-
Notifications
You must be signed in to change notification settings - Fork 164
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create SECURITY.md #131
Closed
Closed
Create SECURITY.md #131
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Apr 29, 2024
Changes in 2.2.5 #117: Document that empty for Concurrently waits forever #120: Add ConcurrentlyE. #123: Fix failing concurrentlyE tests in older GHCs. #124: Allow hashable 1.4 #126: Semigroup and Monoid instances for ConcurrentlyE #120: Add ConcurrentlyE #138: expose internals as Control.Concurrent.Async.Internal #131: Fix typos in docs #132: waitAny(Catch): clarify non-empty input list requirement #142: Add cancelMany #135, #145, #150: Support for GHC 9.4, 9.6, 9.8 Document that empty for Concurrently waits forever.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Apr 30, 2024
v20.4.0 ======= Features -------- - Replace deprecated ssl.wrap_socket with SSLContext.wrap_socket and update examples in connection.py docs. (#216) v20.3.1 ======= No significant changes. v20.3.0 ======= Features -------- - Added support for SASL login. (#195) Bugfixes -------- - Better handling of escape sequences in message tags. (#205) v20.2.0 ======= Features -------- - Require Python 3.8 or later. v20.1.1 ======= * #213: Pinned against jaraco.text 3.10 due to change in interface. v20.1.0 ======= * #196: In irc.bot, avoid hanging idle when the first connection attempt fails. v20.0.0 ======= * ``SingleServerIRCBot`` no longer accepts ``reconnection_interval`` as a parameter. * Added server support for NOTICE commands. * Require Python 3.7 or later. v19.0.1 ======= * #176: Fix issues with version number reporting. Restored version version number reporting in bot and client. v19.0.0 ======= * ``irc.client`` no longer exposes a ``VERSION`` or ``VERSION_STRING``. To get the version, call ``importlib.metadata.version('irc')`` directly. v18.0.0 ======= * Require Python 3.6 or later. 17.1 ==== * Rely on `importlib_metadata <https://pypi.org/project/importlib_metadata/>`_ for loading version from metadata. Removes implicit dependency on setuptools and pkg_resources. * #158: The AsyncIO server now accepts a connection factory to enable features like SSL and IPv6 support. * #155: ``SimpleIRCClient`` now has a ``dcc`` method for initiating and associating a DCCConnection object with the client. ``DCCConnection.listen`` now accepts a ``address`` parameter. Deprecated ``SimpleIRCClient.dcc_listen`` and ``SimpleIRCClient.dcc_connect`` in favor of the better separation of concerns. Clients should replace:: client.dcc_connect(addr, port, type) client.dcc_listen(type) with:: client.dcc(type).connect(addr, port) client.dcc(type).listen() 17.0 ==== * Removed ``irc.buffer`` module, deprecated in 14.2. * #153: Drop support for Python 3.3 and 2.7. 16.4 ==== * Long Term Service release for Python 2.7. * #149: ``AioConnection.connect`` moved to coroutine, added disconnect handling for AsyncIO. 16.3 ==== * #140: Methods now use 'connection' and 'event' for parameter names. * #135 via #144: Added AsyncIO implementation. 16.2.1 ====== * Package refresh and cleanup. 16.2 ==== * #133: In ``irc.server``, add support for ISON. 16.1 ==== * #131: Add ``Connection.encode`` and ``Connection.transmit_encoding`` to enable encodings other than UTF-8 to be used when transmitting text. 16.0 ==== * Removed deprecated ``execute_*`` methods on ``Connection`` and ``Reactor`` as introduced in 15.0. * Fixed link in README. 15.1.1 ====== * New ``send_items`` method takes star args for simplicity in the syntax and usage. 15.1 ==== * Introduce ``ServerConnection.send_items``, consolidating common behavior across many methods previously calling ``send_raw``. 15.0.6 ====== * Now publish `documentation <https://python-irc.readthedocs.io/>`_ to Read The Docs. 15.0.5 ====== * #119: Handle broken pipe exception in IRCClient _send() (server.py). 15.0.4 ====== * #116: Correct invocation of execute_every. 15.0.3 ====== * #115: Fix AttributeError in ``execute_at`` in scheduling support. 15.0.2 ====== * #113: Use preferred scheduler in the bot implementation. 15.0.1 ====== * Deprecated calls to Connection.execute_* and Reactor.execute_*. Instead, call the equivalently-named methods on the reactor's scheduler. 