cofacts

<https://github.com/cofacts/rumors-api/pull/275|#275 List api enhancements>

<https://github.com/cofacts/rumors-api/pull/275|#275 List api enhancements>

Review on #275 List api enhancements

Review on #275 List api enhancements

Review on #275 List api enhancements

Review on #275 List api enhancements

<https://github.com/cofacts/rumors-api/pull/275|#275 List api enhancements>

<https://github.com/cofacts/rumors-api/pull/275|#275 List api enhancements>

<https://github.com/cofacts/rumors-api/pull/276|#276 Install pino logger and add query logging plug-in>

• Add an additional env var `LOG_REQUESTS` that will output request info for each incoming request • When `LOG_REQUESTS` exists, it also shows incoming GraphQL request, variables, and resolved user info • No change if `LOG_REQUESTS` do not exist in env var

<https://github.com/cofacts/rumors-api/pull/276|#276 Install pino logger and add query logging plug-in>

This PR introduces optional request logging (toggled by env var) to make debugging GraphQL requests easier. • Add an additional env var `LOG_REQUESTS` that will output request info for each incoming request • Turning this flag on will introduce lots of logs, needs to be aware of disk size when it is turned on • When `LOG_REQUESTS` exists, it also shows incoming GraphQL request, variables, and resolved user info • No change if `LOG_REQUESTS` do not exist in env var

:white_check_mark: All checks have passed

<https://github.com/cofacts/rumors-api/pull/276#issuecomment-1086926539|Comment on #276 Install pino logger and add query logging plug-in>

<https://coveralls.io/builds/47949955|Coverage Status> Coverage decreased (-0.2%) to 87.012% when pulling *<https://github.com/cofacts/rumors-api/commit/1485102feacea321a8d1a10576af4d2a8dd5ab68|1485102> on log-requests* into *<https://github.com/cofacts/rumors-api/commit/a709020aa38b1e8987308968e4c8b558525dcd51|a709020> on master*.

<https://github.com/cofacts/rumors-api/pull/276#issuecomment-1086926539|Comment on #276 Install pino logger and add query logging plug-in>

<https://coveralls.io/builds/47949955|Coverage Status> Coverage decreased (-0.2%) to 87.012% when pulling *<https://github.com/cofacts/rumors-api/commit/1485102feacea321a8d1a10576af4d2a8dd5ab68|1485102> on log-requests* into *<https://github.com/cofacts/rumors-api/commit/a709020aa38b1e8987308968e4c8b558525dcd51|a709020> on master*.

Review on #276 Install pino logger and add query logging plug-in

Review on #276 Install pino logger and add query logging plug-in

Review on #276 Install pino logger and add query logging plug-in

Review on #276 Install pino logger and add query logging plug-in

Review on #276 Install pino logger and add query logging plug-in

Review on #276 Install pino logger and add query logging plug-in

<https://github.com/cofacts/rumors-line-bot/pull/301|#301 Fix "not identical" unit test by making test input and mock data more distinct>

Unit test on master branch is broken when we <https://github.com/cofacts/rumors-line-bot/pull/298|drop the similarity threshold to 0.8>. The broken test case is "groupMessage should handle input is not identical to article". The root cause is that the similarity between test input `我知道黑啤愛吃蠶寶寶哦！` and mockup `我不會說我知道黑啤愛吃蠶寶寶哦！` is higher than the new threshold 0.8. The test case is meant to be testing the behavior when test input is lower than the threshold. Therefore, this PR makes the test input more dissimilar with the mockup data, so that we can test the desired branch and thus fix the test. ``` const ss = require('string-similarity') ss.compareTwoStrings('我不會說我知道黑啤愛吃蠶寶寶哦！', '我知道黑啤愛吃蠶寶寶哦！') // 0.8461538461538461 ss.compareTwoStrings('我不會說我知道黑啤愛吃蠶寶寶哦！', '我知道黑啤愛吃兔寶寶哦！') // 0.6923076923076923 ```

