profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/vderyagin/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Victor Deryagin vderyagin Ternopil, Ukraine

TeachersPayTeachers/publicist 18

An elixir module to let you test private functions.

vderyagin/pomodoro.el 7

emacs lisp implementation of Pomodoro Technique

vderyagin/dotemacs 4

my GNU Emacs configuration files

vderyagin/color-theme-quiet-light 2

Light color theme for GNU Emacs

vderyagin/minimal-emacs-config 2

minimal GNU Emacs init file for use as system default editor

vderyagin/bin 1

A few custom scripts and wrappers from my ~/bin directory

vderyagin/projectur 1

zero configuration project management in GNU Emacs

vderyagin/absinthe 0

The GraphQL toolkit for Elixir

PR opened TeachersPayTeachers/braintree_ios

Bump rubyzip from 1.1.6 to 1.3.0

Bumps rubyzip from 1.1.6 to 1.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rubyzip/rubyzip/releases">rubyzip's releases</a>.</em></p> <blockquote> <h2>v1.3.0</h2> <p>Security</p> <ul> <li>Add <code>validate_entry_sizes</code> option so that callers can trust an entry's reported size when using <code>extract</code> <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/403">#403</a> <ul> <li>This option defaults to <code>false</code> for backward compatibility in this release, but you are strongly encouraged to set it to <code>true</code>. It will default to <code>true</code> in rubyzip 2.0.</li> </ul> </li> </ul> <p>New Feature</p> <ul> <li>Add <code>add_stored</code> method to simplify adding entries without compression <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/366">#366</a></li> </ul> <p>Tooling / Documentation</p> <ul> <li>Add more gem metadata links <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/402">#402</a></li> </ul> <h2>v1.2.4</h2> <ul> <li>Do not rewrite zip files opened with <code>open_buffer</code> that have not changed <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/360">#360</a></li> </ul> <p>Tooling / Documentation</p> <ul> <li>Update <code>example_recursive.rb</code> in README <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/397">#397</a></li> <li>Hold CI at <code>trusty</code> for now, automatically pick the latest ruby patch version, use rbx-4 and hold jruby at 9.1 <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/399">#399</a></li> </ul> <h2>v1.2.3</h2> <ul> <li>Allow tilde in zip entry names <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/391">#391</a> (fixes regression in 1.2.2 from <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376">#376</a>)</li> <li>Support frozen string literals in more files <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/390">#390</a></li> <li>Require <code>pathname</code> explicitly <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/388">#388</a> (fixes regression in 1.2.2 from <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376">#376</a>)</li> </ul> <p>Tooling / Documentation:</p> <ul> <li>CI updates <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/392">#392</a>, <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/394">#394</a> <ul> <li>Bump supported ruby versions and add 2.6</li> <li>JRuby failures are no longer ignored (reverts <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/375">#375</a> / part of <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371">#371</a>)</li> </ul> </li> <li>Add changelog entry that was missing for last release <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/387">#387</a></li> <li>Comment cleanup <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/385">#385</a></li> </ul> <p>Since the GitHub release information for 1.2.2 is missing, I will also include it here:</p> <h3>1.2.2</h3> <p>NB: This release drops support for extracting symlinks, because there was no clear way to support this securely. See <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376#issue-210954555">rubyzip/rubyzip#376</a> for details.</p> <ul> <li>Fix CVE-2018-1000544 <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376">#376</a> / <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371">#371</a></li> <li>Fix NoMethodError: undefined method glob' <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/363">#363</a></li> <li>Fix handling of stored files (i.e. files not using compression) with general purpose bit 3 set <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/358">#358</a></li> <li>Fix <code>close</code> on StringIO-backed zip file <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/353">#353</a></li> <li>Add <code>Zip.force_entry_names_encoding</code> option <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/340">#340</a></li> <li>Update rubocop, apply auto-fixes, and fix regressions caused by said auto-fixes <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/332">#332</a>, <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/355">#355</a></li> <li>Save temporary files to temporary directory (rather than current directory) <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/325">#325</a></li> </ul> <p>Tooling / Documentation:</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rubyzip/rubyzip/blob/master/Changelog.md">rubyzip's changelog</a>.</em></p> <blockquote> <h1>1.3.0 (2019-09-25)</h1> <p>Security</p> <ul> <li>Add <code>validate_entry_sizes</code> option so that callers can trust an entry's reported size when using <code>extract</code> <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/403">#403</a> <ul> <li>This option defaults to <code>false</code> for backward compatibility in this release, but you are strongly encouraged to set it to <code>true</code>. It will default to <code>true</code> in rubyzip 2.0.