15.0 ==== * The event scheduling functionality has been decoupled from the client.Reactor object. Now the reactor will construct a Scheduler from the scheduler_class property, which must be an instance of irc.schedule.IScheduler. The ``_on_schedule`` parameter is no longer accepted to the Reactor class. Implementations requiring a signal during scheduling should hook into the ``add`` method of the relevant scheduler class. * Moved the underlying scheduler implementation to `tempora <https://pypi.org/project/tempora>`_, allowing it to be re-used for other purposes. 14.2.2 ====== * Issue #98: Add an ugly hack to force ``build_sphinx`` command to have the requisite libraries to build module documentation. 14.2.1 ====== * Issue #97: Restore ``irc.buffer`` module for compatibility. * Issue #95: Update docs to remove missing or deprecated modules. * Issue #96: Declare Gitter support as a badge in the docs. 14.2 ==== * Moved buffer module to `jaraco.stream <https://pypi.python.org/pypi/jaraco.stream>`_ for use in other packages. 14.1 ==== * ``SingleServerIRCBot`` now accepts a ``recon`` parameter implementing a ReconnectStrategy. The new default strategy is ExponentialBackoff, implementing an exponential backoff with jitter. The ``reconnection_interval`` parameter is now deprecated but retained for compatibility. To customize the minimum time before reconnect, create a custom ExponentialBackoff instance or create another ReconnectStrategy object and pass that as the ``recon`` parameter. The ``reconnection_interval`` parameter will be removed in future versions. * Issue #82: The ``ExponentialBackoff`` implementation now protects from multiple scheduled reconnects, avoiding the issue where reconnect attempts accumulate exponentially when the bot is immediately disconnected by the server. 14.0 ==== * Dropped deprecated constructor ``connection.Factory.from_legacy_params``. Use the natural constructor instead. * Issue #83: ``connection.Factory`` no longer attempts to bind before connect unless a bind address is specified. 13.3.1 ====== * Now remove mode for owners, halfops, and admins when the user is removed from a channel. * Refactored the Channel class implementation for cleaner, less repetitive code. * Expanded tests coverage for Channel class. 13.3 ==== * Issue #75: In ``irc.bot``, add support for tracking admin status (mode 'a') in channels. Use ``channel.is_admin`` or ``channel.admins`` to identify admin users for a channel. * Removed deprecated irc.logging module. 13.2 ==== * Moved hosting to github. 13.1.1 ====== * Issue #67: Fix infinite recursion for ``irc.strings.IRCFoldedCase`` and ``irc.strings.lower``. 13.1 ==== * Issue #64: ISUPPORT PREFIX now retains the order of permissions for each prefix. 13.0 ==== * Updated ``schedule`` module to properly support timezone aware times and use them by default. Clients that rely on the timezone naïve datetimes may restore the old behavior by overriding the ``schedule.now`` and ``schedule.from_timestamp`` functions like so: schedule.from_timestamp = datetime.datetime.fromtimestamp schedule.now = datetime.datetime.now Clients that were previously patching ``schedule.DelayedCommand.now`` will need to instead patch the aforementioned module-global methods. The classmethod technique was a poor interface for effectively controlling timezone awareness, so was likely unused. Please file a ticket with the project for support with your client as needed. 12.4.2 ====== * Bump to jaraco.functools 1.5 to throttler failures in Python 2. 12.4 ==== * Moved ``Throttler`` class to `jaraco.functools <https://bitbucket.org/jaraco/jaraco.functools>`_ 1.4. 12.3 ==== * Pull Request #33: Fix apparent escaping issue with IRCv3 tags. 12.2 ==== * Pull Request #32: Add numeric for WHOX reply. * Issue #62 and Pull Request #34: Add support for tags in message processing and ``Event`` class. 12.1.2 ====== * Issue #59: Fixed broken references to irc.client members. * Issue #60: Fix broken initialization of ``irc.server.IRCClient`` on Python 2. 12.1.1 ====== * Issue #57: Better handling of Python 3 in testbot.py script. 12.1 ==== * Remove changelog from package metadata. 12.0 ==== * Remove dependency on jaraco.util. Instead depend on surgical packages. * Deprecated ``irc.logging`` in favor of ``jaraco.logging``. * Dropped support for Python 3.2.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
