com/rack/rack) from 2.0.0.rc1 to 2.2.3. Changelog Sourced from rack's changelog. Changelog All notable changes to this project will be documented in this file. For info on how to format...