</li> </ul> </li> </ul> <p>New Feature</p> <ul> <li>Add <code>add_stored</code> method to simplify adding entries without compression <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/366">#366</a></li> </ul> <p>Tooling / Documentation</p> <ul> <li>Add more gem metadata links <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/402">#402</a></li> </ul> <h1>1.2.4 (2019-09-06)</h1> <ul> <li>Do not rewrite zip files opened with <code>open_buffer</code> that have not changed <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/360">#360</a></li> </ul> <p>Tooling / Documentation</p> <ul> <li>Update <code>example_recursive.rb</code> in README <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/397">#397</a></li> <li>Hold CI at <code>trusty</code> for now, automatically pick the latest ruby patch version, use rbx-4 and hold jruby at 9.1 <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/399">#399</a></li> </ul> <h1>1.2.3</h1> <ul> <li>Allow tilde in zip entry names <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/391">#391</a> (fixes regression in 1.2.2 from <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376">#376</a>)</li> <li>Support frozen string literals in more files <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/390">#390</a></li> <li>Require <code>pathname</code> explicitly <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/388">#388</a> (fixes regression in 1.2.2 from <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376">#376</a>)</li> </ul> <p>Tooling / Documentation:</p> <ul> <li>CI updates <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/392">#392</a>, <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/394">#394</a> <ul> <li>Bump supported ruby versions and add 2.6</li> <li>JRuby failures are no longer ignored (reverts <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/375">#375</a> / part of <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371">#371</a>)</li> </ul> </li> <li>Add changelog entry that was missing for last release <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/387">#387</a></li> <li>Comment cleanup <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/385">#385</a></li> </ul> <h1>1.2.2</h1> <p>NB: This release drops support for extracting symlinks, because there was no clear way to support this securely. See <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376#issue-210954555">rubyzip/rubyzip#376</a> for details.</p> <ul> <li>Fix CVE-2018-1000544 <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/376">#376</a> / <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/371">#371</a></li> <li>Fix NoMethodError: undefined methodglob' <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/363">#363</a></li> <li>Fix handling of stored files (i.e. files not using compression) with general purpose bit 3 set <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/358">#358</a></li> <li>Fix <code>close</code> on StringIO-backed zip file <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/353">#353</a></li> <li>Add <code>Zip.force_entry_names_encoding</code> option <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/340">#340</a></li> <li>Update rubocop, apply auto-fixes, and fix regressions caused by said auto-fixes <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/332">#332</a>, <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/355">#355</a></li> <li>Save temporary files to temporary directory (rather than current directory) <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/pull/325">#325</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rubyzip/rubyzip/commit/e79d9ea2922be12db121c20f5dc55bba8a35418a"><code>e79d9ea</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/407">#407</a> from rubyzip/v1-3-0</li> <li><a href="https://github.com/rubyzip/rubyzip/commit/7c65e1e3595031392f1050b81fb2b95b0f2ee764"><code>7c65e1e</code></a> Bump version to 1.3.0</li> <li><a href="https://github.com/rubyzip/rubyzip/commit/d65fe7bd283ec94f9d6dc7605f61a6b0dd00f55e"><code>d65fe7b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/403">#403</a> from rubyzip/check-size</li> <li><a href="https://github.com/rubyzip/rubyzip/commit/97cb6aefe6d12bd2429d7a2e119ccb26f259d71d"><code>97cb6ae</code></a> Warn when an entry size is invalid</li> <li><a href="https://github.com/rubyzip/rubyzip/commit/7849f7362ab0cd23d5730ef8b6f2c39252da2285"><code>7849f73</code></a> Default validate_entry_sizes to false for 1.3 release</li> <li><a href="https://github.com/rubyzip/rubyzip/commit/4167f0ce67e42b082605bca75c7bdfd01eb23804"><code>4167f0c</code></a> Validate entry sizes when extracting</li> <li><a href="https://github.com/rubyzip/rubyzip/commit/94b7fa276992933592d69eb6bb17fc09105f8395"><code>94b7fa2</code></a> [ci skip] Update changelog</li> <li><a href="https://github.com/rubyzip/rubyzip/commit/93505ca16f0444bdb04f88f4b8f820ae5d628353"><code>93505ca</code></a> Check expected entry size in add_stored test</li> <li><a href="https://github.com/rubyzip/rubyzip/commit/6619bf3a1d779f092481d37d84ea280e3c6f764f"><code>6619bf3</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/rubyzip/rubyzip/issues/366">#366</a> from hainesr/add-stored</li> <li><a href="https://github.com/rubyzip/rubyzip/commit/ecb277621852589ecc1557f228665a5338ac0809"><code>ecb2776</code></a> Zip::File.add_stored() to add uncompressed files.</li> <li>Additional commits viewable in <a href="https://github.com/rubyzip/rubyzip/compare/v1.1.6...v1.3.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in 2 months