May 1, 2024
0.4.3.5 #131 Add At and Ixed instance for HashSet.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
May 6, 2024
2024-05-05 -- 0.9.8 >>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> * Fixed: [CVE-2024-34402] Protect against integer overflow in ComposeQueryEngine (GitHub #183, GitHub #185) * Fixed: [CVE-2024-34403] Protect against integer overflow in ComposeQueryMallocExMm (GitHub #183, GitHub #186) >>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> * Changed: Require CMake >=3.5.0 (GitHub #172) * Added: CMake option URIPARSER_SHARED_LIBS=(ON|OFF) to control, whether to produce a shared or static library for uriparser and that alone, falls back to standard BUILD_SHARED_LIBS if available, else defaults to "ON" (GitHub #169, GitHub #170) * Improved: Document that scheme-based normalization a la section 6.2.3 of RFC 3986 is a responsibility of the application using uriparser (GitHub #173, GitHub #174) * Improved: Document supported code points for functions uriEscape(Ex)W (GitHub #171, GitHub #175) * Infrastructure: Update Clang from 15 to 18 (GitHub #161, GitHub #187) * Infrastructure: Adapt to breaking changes in Clang packaging (GitHub #160) * Infrastructure: Get sanitizer CFLAGS and LDFLAGS back in sync (GitHub #161) * Infrastructure: Pin GitHub Actions to specific commits for security (GitHub #165) * Soname: 1:31:0 — see https://verbump.de/ for what these numbers do 2022-10-05 -- 0.9.7 * Fixed: Multiple issues with IPv6 and IPvFuture literal parsing (GitHub #146, GitHub #150) Thanks to Scallop Ye for the report and the pull request! * Fixed: Fix symbol visibility for -DBUILD_SHARED_LIBS=OFF (GitHub #139, GitHub #141); thanks to Mariusz Zaborski for the report! * Fixed: For MinGW, use size_t for inet_ntop declaration and fix macro checks for both MinGW and mingw-w64 (GitHub #131) * Fixed: Compiler warnings (GitHub #132, GitHub #152) * Improved: Use name UriConfig.h rather than generic config.h for the config header file to avoid name clashes and also include it through "UriConfig.h" with quotes rather than <UriConfig.h> so that it is found in quote path locations (GitHub #149) Thanks to Gaspard Petit for bringing this up! * Improved: Document need for UriConfig.h in UriMemory.c (GitHub #136) * Infrastructure: Add (support for) Visual Studio 17/2022 (GitHub #152) * Infrastructure: Drop (support for) Visual Studio <=14/2015 (GitHub #152) * Infrastructure: Update Clang from 13 to 15 (GitHub #143, GitHub #151) * Infrastructure: Make MinGW with 32bit Wine on Ubuntu 20.04 possible (GitHub #142, GitHub #144, GitHub #145) * Soname: 1:30:0 — see https://verbump.de/ for what these numbers do
netbsd-srcmastr
pushed a commit
that referenced
this pull request
May 9, 2024
This package hasn't been updated in a long time. The following list of changes was therefore curated to focus on features or recent bugfixes. Changes in 1.7.2: * Bug #899 Guided Remediation: Parse paths in npmrc auth fields correctly. * Bug #908 Fix rust call analysis by explicitly disabling stripping of debug info. * Bug #914 Fix regression for go call analysis introduced in 1.7.0. Changes in 1.7.0: * Feature #352 Guided Remediation Introducing our new experimental guided remediation feature on osv-scanner fix subcommand. * Feature #805 Include CVSS MaxSevirity in JSON output. Changes in 1.6.2: * Feature #694 OSV-Scanner now has subcommands! The base command has been moved to scan (currently the only commands is scan). By default if you do not pass in a command, scan will be used, so CLI remains backwards compatible. * Feature #776 Add pdm lockfile support. Changes in 1.6.0 and 1.6.1: * Feature #694 Add support for NuGet lock files version 2. * Feature #655 Scan and report dependency groups (e.g. "dev dependencies") for vulnerabilities. * Feature #702 Created an option to skip/disable upload to code scanning. * Feature #732 Add option to not fail on vulnerability being found for GitHub Actions. * Feature #729 Verify the spdx licenses passed in to the license allowlist. Changes in 1.5.0: * Feature #501 Add experimental license scanning support! * Feature #642 Support scanning renv files for the R language ecosystem. * Feature #513 Stabilize call analysis for Go * Feature #676 Simplify return codes: Return 0 if there are no findings