From 3f04fe4cb6710c4626ca9b1b40316056e15dcf1c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 11 Aug 2021 13:57:33 -0700
Subject: [PATCH] Bump addressable from 2.7.0 to 2.8.0 (#1517)
Summary:
Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.7.0 to 2.8.0.
Changelog
Sourced from addressable's changelog.
Addressable 2.8.0
- fixes ReDoS vulnerability in Addressable::Template#match
- no longer replaces
+ with spaces in queries for non-http(s) schemes
- fixed encoding ipv6 literals
- the
:compacted flag for normalized_query now dedupes parameters
- fix broken
escape_component alias
- dropping support for Ruby 2.0 and 2.1
- adding Ruby 3.0 compatibility for development tasks
- drop support for
rack-mount and remove Addressable::Template#generate
- performance improvements
- switch CI/CD to GitHub Actions
Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Instagram/IGListKit/network/alerts).
Pull Request resolved: https://github.com/Instagram/IGListKit/pull/1517
Reviewed By: candance
Differential Revision: D30253632
Pulled By: lorixx
fbshipit-source-id: 50c5c8fda7c38ec48249575a07c4dd005c4276cf
---
Gemfile.lock | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Gemfile.lock b/Gemfile.lock
index d22f5412..e8212c3f 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -7,7 +7,7 @@ GEM
minitest (~> 5.1)
thread_safe (~> 0.3, >= 0.3.4)
tzinfo (~> 1.1)
- addressable (2.7.0)
+ addressable (2.8.0)
public_suffix (>= 2.0.2, < 5.0)
algoliasearch (1.27.1)
httpclient (~> 2.8, >= 2.8.3)
@@ -102,7 +102,7 @@ GEM
octokit (4.14.0)
sawyer (~> 0.8.0, >= 0.5.3)
open4 (1.3.4)
- public_suffix (4.0.1)
+ public_suffix (4.0.6)
racc (1.5.2)
rake (13.0.1)
rouge (2.0.7)