PR opened TeachersPayTeachers/slackbot-workout

Bump requests from 2.7.0 to 2.20.0

Bumps requests from 2.7.0 to 2.20.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/psf/requests/blob/master/HISTORY.md">requests's changelog</a>.</em></p> <blockquote> <h2>2.20.0 (2018-10-18)</h2> <p><strong>Bugfixes</strong></p> <ul> <li>Content-Type header parsing is now case-insensitive (e.g. charset=utf8 v Charset=utf8).</li> <li>Fixed exception leak where certain redirect urls would raise uncaught urllib3 exceptions.</li> <li>Requests removes Authorization header from requests redirected from https to http on the same hostname. (CVE-2018-18074)</li> <li><code>should_bypass_proxies</code> now handles URIs without hostnames (e.g. files).</li> </ul> <p><strong>Dependencies</strong></p> <ul> <li>Requests now supports urllib3 v1.24.</li> </ul> <p><strong>Deprecations</strong></p> <ul> <li>Requests has officially stopped support for Python 2.6.</li> </ul> <h2>2.19.1 (2018-06-14)</h2> <p><strong>Bugfixes</strong></p> <ul> <li>Fixed issue where status_codes.py's <code>init</code> function failed trying to append to a <code>doc</code> value of <code>None</code>.</li> </ul> <h2>2.19.0 (2018-06-12)</h2> <p><strong>Improvements</strong></p> <ul> <li>Warn user about possible slowdown when using cryptography version < 1.3.4</li> <li>Check for invalid host in proxy URL, before forwarding request to adapter.</li> <li>Fragments are now properly maintained across redirects. (RFC7231 7.1.2)</li> <li>Removed use of cgi module to expedite library load time.</li> <li>Added support for SHA-256 and SHA-512 digest auth algorithms.</li> <li>Minor performance improvement to <code>Request.content</code>.</li> <li>Migrate to using collections.abc for 3.7 compatibility.</li> </ul> <p><strong>Bugfixes</strong></p> <ul> <li>Parsing empty <code>Link</code> headers with <code>parse_header_links()</code> no longer return one bogus entry.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/psf/requests/commit/bd840450c0d1e9db3bf62382c15d96378cc3a056"><code>bd84045</code></a> v2.20.0</li> <li><a href="https://github.com/psf/requests/commit/7fd9267b3bab1d45f5e4ac0953629c5531ecbc55"><code>7fd9267</code></a> remove final remnants from 2.6</li> <li><a href="https://github.com/psf/requests/commit/6ae8a2189235b62d7c5b2a6b95528750f046097c"><code>6ae8a21</code></a> Add myself to AUTHORS</li> <li><a href="https://github.com/psf/requests/commit/89ab030cdb83a728a30e172bc65d27ba214d2eda"><code>89ab030</code></a> Use comprehensions whenever possible</li> <li><a href="https://github.com/psf/requests/commit/2c6a8426aebd853966747f2c851f551c583cb21a"><code>2c6a842</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/psf/requests/issues/4827">#4827</a> from webmaven/patch-1</li> <li><a href="https://github.com/psf/requests/commit/30be889651e7034eaa56edaf5794d68ffbfde9ed"><code>30be889</code></a> CVE URLs update: www sub-subdomain no longer valid</li> <li><a href="https://github.com/psf/requests/commit/a6cd380c640087218695bc7c62311a4843777e43"><code>a6cd380</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/psf/requests/issues/4765">#4765</a> from requests/encapsulate_urllib3_exc</li> <li><a href="https://github.com/psf/requests/commit/bbdbcc8f0553f112ff68b0950b4128bd8af000fc"><code>bbdbcc8</code></a> wrap url parsing exceptions from urllib3's PoolManager</li> <li><a href="https://github.com/psf/requests/commit/ff0c325014f817095de35013d385e137b111d6e8"><code>ff0c325</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/psf/requests/issues/4805">#4805</a> from jdufresne/https</li> <li><a href="https://github.com/psf/requests/commit/b0ad2499c8641d29affc90f565e6628d333d2a96"><code>b0ad249</code></a> Prefer https:// for URLs throughout project</li> <li>Additional commits viewable in <a href="https://github.com/psf/requests/compare/v2.7.0...v2.20.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in 2 months

PublicEvent