:white_check_mark: All checks have passed

<https://github.com/cofacts/rumors-line-bot/pull/301|#301 Fix "not identical" unit test by making test input and mock data more distinct>

Unit test on master branch is broken when we <https://github.com/cofacts/rumors-line-bot/pull/298|drop the similarity threshold to 0.8>. The broken test case is "groupMessage should handle input is not identical to article". The root cause is that the similarity between test input `我知道黑啤愛吃蠶寶寶哦！` and mockup `我不會說我知道黑啤愛吃蠶寶寶哦！` is higher than the new threshold 0.8. The test case is meant to be testing the behavior when test input is lower than the threshold. Therefore, this PR makes the test input more dissimilar with the mockup data, so that we can test the desired branch and thus fix the test. ``` const ss = require('string-similarity') ss.compareTwoStrings('我不會說我知道黑啤愛吃蠶寶寶哦！', '我知道黑啤愛吃蠶寶寶哦！') // 0.8461538461538461 ss.compareTwoStrings('我不會說我知道黑啤愛吃蠶寶寶哦！', '我知道黑啤愛吃蛾哦！') // 0.5833333333333334 ```

<https://github.com/cofacts/rumors-line-bot/pull/300|#300 Reply request form for LIFF>

<https://github.com/cofacts/rumors-line-bot/pull/300|#300 Reply request form for LIFF>

Review on #300 Reply request form for LIFF

Review on #300 Reply request form for LIFF

<https://github.com/cofacts/rumors-line-bot/pull/301|#301 Fix "not identical" unit test by making test input and mock data more distinct>

<https://github.com/cofacts/rumors-line-bot/pull/301|#301 Fix "not identical" unit test by making test input and mock data more distinct>

<https://github.com/cofacts/takedowns/pull/58|#58 Create 0406-ads.md>

<https://github.com/cofacts/takedowns/pull/58|#58 Create 0406-ads.md>

Review on #58 Create 0406-ads.md

Review on #58 Create 0406-ads.md

Review on #58 Create 0406-ads.md

Review on #58 Create 0406-ads.md

HackMD

Cofacts 會議記錄 - HackMD

# Cofacts 會議記錄 ## 2022 - [20220406 會議記錄](/gyIJXbTqRnySbfeaPJcJew) - [20220330 會議記錄](/OdOwYeKjQsSy

<https://github.com/cofacts/takedowns/pull/58|#58 Create 0406-ads.md>

<https://github.com/cofacts/takedowns/pull/58|#58 Create 0406-ads.md>

<https://github.com/cofacts/rumors-fb-bot/pull/34|#34 Bump moment from 2.22.2 to 2.29.2>

Bumps <https://github.com/moment/moment|moment> from 2.22.2 to 2.29.2. Changelog _Sourced from <https://github.com/moment/moment/blob/develop/CHANGELOG.md|moment's changelog>._ &gt; *2.29.2 <https://gist.github.com/ichernev/1904b564f6679d9aac1ae08ce13bc45c|See full changelog>* &gt; &gt; • Release Apr 3 2022 &gt; &gt; Address <https://github.com/advisories/GHSA-8hfj-j24r-96c4|GHSA-8hfj-j24r-96c4> &gt; &gt; *2.29.1 <https://gist.github.com/marwahaha/cc478ba01a1292ab4bd4e861d164d99b|See full changelog>* &gt; &gt; • Release Oct 6, 2020 &gt; &gt; Updated deprecation message, bugfix in hi locale &gt; &gt; *2.29.0 <https://gist.github.com/marwahaha/b0111718641a6461800066549957ec14|See full changelog>* &gt; &gt; • Release Sept 22, 2020 &gt; &gt; New locales (es-mx, bn-bd). Minor bugfixes and locale improvements. More tests. Moment is in maintenance mode. Read more at this link: <https://momentjs.com/docs/#/-project-status/|https://momentjs.com/docs/#/-project-status/> &gt; &gt; *2.28.0 <https://gist.github.com/marwahaha/028fd6c2b2470b2804857cfd63c0e94f|See full changelog>* &gt; &gt; • Release Sept 13, 2020 &gt; &gt; Fix bug where .format() modifies original instance, and locale updates &gt; &gt; *2.27.0 <https://gist.github.com/marwahaha/5100c9c2f42019067b1f6cefc333daa7|See full changelog>* &gt; &gt; • Release June 18, 2020 &gt; &gt; Added Turkmen locale, other locale improvements, slight TypeScript fixes &gt; &gt; *2.26.0 <https://gist.github.com/marwahaha/0725c40740560854a849b096ea7b7590|See full changelog>* &gt; &gt; • Release May 19, 2020 &gt; &gt; TypeScript fixes and many locale improvements &gt; &gt; *2.25.3* &gt; &gt; • Release May 4, 2020 &gt; &gt; Remove package.json module property. It looks like webpack behaves differently for modules loaded via module vs jsnext:main. &gt; &gt; *2.25.2* &gt; &gt; • Release May 4, 2020 ... (truncated) Commits • <https://github.com/moment/moment/commit/75e2ac573e8cd62086a6bc6dc1b8d271e2804391|`75e2ac5`> Build 2.29.2 • <https://github.com/moment/moment/commit/5a2987758edc7d413d1248737d9d0d1b65a70450|`5a29877`> Bump version to 2.29.2 • <https://github.com/moment/moment/commit/4fd847b7a8c7065d88ba0a64b727660190dd45d7|`4fd847b`> Update changelog for 2.29.2 • <https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5|`4211bfc`> [bugfix] Avoid loading path-looking locales from fs • <https://github.com/moment/moment/commit/f2a813afcfd0dd6e63812ea74c46ecc627f6a6a6|`f2a813a`> [misc] Fix indentation (according to prettier) • <https://github.com/moment/moment/commit/7a10de889de64c2519f894a84a98030bec5022d9|`7a10de8`> [test] Avoid hours around DST • <https://github.com/moment/moment/commit/e96809208c9d1b1bbe22d605e76985770024de42|`e968092`> [locale] ar-ly: fix locale name (<https://github-redirect.dependabot.com/moment/moment/issues/5828|#5828>) • <https://github.com/moment/moment/commit/53d7ee6ad8c60c891571c7085db91831bbc095b4|`53d7ee6`> [misc] fix builds (<https://github-redirect.dependabot.com/moment/moment/issues/5836|#5836>) • <https://github.com/moment/moment/commit/52019f1dda47c3e598aaeaa4ac89d5a574641604|`52019f1`> [misc] Specify length of toArray return type (<https://github-redirect.dependabot.com/moment/moment/issues/5766|#5766>) • <https://github.com/moment/moment/commit/0dcaaa689d02dde824029b09ab6aa64ff351ee2e|`0dcaaa6`> [locale] tr: update translation of Monday and Saturday (<https://github-redirect.dependabot.com/moment/moment/issues/5756|#5756>) • Additional commits viewable in <https://github.com/moment/moment/compare/2.22.2...2.29.2|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/cofacts/rumors-fb-bot/network/alerts|Security Alerts page>.

<https://github.com/cofacts/rumors-fb-bot/pull/34|#34 Bump moment from 2.22.2 to 2.29.2>

Bumps <https://github.com/moment/moment|moment> from 2.22.2 to 2.29.2. Changelog _Sourced from <https://github.com/moment/moment/blob/develop/CHANGELOG.md|moment's changelog>._ &gt; *2.29.2 <https://gist.github.com/ichernev/1904b564f6679d9aac1ae08ce13bc45c|See full changelog>* &gt; &gt; • Release Apr 3 2022 &gt; &gt; Address <https://github.com/advisories/GHSA-8hfj-j24r-96c4|GHSA-8hfj-j24r-96c4> &gt; &gt; *2.29.1 <https://gist.github.com/marwahaha/cc478ba01a1292ab4bd4e861d164d99b|See full changelog>* &gt; &gt; • Release Oct 6, 2020 &gt; &gt; Updated deprecation message, bugfix in hi locale &gt; &gt; *2.29.0 <https://gist.github.com/marwahaha/b0111718641a6461800066549957ec14|See full changelog>* &gt; &gt; • Release Sept 22, 2020 &gt; &gt; New locales (es-mx, bn-bd). Minor bugfixes and locale improvements. More tests. Moment is in maintenance mode. Read more at this link: <https://momentjs.com/docs/#/-project-status/|https://momentjs.com/docs/#/-project-status/> &gt; &gt; *2.28.0 <https://gist.github.com/marwahaha/028fd6c2b2470b2804857cfd63c0e94f|See full changelog>* &gt; &gt; • Release Sept 13, 2020 &gt; &gt; Fix bug where .format() modifies original instance, and locale updates &gt; &gt; *2.27.0 <https://gist.github.com/marwahaha/5100c9c2f42019067b1f6cefc333daa7|See full changelog>* &gt; &gt; • Release June 18, 2020 &gt; &gt; Added Turkmen locale, other locale improvements, slight TypeScript fixes &gt; &gt; *2.26.0 <https://gist.github.com/marwahaha/0725c40740560854a849b096ea7b7590|See full changelog>* &gt; &gt; • Release May 19, 2020 &gt; &gt; TypeScript fixes and many locale improvements &gt; &gt; *2.25.3* &gt; &gt; • Release May 4, 2020 &gt; &gt; Remove package.json module property. It looks like webpack behaves differently for modules loaded via module vs jsnext:main. &gt; &gt; *2.25.2* &gt; &gt; • Release May 4, 2020 ... (truncated) Commits • <https://github.com/moment/moment/commit/75e2ac573e8cd62086a6bc6dc1b8d271e2804391|`75e2ac5`> Build 2.29.2 • <https://github.com/moment/moment/commit/5a2987758edc7d413d1248737d9d0d1b65a70450|`5a29877`> Bump version to 2.29.2 • <https://github.com/moment/moment/commit/4fd847b7a8c7065d88ba0a64b727660190dd45d7|`4fd847b`> Update changelog for 2.29.2 • <https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5|`4211bfc`> [bugfix] Avoid loading path-looking locales from fs • <https://github.com/moment/moment/commit/f2a813afcfd0dd6e63812ea74c46ecc627f6a6a6|`f2a813a`> [misc] Fix indentation (according to prettier) • <https://github.com/moment/moment/commit/7a10de889de64c2519f894a84a98030bec5022d9|`7a10de8`> [test] Avoid hours around DST • <https://github.com/moment/moment/commit/e96809208c9d1b1bbe22d605e76985770024de42|`e968092`> [locale] ar-ly: fix locale name (<https://github-redirect.dependabot.com/moment/moment/issues/5828|#5828>) • <https://github.com/moment/moment/commit/53d7ee6ad8c60c891571c7085db91831bbc095b4|`53d7ee6`> [misc] fix builds (<https://github-redirect.dependabot.com/moment/moment/issues/5836|#5836>) • <https://github.com/moment/moment/commit/52019f1dda47c3e598aaeaa4ac89d5a574641604|`52019f1`> [misc] Specify length of toArray return type (<https://github-redirect.dependabot.com/moment/moment/issues/5766|#5766>) • <https://github.com/moment/moment/commit/0dcaaa689d02dde824029b09ab6aa64ff351ee2e|`0dcaaa6`> [locale] tr: update translation of Monday and Saturday (<https://github-redirect.dependabot.com/moment/moment/issues/5756|#5756>) • Additional commits viewable in <https://github.com/moment/moment/compare/2.22.2...2.29.2|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/cofacts/rumors-fb-bot/network/alerts|Security Alerts page>.

