Bump webrick from 1.8.1 to 1.8.2 by dependabot[bot] · Pull Request #1364 · GSA-TTS/identity-site

dependabot · 2024-10-11T19:57:08Z

Bumps webrick from 1.8.1 to 1.8.2.

Release notes

v1.8.2

What's Changed

Drop commented-out line by @olleolleolle in ruby/webrick#108

Add Ruby 3.1 & 3.2 to CI matrix by @tricknotes in ruby/webrick#109

Fix/redos by @ooooooo-q in ruby/webrick#114

Raise HTTPStatus::BadRequest for requests with invalid/duplicate content-length headers by @jeremyevans in ruby/webrick#120

Bump actions/checkout from 3 to 4 by @dependabot in ruby/webrick#121

Improve CI by @hsbt in ruby/webrick#123

Fix WEBrick::TestFileHandler#test_short_filename test not working on mswin by @KJTsanaktsidis in ruby/webrick#128

Fix bug chunk extension detection by @jeremyevans in ruby/webrick#125

Fix CI. by @ioquatix in ruby/webrick#131

Merge multiple cookie headers, preserving semantic correctness. by @ioquatix in ruby/webrick#130

Test on macos-latest by @byroot in ruby/webrick#132

Require CRLF line endings in request line and headers by @jeremyevans in ruby/webrick#138

Prefer squigly heredocs. by @ioquatix in ruby/webrick#143

Only strip space and horizontal tab in headers by @jeremyevans in ruby/webrick#141

Treat missing CRLF separator after headers as an EOFError by @jeremyevans in ruby/webrick#142

Return 400 response for chunked requests with unexpected data after chunk by @jeremyevans in ruby/webrick#136