or errors. Return 1 if there are any findings (license violations or vulnerabilities). Return 128 if no packages are found. * Feature #651 CVSS v4.0 support. * Feature #60 Pre-commit hook support. Changes in 1.4.3: * Feature #621 Add support for scanning vendored C/C++ files. * Feature #581 Scan submodules commit hashes. Changes in 1.4.1: * Feature #534 New SARIF format that separates out individual vulnerabilities * Experimental Feature #57 Experimental Github Action Changes in 1.4.0: * Feature #183 Add (experimental) offline mode * Feature #452 Add (experimental) rust call analysis, detect whether vulnerable functions are actually called in your Rust project * Feature #505 OSV-Scanner support custom lockfile formats Changes in 1.3.5: * Feature #409 Adds an additional column to the table output which shows the severity if available. Changes in 1.3.0: * Feature #198 GoVulnCheck integration! Try it out when scanning go code by adding the --experimental-call-analysis flag. * Feature #260 Support -r flag in requirements.txt files. * Feature #300 Make IgnoredVulns also ignore aliases. * Feature #304 OSV-Scanner now runs faster when there's multiple vulnerabilities. Changes in 1.2.0: * Feature #168 Support for scanning debian package status file, usually located in /var/lib/dpkg/status. Thanks @cmaritan * Feature #94 Specify what parser should be used in --lockfile. * Feature #158 Specify output format to use with the --format flag. * Feature #165 Respect .gitignore files by default when scanning. * Feature #156 Support markdown table output format. Thanks @deftdawg * Feature #59 Support conan.lock lockfiles and ecosystem Thanks @SSE4 * Updated documentation! Check it out here: https://google.github.io/osv-scanner/ Changes in 1.1.0: * Feature #98: Support for NuGet ecosystem. * Feature #71: Now supports Pipfile.lock scanning. * Bug #85: Even better support for narrow terminals by shortening osv.dev URLs. * Bug #105: Fix rare cases of too many open file handles. * Bug #131: Fix table highlighting overflow. * Bug #101: Now supports 32 bit systems. Tested on NetBSD/amd64.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Jun 28, 2024
Changelog: ### GMime 3.2.15 * Fixed the g_mime_object_get_header API definition to note that it can return null * Fixed a memory leak in address_parse() (issue #159) * Added custom header folding logic for the Newsgroups: header (issue #162) * Fixed a configure issue regarding ac_cv_sys_file_offset_bits (issue #158) * Fixed an infinite loop in the Content-Type and Content-Disposition parameter serialization logic (issue #165) ### GMime 3.2.14 * Avoid clearing the header list of a GMimeMessage when adding addresses to an address header. (issue #129) * Added the internet_address_list_append_parse() prototype definition to internet-address.h. (issue #128) * Use gtk-doc ulink syntax in doc comments instead of `<a href=...>`. (issue #131) * Fixed rfc2047 token decoding logic for base64 encodings. (issue #133) * Properly handle GDateTime UTC offsets with non-zero seconds. (issue #134) * Improved introspection data for bindings such as Vala. * Improved address name quoting. * Added a GNotifyDestroy to the GMimeParserOptions callback. * Fixed the URL linkifier logic to properly handle links without a '/' before the query string. * Fixed the URL linkifier logic to handle domains that start with numbers. (issue #152) * Reverted base64 decoder optimizations from 3.2.10 and 3.2.11 to support chunked base64. (issue #150) ### GMime 3.2.13 * Optimized parsing of messages with lots of address headers. (issue #126) ### GMime 3.2.12 * Fixed a memory leak in g_mime_gpgme_get_decrypt_result(). * Updated vapigen.m4, introspection.m4, and gpgme.m4 to improve cross-platform builds. * Add and use ax_lib_socket_nsl.m4 so that systems that do not require linkage with libnsl are not forced to link with it unnecessesarily. * Changed the build system to no longer use dolt (which is obsolete). ### GMime 3.2.11 * Fixed a bug in the base64 decoder. D'oh! ### GMime 3.2.10 * Improved performance of base64 encoder by ~5%. * Improved performance of base64 decoder by ~25%. * Unref the autocrypt header after adding it to the list. (issue #118) * Work around a bug in g_time_zone_new_offset() by using identifiers instead. (issue #120) ### GMime 3.2.9 * g_mime_multipart_signed_verify() now allows type/subtype and type/x-subtype signature parts. (issue #115) * Fixed header folding logic to avoid folding the first line of a header value. (issue #112 and issue #113) * Fixed bugs discovered by static analysis. (issue #110) * Fixed GMimeStreamPipe to set errno to ESPIPE for seek/tell/length methods. * Fixed GMimeCertificates to prefer gpgme_user_id_t's address field over the email field. (issue #102) ### GMime 3.2.8 * Various fixes to Vala (and other?) language bindings. (issue #96 and issue #101) * Enabled build for PPC64LE architecture (issue #100) * Added g_mime_object_write_content_to_stream() (issue #97) * Fixed parameter list parsing logic to not report a warning when everything is valid. * Fixed the parser to handle MIME parts without headers -or- content of any kind.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Jul 30, 2024
Upstream changes: ## 2024 05 11 - The option --valign-signed-numbers, or -vsn is now the default. It was introduced in the previous release has been found to significantly improve the overall appearance of columns of signed and unsigned numbers. See the previous Change Log entry for an example. This will change the formatting in scripts with columns of vertically aligned signed and unsigned numbers. Use -nvsn to turn this option off and avoid this change. - Previously, a line break was made before a short concatenated terminal quoted string, such as "\n", if the previous line had a greater starting indentation. The break is now placed after the short quote. This keeps code a little more compact. For example: # old rule: break before "\n" here because '$name' has more indentation: my $html = $this->SUPER::genObject( $query, $bindNode, $field . ":$var", $name, "remove", "UNCHECKED" ) . "\n"; # new rule: break after a short terminal quote like "\n" for compactness; my $html = $this->SUPER::genObject( $query, $bindNode, $field . ":$var", $name, "remove", "UNCHECKED" ) . "\n"; - The option --delete-repeated-commas is now the default. It makes the following checks and changes: - Repeated commas like ',,' are removed with a warning - Repeated fat commas like '=> =>' are removed with a warning - The combination '=>,' produces a warning but is not changed These warnings are only output if --warning-output, or -w, is set. Use --nodelete-repeated-commas, or -ndrc, to retain repeated commas. - The operator ``**=`` now has spaces on both sides by default. Previously, there was no space on the left. This change makes its spacing the same as all other assignment operators. The previous behavior can be obtained with the parameter setting -nwls='**='. - The option --file-size-order, or -fso is now the default. When perltidy is given a list of multiple filenames to process, they are sorted by size and processed in order of increasing size. This can significantly reduce memory usage by Perl. This option has always been used in testing, where typically several jobs each operating on thousands of filenames are running at the same time and competing for system resources. If this option is not wanted for some reason, it can be deactivated with -nfso. - In the option --dump-block-summary, the number of sub arguments indicated for each sub now includes any leading object variable passed with an arrow-operator call. Previously the count would have been decreased by one in this case. This change is needed for compatibility with future updates. - Fix issue git #138 involving -xlp (--extended-line-up-parentheses). When multiple-line quotes and regexes have long secondary lines, these line lengths could influencing some spacing and indentation, but they should not have since perltidy has no control over their indentation. This has been fixed. This will mainly influence code which uses -xlp and has long multi-line quotes. - Add option --minimize-continuation-indentation, -mci (see git #137). This flag allows perltidy to remove continuation indentation in some special cases where it is not really unnecessary. For a simple example, the default formatting for the following snippet is: # perltidy -nmci $self->blurt( "Error: No INPUT definition for type '$type', typekind '" . $type->xstype . "' found" ); The second and third lines are one level deep in a container, and are also statement continuations, so they get indented by the sum of the -i value and the -ci value. If this flag is set, the indentation is reduced by -ci spaces, giving # perltidy -mci $self->blurt( "Error: No INPUT definition for type '$type', typekind '" . $type->xstype . "' found" ); This situation is relatively rare except in code which has long quoted strings and the -nolq flag is also set. This flag is currently off by default, but it could become the default in a future version. - Add options --dump-mismatched-args (or -dma) and --warn-mismatched-arg (or -wma). These options look for and report instances where the number of args expected by a sub appear to differ from the number passed to the sub. The -dump version writes the results for a single file to standard output and exits: perltidy -dma somefile.pl >results.txt The -warn version formats as normal but reports any issues as warnings in the error file: perltidy -wma somefile.pl The -warn version may be customized with the following additional parameters if necessary to avoid needless warnings: --warn-mismatched-arg-types=s (or -wmat=s), --warn-mismatched-arg-exclusion-list=s (or -wmaxl=s), and --warn-mismatched-arg-undercount-cutoff=n (or -wmauc=n). --warn-mismatched-arg-overcount-cutoff=n (or -wmaoc=n). These are explained in the manual. - Add option --valign-wide-equals, or -vwe, for issue git #135. Setting this parameter causes the following assignment operators = **= += *= &= <<= &&= -= /= |= >>= ||= //= .= %= ^= x= to be aligned vertically with the ending = all aligned. For example, here is the default formatting of a snippet of code: $str .= SPACE x $total_pad_count; $str_len += $total_pad_count; $total_pad_count = 0; $str .= $rfields->[$j]; $str_len += $rfield_lengths->[$j]; And here is the same code formatted with -vwe: # perltidy -vwe $str .= SPACE x $total_pad_count; $str_len += $total_pad_count; $total_pad_count = 0; $str .= $rfields->[$j]; $str_len += $rfield_lengths->[$j]; This option currently is off by default to avoid changing existing formatting. - Added control --delete-interbracket-arrows, or -dia, to delete optional hash ref and array ref arrows between brackets as in the following expression (see git #131) return $self->{'commandline'}->{'arg_list'}->[0]->[0]->{'hostgroups'}; # perltidy -dia gives: return $self->{'commandline'}{'arg_list'}[0][0]{'hostgroups'}; Added the opposite control --aia-interbracket-arrows, or -aia, to add arrows. So applied to the previous line the arrows are restored: # perltidy -aia return $self->{'commandline'}->{'arg_list'}->[0]->[0]->{'hostgroups'}; The manual describes additional controls for adding and deleting just selected interbracket arrows.
netbsd-srcmastr
pushed a commit
that referenced
this pull request
Oct 21, 2024
1.8.2 (2024-09-24) What's Changed * Drop commented-out line by @olleolleolle in #108 * Add Ruby 3.1 & 3.2 to CI matrix by @tricknotes in #109 * Fix/redos by @ooooooo-q in #114 * Raise HTTPStatus::BadRequest for requests with invalid/duplicate content-length headers by @jeremyevans in #120 * Bump actions/checkout from 3 to 4 by @dependabot in #121 * Improve CI by @hsbt in #123 * Fix WEBrick::TestFileHandler#test_short_filename test not working on mswin by @KJTsanaktsidis in #128 * Fix bug chunk extension detection by @jeremyevans in #125 * Fix CI. by @ioquatix in #131 * Merge multiple cookie headers, preserving semantic correctness. by @ioquatix in #130 * Test on macos-latest by @byroot in #132 * Require CRLF line endings in request line and headers by @jeremyevans in #138 * Prefer squigly heredocs. by @ioquatix in #143 * Only strip space and horizontal tab in headers by @jeremyevans in #141 * Treat missing CRLF separator after headers as an EOFError by @jeremyevans in #142 * Return 400 response for chunked requests with unexpected data after chunk by @jeremyevans in #136 * Fix reference to URI::REGEXP::PATTERN::HOST by @casperisfine in #144 * Prevent request smuggling by @jeremyevans in #146 New Contributors * @tricknotes made their first contribution in #109 * @ooooooo-q made their first contribution in #114 * @KJTsanaktsidis made their first contribution in #128 * @byroot made their first contribution in #132 * @casperisfine made their first contribution in #144
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.