<https://github.com/cofacts/rumors-api/pull/276|#276 Install pino logger and add query logging plug-in>

<https://github.com/cofacts/rumors-api/pull/276|#276 Install pino logger and add query logging plug-in>

<https://github.com/cofacts/rumors-line-bot/pull/300|#300 Reply request form for LIFF>

<https://github.com/cofacts/rumors-line-bot/pull/300|#300 Reply request form for LIFF>

<https://github.com/cofacts/rumors-site/issues/481|#481 Category label is not updated after adding one category>

After adding a category, currently there is no any visual feedback that tells the user that the category is added. Current workaround: refresh the whole page Expected: UI should show that the category is added immediately (or shortly after API response)

<https://github.com/cofacts/rumors-site/issues/481|#481 Category label is not updated after adding one category>

After adding a category, currently there is no any visual feedback that tells the user that the category is added. <https://user-images.githubusercontent.com/108608/162559676-022d4169-ba14-4525-a804-47b988fd6df0.gif|no-response> Current workaround: refresh the whole page Expected: UI should show that the category is added immediately (or shortly after API response)

<https://github.com/cofacts/rumors-line-bot/pull/302|#302 Revamp no reply flow>

<https://github.com/cofacts/rumors-line-bot/pull/302|#302 Revamp no reply flow>

<https://github.com/cofacts/rumors-line-bot/pull/302#discussion_r846597368|Comment on #302 Revamp no reply flow>

I do have a question here. It seems that for most event handlers, we no longer return a `state` anymore. We choose to detect what "state" the user should go to in `handleInput` instead. If this is the case, should we still mutate `state` here?

<https://github.com/cofacts/rumors-line-bot/pull/302#discussion_r846597368|Comment on #302 Revamp no reply flow>

I do have a question here. It seems that for most event handlers, we no longer return a `state` anymore. We choose to detect what "state" the user should go to in `handleInput` instead. If this is the case, should we still mutate `state` here?

<https://github.com/cofacts/rumors-line-bot/pull/302#discussion_r846603268|Comment on #302 Revamp no reply flow>

No. I return `state: CHOOSING_REPLY` at line 127 is because `isSkipUser: true`, which makes `handleInput` continue `choosingReply`. Maybe we can consider calling `choosingReply` directly or use a callback function at line 127 and remove `isSkipUser` do-while loop in `handleInput`. Note: there's another `isSkipUser: true` in `initState`.

<https://github.com/cofacts/rumors-line-bot/pull/302#discussion_r846603268|Comment on #302 Revamp no reply flow>

No. I return `state: CHOOSING_REPLY` at line 127 is because `isSkipUser: true`, which makes `handleInput` continue `choosingReply`. Maybe we can consider calling `choosingReply` directly or use a callback function at line 127 and remove `isSkipUser` do-while loop in `handleInput`. Note: there's another `isSkipUser: true` in `initState`.

Review on #302 Revamp no reply flow

Review on #302 Revamp no reply flow

YouTube

資訊戰異軍突起｜烏克蘭絕地反攻｜#沈伯洋 #矢板明夫 #汪浩｜@華視三國演議｜20220410

Review on #302 Revamp no reply flow

Review on #302 Revamp no reply flow

<https://github.com/cofacts/rumors-line-bot/pull/302#discussion_r847899926|Comment on #302 Revamp no reply flow>

Thanks! I will remove change regarding `state` returned here. I can try calling `choosingReply` in this handler to reduce the usage of `isSkipUser`. If there is any issue I can still keep using `isSkipUser`.

<https://github.com/cofacts/rumors-line-bot/pull/302#discussion_r847899926|Comment on #302 Revamp no reply flow>

Thanks! I will remove change regarding `state` returned here. This should remove the code change on test fixtures and thus makes code changes cleaner. I can also try calling `choosingReply` in this handler to reduce the usage of `isSkipUser`, so expect some new snapshot changes regarding this. If there is any issue (like more unexpected changes required), I can still keep using `isSkipUser`.

<https://github.com/cofacts/rumors-line-bot/pull/302|#302 Revamp no reply flow>

<https://github.com/cofacts/rumors-line-bot/pull/302|#302 Revamp no reply flow>

Review on #302 Revamp no reply flow

LGTM!

Review on #302 Revamp no reply flow

LGTM!

<https://github.com/cofacts/rumors-line-bot/pull/302|#302 Revamp no reply flow>

<https://github.com/cofacts/rumors-line-bot/pull/302|#302 Revamp no reply flow>

<https://github.com/cofacts/rumors-fb-bot/pull/35|#35 Bump urijs from 1.19.1 to 1.19.11>

Bumps <https://github.com/medialize/URI.js|urijs> from 1.19.1 to 1.19.11. Release notes _Sourced from <https://github.com/medialize/URI.js/releases|urijs's releases>._ &gt; *1.19.11 (April 3rd 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle excessive slashes in scheme-relative URLs - disclosed by <https://github.com/zeyu2001|zeyu2001> via <https://huntr.dev/|https://huntr.dev/> &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> remove `\r` (CR), `\n`, (LF) `\t` (TAB) - disclosed by <https://github.com/haxatron|haxatron> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.10 (March 5th 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle excessive colons in protocol delimiter - disclosed by <https://github.com/huydoppa|huydoppa> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.9 (March 3rd 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle leading whitespace - disclosed by <https://github.com/p0cas|p0cas> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.8 (February 15th 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> treat scheme case-insenstivie when handling excessive slackes and backslashes - [PR <https://github-redirect.dependabot.com/medialize/URI.js/issues/412|#412>](<https://github-redirect.dependabot.com/medialize/URI.js/pull/412|medialize/URI.js#412>) by <https://github.com/r0hanSH|r0hanSH> &gt; &gt; *1.19.7 (July 14th 2021)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parseQuery|`URI.parseQuery()`> to prevent overwriting `__proto__` in parseQuery() - disclosed privately by <https://github.com/NewEraCracker|`@​NewEraCracker`> &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> to handle variable amounts of `\` and `/` in scheme delimiter as Node and Browsers do - disclosed privately by <https://github.com/ready-research|ready-research> via <https://huntr.dev/|https://huntr.dev/> &gt; • removed obsolete build tools &gt; • updated jQuery versions (verifying compatibility with 1.12.4, 2.2.4, 3.6.0) &gt; &gt; *1.19.6 (February 13th 2021)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> to rewrite `\` in scheme delimiter to `/` as Node and Browsers do - disclosed privately by <https://twitter.com/ynizry|Yaniv Nizry> from the CxSCA AppSec team at Checkmarx &gt; &gt; *1.19.5 (December 30th 2020)* &gt; &gt; • dropping jquery.URI.js from minified bundle accidentally added since v1.19.3 - [Issue <https://github-redirect.dependabot.com/medialize/URI.js/issues/404|#404>](<https://github-redirect.dependabot.com/medialize/URI.js/issues/404|medialize/URI.js#404>) &gt; &gt; *1.19.4 (December 23rd 2020)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parseAuthority|`URI.parseAuthority()`> to rewrite `\` to `/` as Node and Browsers do - followed up to by <https://github.com/alesandroortiz|alesandroortiz> in [PR <https://github-redirect.dependabot.com/medialize/URI.js/issues/403|#403>](<https://github-redirect.dependabot.com/medialize/URI.js/issues/403|medialize/URI.js#403>), relates to [Issue <https://github-redirect.dependabot.com/medialize/URI.js/issues/233|#233>](<https://github-redirect.dependabot.com/medialize/URI.js/pull/233|medialize/URI.js#233>) &gt; &gt; *1.19.3 (December 20th 2020)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parseAuthority|`URI.parseAuthority()`> to rewrite `\` to `/` as Node and Browsers do - disclosed privately by <https://github.com/alesandroortiz|alesandroortiz>, relates to [Issue <https://github-redirect.dependabot.com/medialize/URI.js/issues/233|#233>](<https://github-redirect.dependabot.com/medialize/URI.js/pull/233|medialize/URI.js#233>) &gt; &gt; *1.19.2 (October 20th 2019)* &gt; &gt; • fixing <http://medialize.github.io/URI.js/docs.html#static-build|`URI.build()`> to properly handle relative paths when a scheme is given - [Issue <https://github-redirect.dependabot.com/medialize/URI.js/issues/387|#387>](<https://github-redirect.dependabot.com/medialize/URI.js/issues/387|medialize/URI.js#387>) &gt; • fixing <http://medialize.github.io/URI.js/docs.html#static-buildQuery|`URI.buildQuery()`> to properly handle empty param name - [Issue <https://github-redirect.dependabot.com/medialize/URI.js/issues/243|#243>](<https://github-redirect.dependabot.com/medialize/URI.js/issues/243|medialize/URI.js#243>), [PR <https://github-redirect.dependabot.com/medialize/URI.js/issues/383|#383>](<https://github-redirect.dependabot.com/medialize/URI.js/issues/383|medialize/URI.js#383>) &gt; • support Composer [PR <https://github-redirect.dependabot.com/medialize/URI.js/issues/386|#386>](<https://github-redirect.dependabot.com/medialize/URI.js/issues/386|medialize/URI.js#386>) Changelog _Sourced from <https://github.com/medialize/URI.js/blob/gh-pages/CHANGELOG.md|urijs's changelog>._ Commits • <https://github.com/medialize/URI.js/commit/b655c1b972111ade9f181b02374305942e68e30a|`b655c1b`> chore(build): bumping to version 1.19.11 • <https://github.com/medialize/URI.js/commit/b0c9796aa1a95a85f40924fb18b1e5da3dc8ffae|`b0c9796`> fix(parse): handle CR,LF,TAB • <https://github.com/medialize/URI.js/commit/88805fd3da03bd7a5e60947adb49d182011f1277|`88805fd`> fix(parse): handle excessive slashes in scheme-relative URLs • <https://github.com/medialize/URI.js/commit/926b2aa1099f177f82d0a998da4b43e69fe56ec8|`926b2aa`> chore(build): bumping to version 1.19.10 • <https://github.com/medialize/URI.js/commit/a8166fe02f3af6dc1b2b888dcbb807155aad9509|`a8166fe`> fix(parse): handle excessive colons in scheme delimiter • <https://github.com/medialize/URI.js/commit/01920b5cda87d5dd726eab43d6e7f3ce34a2fd52|`01920b5`> chore(build): bumping to version 1.19.9 • <https://github.com/medialize/URI.js/commit/86d10523a6f6e8dc4300d99d671335ee362ad316|`86d1052`> fix(parse): remove leading whitespace • <https://github.com/medialize/URI.js/commit/efae1e56bd80d78478ffb8bcb8a75ee2c0f1031b|`efae1e5`> chore(build): bumping to version 1.19.8 • <https://github.com/medialize/URI.js/commit/6ea641cc8648b025ed5f30b090c2abd4d1a5249f|`6ea641c`> fix(parse): case insensitive scheme - <https://github-redirect.dependabot.com/medialize/URI.js/issues/412|#412> • <https://github.com/medialize/URI.js/commit/19e54c78d5864aec43986e8f96be8d15998daa80|`19e54c7`> chore(build): bumping to version 1.19.7 • Additional commits viewable in <https://github.com/medialize/URI.js/compare/v1.19.1...v1.19.11|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you re…

<https://github.com/cofacts/rumors-fb-bot/pull/35|#35 Bump urijs from 1.19.1 to 1.19.11>

