From 1a1212367ce98051c469f800e0a425f1110578ec Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 10 Oct 2021 00:10:26 +0000 Subject: [PATCH 01/10] Bump bootstrap from 3.3.5 to 3.4.1 in /dot-net-cs/OAuth2Demo Bumps bootstrap from 3.3.5 to 3.4.1. --- updated-dependencies: - dependency-name: bootstrap dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- dot-net-cs/OAuth2Demo/packages.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dot-net-cs/OAuth2Demo/packages.config b/dot-net-cs/OAuth2Demo/packages.config index b2a25fb..7683f25 100644 --- a/dot-net-cs/OAuth2Demo/packages.config +++ b/dot-net-cs/OAuth2Demo/packages.config @@ -1,6 +1,6 @@  - + From 7d6a63d194ebaef2ddf1ae5ee9ae6457c0ebab35 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Jan 2022 14:55:53 +0000 Subject: [PATCH 02/10] Bump bootstrap in /dot-net-cs/OAuth2Demo/obj/Release/Package/PackageTmp Bumps bootstrap from 3.3.5 to 3.4.1. --- updated-dependencies: - dependency-name: bootstrap dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- .../OAuth2Demo/obj/Release/Package/PackageTmp/packages.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dot-net-cs/OAuth2Demo/obj/Release/Package/PackageTmp/packages.config b/dot-net-cs/OAuth2Demo/obj/Release/Package/PackageTmp/packages.config index b2a25fb..7683f25 100644 --- a/dot-net-cs/OAuth2Demo/obj/Release/Package/PackageTmp/packages.config +++ b/dot-net-cs/OAuth2Demo/obj/Release/Package/PackageTmp/packages.config @@ -1,6 +1,6 @@  - + From 2847a6edab21927e1dfa06d9d01c56758efb34aa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Jan 2022 14:55:55 +0000 Subject: [PATCH 03/10] Bump RestSharp in /dot-net-cs/OAuth2Demo/obj/Release/Package/PackageTmp Bumps [RestSharp](https://github.com/restsharp/RestSharp) from 105.0.1 to 106.12.0. - [Release notes](https://github.com/restsharp/RestSharp/releases) - [Changelog](https://github.com/restsharp/RestSharp/blob/dev/releasenotes.md) - [Commits](https://github.com/restsharp/RestSharp/compare/105.0.1...106.12) --- updated-dependencies: - dependency-name: RestSharp dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- .../OAuth2Demo/obj/Release/Package/PackageTmp/packages.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dot-net-cs/OAuth2Demo/obj/Release/Package/PackageTmp/packages.config b/dot-net-cs/OAuth2Demo/obj/Release/Package/PackageTmp/packages.config index b2a25fb..c1275f6 100644 --- a/dot-net-cs/OAuth2Demo/obj/Release/Package/PackageTmp/packages.config +++ b/dot-net-cs/OAuth2Demo/obj/Release/Package/PackageTmp/packages.config @@ -6,5 +6,5 @@ - + \ No newline at end of file From 9e4384c719a31781115588ae9181f5935375cf25 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Jan 2022 14:55:59 +0000 Subject: [PATCH 04/10] Bump django from 1.8.5 to 2.2.25 in /python-django Bumps [django](https://github.com/django/django) from 1.8.5 to 2.2.25. - [Release notes](https://github.com/django/django/releases) - [Commits](https://github.com/django/django/compare/1.8.5...2.2.25) --- updated-dependencies: - dependency-name: django dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- python-django/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python-django/requirements.txt b/python-django/requirements.txt index 3f3ab24..1ccf77b 100644 --- a/python-django/requirements.txt +++ b/python-django/requirements.txt @@ -1,4 +1,4 @@ -Django==1.8.5 +Django==2.2.25 argparse==1.2.1 requests==2.8.1 wsgiref==0.1.2 From 71dc3fa6b6880bd76d95645a4f84073bcfdf59e6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Jan 2022 14:57:00 +0000 Subject: [PATCH 05/10] Bump RestSharp from 105.0.1 to 106.12.0 in /dot-net-cs/OAuth2Demo Bumps [RestSharp](https://github.com/restsharp/RestSharp) from 105.0.1 to 106.12.0. - [Release notes](https://github.com/restsharp/RestSharp/releases) - [Changelog](https://github.com/restsharp/RestSharp/blob/dev/releasenotes.md) - [Commits](https://github.com/restsharp/RestSharp/compare/105.0.1...106.12) --- updated-dependencies: - dependency-name: RestSharp dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- dot-net-cs/OAuth2Demo/packages.