Fix reference to URI::REGEXP::PATTERN::HOST by @casperisfine in ruby/webrick#144

Prevent request smuggling by @jeremyevans in ruby/webrick#146

New Contributors

@tricknotes made their first contribution in ruby/webrick#109

@ooooooo-q made their first contribution in ruby/webrick#114

@KJTsanaktsidis made their first contribution in ruby/webrick#128

@byroot made their first contribution in ruby/webrick#132

@casperisfine made their first contribution in ruby/webrick#144

Full Changelog: ruby/webrick@v1.8.1...v1.8.2

Commits

0fb9de6 Bump up v1.8.2
b9a4c81 Removed trailing spaces
f5faca9 Prevent request smuggling
0c600e1 Fix reference to URI::REGEXP::PATTERN::HOST
15a9391 Return 400 response for chunked requests with unexpected data after chunk
2b38d56 Treat missing CRLF separator after headers as an EOFError
e4efb4a Remove unnecessary gsub calls in test_httprequest.rb
426e214 Only strip space and horizontal tab in headers
e72cb69 Prefer squigly heredocs. (#143)
ee60354 Require CRLF line endings in request line and headers
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [webrick](https://github.com/ruby/webrick) from 1.8.1 to 1.8.2. - [Release notes](https://github.com/ruby/webrick/releases) - [Commits](ruby/webrick@v1.8.1...v1.8.2) --- updated-dependencies: - dependency-name: webrick dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [webrick](https://github.com/ruby/webrick) from 1.8.1 to 1.8.2. - [Release notes](https://github.com/ruby/webrick/releases) - [Commits](ruby/webrick@v1.8.1...v1.8.2) --- updated-dependencies: - dependency-name: webrick dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Add program updates collection * Add program update admin config * Update Jekyll collection * Update Netlify config for program updates * Add program updates to partners header * Add scaffolding placeholder html * Add placeholder page * Temporarily modify config for testing * Update placeholder variables * Update index scaffold * Update entry scaffold * Update index style * Remove unnecessary param * Update index page * Update subtitle * Update description * Correct uploaded image path * Add preview field * Use preview field in template * Remove early figma draft * Update spacing * Add preview text var * Use preview var * Add preview component * Add vars from Jekyll * Change component preview * Automatically generated. Merged on Netlify CMS Force merge of: * "assets/img/450px.png" * "content/_program_updates/test-title-1.md" * Delete Program update “test-title-1” * LG-14223 | Use icon bullets on "Verify your phone number" page (#1329) * LG-14081: Add privacy translations (#1330) * Add translations for French, Spanish * Don't use import.meta.dirname in webpack.config.js (#1341) * Don't use import.meta.dirname Looks like `import.meta.dirname` was added in a point release in the Nodejs v20 series. We are requiring "20" as a version, so some compatible versions won't work without this. * Update variable name to appease linter * remove exclude_from_nav and sitemap flags (#1340) * Add State of Maryland (#1339) * LG-14540: Update press kit (#1338) * Add updated press kit * Automatically generated. Merged on Netlify CMS Force merge of: * "content/_program_updates/test-title-1.md" * Automatically generated. Merged on Netlify CMS Force merge of: * "content/_program_updates/this-is-a-new-program-update-for-testing-purposes.md" * Automatically generated. Merged on Netlify CMS Force merge of: * "content/_program_updates/this-is-a-new-program-update-for-testing-purposes.md" * Automatically generated. Merged on Netlify CMS Force merge of: * "content/_program_updates/test-title-4444.md" * Delete Program update “test-title-1” * Delete Program update “test-title-4444” * Automatically generated. Merged on Netlify CMS Force merge of: * "content/_program_updates/re-run-circleci-tests.md" * Create Program update “gsa’s-login-gov-expands-services-into-states” (#1350) * Facilitate YML parsing of Time * Facilitate YML parsing of Time * Remove test entry * Automatically generated. Merged on Netlify CMS Force merge of: * "content/_program_updates/empowering-responsible-ai-the-ai-training-series-for-government-employees-is-currently-underway-read-all-about-it.md" * Automatically generated. Merged on Netlify CMS Force merge of: * "content/_program_updates/esther-test.md" * Automatically generated. Merged on Netlify CMS Force merge of: * "content/_program_updates/ponja-test-title.md" * Automatically generated. Merged on Netlify CMS Force merge of: * "assets/img/screenshot-2024-10-23-at-11.12.48 am.png" * "content/_program_updates/ponjas-second-test.md" * Automatically generated. Merged on Netlify CMS Force merge of: * "assets/img/unnamed-2-.png" * "assets/img/unnamed-3-.png" * "assets/img/unnamed.png" * "content/_program_updates/mobile-friendly-updates-to-identity-verification-workflow.md" * Delete Program update “mobile-friendly-updates-to-identity-verification-workflow” * Automatically generated. Merged on Netlify CMS Force merge of: * "content/_program_updates/bug-bash-test-netlify-to-support-program-updates-pages.md" * Automatically generated. Merged on Netlify CMS Force merge of: * "content/_program_updates/mobile-friendly-updates-to-identity-verification-workflow.md" * Automatically generated. Merged on Netlify CMS Force merge of: * "content/_program_updates/test-blog-post.md" * Center images for program updates * Hide initial launch * Remove added content * Reset config * LG-14496: Chinese translation LQA fixes (#1342) * 311 webpage section 1 (1/2) * 311 webpage section 1 (2/2) * 311 webpage section 2 (1/3) * 311 webpage section 2 (2/3) * 311 webpage section 2 (3/3) * 311 webpage section 3 (1/1) * LG-14499: More Chinese translation LQA fixes (#1343) * Translation request 1 ("How to verify your identity" page) * Translation request 2 How to verify your identity & how to verify your phone number pages * Translation request 3 "Verify your address by mail" page * changelog: User-Facing Improvements, chinese translations, updating alt text for verify photos chinese (#1363) * LG-14190: Update contact us form topics (#1344) * Update contact us form topics * LG-13951 Increase dependency version of @18f/identity-address-search to 3.2.0 to show error message for PO Search (#1362) * Update version of @18f/identity-address-search * Installed v3.2.0 of address-search * Add translations for err msg * Reinstalled address-search with diff node ver * no change * LG-14634: Remove SBA references (#1371) * Remove SBA references * Bump webrick from 1.8.1 to 1.8.2 (#1364) Bumps [webrick](https://github.com/ruby/webrick) from 1.8.1 to 1.8.2. - [Release notes](https://github.com/ruby/webrick/releases) - [Commits](ruby/webrick@v1.8.1...v1.8.2) --- updated-dependencies: - dependency-name: webrick dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump google-protobuf from 4.27.1 to 4.27.5 (#1334) Bumps [google-protobuf](https://github.com/protocolbuffers/protobuf) from 4.27.1 to 4.27.5. - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl) - [Commits](https://github.com/protocolbuffers/protobuf/commits) --- updated-dependencies: - dependency-name: google-protobuf dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * LG-14643 | "Verify your address by mail" updates (#1369) * LG-13328: update translations for help center content (#1370) * feat: update quotes on es translations * feat: add non-breaking space to fr translations * feat: delete character from chinese translations * feat: add Find a Participating Post Office link for Chinese Translations * Add PSHB to agencies dropdown (#1377) Add PSHB to agencies dropdown * Bump rexml from 3.3.6 to 3.3.9 (#1378) Bumps [rexml](https://github.com/ruby/rexml) from 3.3.6 to 3.3.9. - [Release notes](https://github.com/ruby/rexml/releases) - [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md) - [Commits](ruby/rexml@v3.3.6...v3.3.9) --- updated-dependencies: - dependency-name: rexml dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Fix redirected link for TOTP application (#1379) * Use CircleCI orbs to install Node.js and Node/Ruby dependencies (#1383) * Update email inputs (#1382) * LG-14888: Update Spanish strings for LQA feedback (#1384) * Add value FRB (#1386) * LG-14959: Cleanup contact form (#1385) * Cleanup contact form * Update content for Security Check Failed per LQA (Chinese) (#1387) * LG-14890: Update links on SAM.gov help center article (#1388) * Update UEID link * Update link "How do I become an entity administrator" * Update "How do I update/renew an entity administration" * Consolidate and update email links * LG-14909: Update partner FAQ (#1389) Update partner FAQ * LG-14908: Add partner assurance level (#1390) * Add partner assurance level page * Update content/_partners/determining-your-assurance-level._en.md Co-authored-by: Andrew Duthie <1779930+aduth@users.noreply.github.com> * Change external link class --------- Co-authored-by: Andrew Duthie <1779930+aduth@users.noreply.github.com> * Update readme to get mock data (#1392) * LG-13653: Contact report security issue (#1381) * Add "Report an Issue" to Contact Us page * Bump cross-spawn from 7.0.3 to 7.0.6 (#1393) Bumps [cross-spawn](https://github.com/moxystudio/node-cross-spawn) from 7.0.3 to 7.0.6. - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](moxystudio/node-cross-spawn@v7.0.3...v7.0.6) --- updated-dependencies: - dependency-name: cross-spawn dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * LG-15038: Update partners "our services" page (#1394) * Add "our services" page to partners Co-authored-by: Andrew Duthie <1779930+aduth@users.noreply.github.com> --------- Co-authored-by: Andrew Duthie <1779930+aduth@users.noreply.github.com> * Revert "Reset config" This reverts commit 56d7af7. * Create Program update “lorem-ipsum-odor-amet-consectetuer-adipiscing-elit” (#1403) * Automatically generated. Merged on Netlify CMS Force merge of: * "content/_program_updates/gsa’s-bipartisan-infrastructure-law-projects-strengthen-safety-security-and-the-supply-chain-1.md" * LG-11857: add header post office search results (#1391) * feat: add resultsSectionHeading to post office search * feat: add latest version of address-search package * feat: add new results section heading content * Add Microsoft & SSA domains to external URL ignore (#1395) * Add apps.microsoft.com to external URL ignore * Ignore faq.ssa.gov external domain errors * LG-15062: Update TTS urls (#1399) Update TTS urls * LG-15065 Add new 'Issues with IPP' child page in Help Center (#1400) * New Issues with IPP child page * Update child order for chinese * change urls to be root relative * Change url to be root-relative and per language * add trailing slash in relative url * LG-15040: What is login (#1405) * Update "what is login" * add translations to issues with ipp (#1406) * Revert "Revert "Reset config"" This reverts commit bdc9e4e. * Remove test content * LG-15181: Update header on partners page (#1407) * Update header on "partners page" * Move "State and local" --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Matt Wagner <matt.wagner@gsa.gov> Co-authored-by: Matt Hinz <matt.hinz@gsa.gov> Co-authored-by: Kevin Masters <135744319+kevinsmaster5@users.noreply.github.com> Co-authored-by: Akhlaq Khan <akhlaqkhan@users.noreply.github.com> Co-authored-by: Esther Kim <163057060+esther2kim@users.noreply.github.com> Co-authored-by: PonjaHO <106832142+PonjaHO@users.noreply.github.com> Co-authored-by: allisonrosenberg <140114736+allisonrosenberg@users.noreply.github.com> Co-authored-by: A Shukla <abir.shukla@gsa.gov> Co-authored-by: Gina <125507397+gina-yamada@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: KeithNava <134446588+KeithNava@users.noreply.github.com> Co-authored-by: Moncef Belyamani <monfresh@users.noreply.github.com> Co-authored-by: Andrew Duthie <1779930+aduth@users.noreply.github.com>

dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Oct 11, 2024

zachmargolis approved these changes Oct 24, 2024

View reviewed changes

zachmargolis merged commit 649ab8d into main Oct 24, 2024

zachmargolis deleted the dependabot/bundler/webrick-1.8.2 branch October 24, 2024 16:40

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump webrick from 1.8.1 to 1.8.2#1364

Bump webrick from 1.8.1 to 1.8.2#1364
zachmargolis merged 1 commit intomainfrom
dependabot/bundler/webrick-1.8.2

dependabot bot commented on behalf of github Oct 11, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Oct 11, 2024

v1.8.2

What's Changed

New Contributors

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant