Heads up!
If you want to add your meta-extensions to the WHATWG Wiki and/or contribute, please read our README.md first!
Important update - Fixes several security issues
Our dependency Guzzle had some highly classified vulnerabilities that had to be fixed by updating the dependency via Composer.
Please make sure you run composer install or composer update.
For more information on the vulnerabilities (CVEs are listed here) visit: https://vegc.net/vul_acknowledgements2022#2022
What's Changed
- Fixed Typos
- Fixed Cross-domain cookie leakage in Guzzle #43 / CVE-2022-29248
- Fixed Failure to strip Authorization header on HTTP downgrade in Guzzle / CVE-2022-31043,
- Fixed Failure to strip the Cookie header on change in host or HTTP downgrade in Guzzle / CVE-2022-31042
- Bump knplabs/github-api from 3.5.1 to 3.6.0 by @dependabot in #40
- Bump actions/stale from 4 to 5 by @dependabot in #41
- Bump github/codeql-action from 1 to 2 by @dependabot in #42
- Bump knplabs/github-api from 3.6.0 to 3.7.0 by @dependabot in #45
Full Changelog: v2.3.4...v2.3.5
Contributors
dependabot