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dot-net-cs/OAuth2Demo/packages.config b/dot-net-cs/OAuth2Demo/packages.config index 7683f25..6a681e6 100644 --- a/dot-net-cs/OAuth2Demo/packages.config +++ b/dot-net-cs/OAuth2Demo/packages.config @@ -6,5 +6,5 @@ - + \ No newline at end of file From 4e394581192c9e419b6e6648dc55c0a029d85a68 Mon Sep 17 00:00:00 2001 From: violethaze74 <65783327+violethaze74@users.noreply.github.com> Date: Wed, 12 Jan 2022 17:41:11 -0500 Subject: [PATCH 06/10] SECURITY.md --- SECURITY.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..034e848 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions + +Use this section to tell people about which versions of your project are +currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 5.1.x | :white_check_mark: | +| 5.0.x | :x: | +| 4.0.x | :white_check_mark: | +| < 4.0 | :x: | + +## Reporting a Vulnerability + +Use this section to tell people how to report a vulnerability. + +Tell them where to go, how often they can expect to get an update on a +reported vulnerability, what to expect if the vulnerability is accepted or +declined, etc. From e06c1acdb2a22428fae5f5a9796803a9f6daa345 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 22 Apr 2022 23:36:20 +0000 Subject: [PATCH 07/10] Bump django from 2.2.25 to 2.2.28 in /python-django Bumps [django](https://github.com/django/django) from 2.2.25 to 2.2.28. - [Release notes](https://github.com/django/django/releases) - [Commits](https://github.com/django/django/compare/2.2.25...2.2.28) --- updated-dependencies: - dependency-name: django dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- python-django/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python-django/requirements.txt b/python-django/requirements.txt index 1ccf77b..c903f63 100644 --- a/python-django/requirements.txt +++ b/python-django/requirements.txt @@ -1,4 +1,4 @@ -Django==2.2.25 +Django==2.2.28 argparse==1.2.1 requests==2.8.1 wsgiref==0.1.2 From 9942162a3ab32dd3a0c4897d5e4a126bdec88d9b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 May 2022 19:55:48 +0000 Subject: [PATCH 08/10] Bump requests from 2.8.1 to 2.20.0 in /python-django Bumps [requests](https://github.com/psf/requests) from 2.8.1 to 2.20.0. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.8.1...v2.20.0) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- python-django/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python-django/requirements.txt b/python-django/requirements.txt index c903f63..cc47b2c 100644 --- a/python-django/requirements.txt +++ b/python-django/requirements.txt @@ -1,5 +1,5 @@ Django==2.2.28 argparse==1.2.1 -requests==2.8.1 +requests==2.20.0 wsgiref==0.1.2 django-sslserver From 5a1ecf1a44bfe9e31351860457ad4e75571e5527 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 28 Aug 2022 18:54:52 +0000 Subject: [PATCH 09/10] fix: upgrade javax.servlet.jsp:jsp-api from 2.0 to 2.2 Snyk has created this PR to upgrade javax.servlet.jsp:jsp-api from 2.0 to 2.2. See this package in Maven Repository: https://mvnrepository.com/artifact/javax.servlet.jsp/jsp-api/ See this project in Snyk: https://app.snyk.io/org/violethaze74/project/ee0c5c40-d57f-4aaf-b31d-27f8776dffac?utm_source=github&utm_medium=referral&page=upgrade-pr --- java-servlet/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java-servlet/pom.xml b/java-servlet/pom.xml index 185519a..0e9acbb 100644 --- a/java-servlet/pom.xml +++ b/java-servlet/pom.xml @@ -13,7 +13,7 @@ 1.2.17 4.3.6 2.3.1 - 2.0 + 2.2 1.2 1.0 From 466292fd2126b87ce55fa5192dacc8bef9c31245 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 28 Aug 2022 18:54:54 +0000 Subject: [PATCH 10/10] fix: upgrade com.sequencing:oauth2-core from 1.0 to 1.9 Snyk has created this PR to upgrade com.sequencing:oauth2-core from 1.0 to 1.9. See this package in Maven Repository: https://mvnrepository.com/artifact/com.sequencing/oauth2-core/ See this project in Snyk: https://app.snyk.io/org/violethaze74/project/ee0c5c40-d57f-4aaf-b31d-27f8776dffac?utm_source=github&utm_medium=referral&page=upgrade-pr --- java-servlet/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java-servlet/pom.xml b/java-servlet/pom.xml index 185519a..8b18f5c 100644 --- a/java-servlet/pom.xml +++ b/java-servlet/pom.xml @@ -48,7 +48,7 @@ com.sequencing oauth2-core - 1.0 + 1.9