Bumps <https://github.com/medialize/URI.js|urijs> from 1.19.1 to 1.19.11. Release notes _Sourced from <https://github.com/medialize/URI.js/releases|urijs's releases>._ &gt; *1.19.11 (April 3rd 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle excessive slashes in scheme-relative URLs - disclosed by <https://github.com/zeyu2001|zeyu2001> via <https://huntr.dev/|https://huntr.dev/> &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> remove `\r` (CR), `\n`, (LF) `\t` (TAB) - disclosed by <https://github.com/haxatron|haxatron> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.10 (March 5th 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle excessive colons in protocol delimiter - disclosed by <https://github.com/huydoppa|huydoppa> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.9 (March 3rd 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle leading whitespace - disclosed by <https://github.com/p0cas|p0cas> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.8 (February 15th 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> treat scheme case-insenstivie when handling excessive slackes and backslashes - [PR <https://github-redirect.dependabot.com/medialize/URI.js/issues/412|#412>](<https://github-redirect.dependabot.com/medialize/URI.js/pull/412|medialize/URI.js#412>) by <https://github.com/r0hanSH|r0hanSH> &gt; &gt; *1.19.7 (July 14th 2021)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parseQuery|`URI.parseQuery()`> to prevent overwriting `__proto__` in parseQuery() - disclosed privately by <https://github.com/NewEraCracker|`@​NewEraCracker`> &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> to handle variable amounts of `\` and `/` in scheme delimiter as Node and Browsers do - disclosed privately by <https://github.com/ready-research|ready-research> via <https://huntr.dev/|https://huntr.dev/> &gt; • removed obsolete build tools &gt; • updated jQuery versions (verifying compatibility with 1.12.4, 2.2.4, 3.6.0) &gt; &gt; *1.19.6 (February 13th 2021)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> to rewrite `\` in scheme delimiter to `/` as Node and Browsers do - disclosed privately by <https://twitter.com/ynizry|Yaniv Nizry> from the CxSCA AppSec team at Checkmarx &gt; &gt; *1.19.5 (December 30th 2020)* &gt; &gt; • dropping jquery.URI.js from minified bundle accidentally added since v1.19.3 - [Issue <https://github-redirect.dependabot.com/medialize/URI.js/issues/404|#404>](<https://github-redirect.dependabot.com/medialize/URI.js/issues/404|medialize/URI.js#404>) &gt; &gt; *1.19.4 (December 23rd 2020)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parseAuthority|`URI.parseAuthority()`> to rewrite `\` to `/` as Node and Browsers do - followed up to by <https://github.com/alesandroortiz|alesandroortiz> in [PR <https://github-redirect.dependabot.com/medialize/URI.js/issues/403|#403>](<https://github-redirect.dependabot.com/medialize/URI.js/issues/403|medialize/URI.js#403>), relates to [Issue <https://github-redirect.dependabot.com/medialize/URI.js/issues/233|#233>](<https://github-redirect.dependabot.com/medialize/URI.js/pull/233|medialize/URI.js#233>) &gt; &gt; *1.19.3 (December 20th 2020)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parseAuthority|`URI.parseAuthority()`> to rewrite `\` to `/` as Node and Browsers do - disclosed privately by <https://github.com/alesandroortiz|alesandroortiz>, relates to [Issue <https://github-redirect.dependabot.com/medialize/URI.js/issues/233|#233>](<https://github-redirect.dependabot.com/medialize/URI.js/pull/233|medialize/URI.js#233>) &gt; &gt; *1.19.2 (October 20th 2019)* &gt; &gt; • fixing <http://medialize.github.io/URI.js/docs.html#static-build|`URI.build()`> to properly handle relative paths when a scheme is given - [Issue <https://github-redirect.dependabot.com/medialize/URI.js/issues/387|#387>](<https://github-redirect.dependabot.com/medialize/URI.js/issues/387|medialize/URI.js#387>) &gt; • fixing <http://medialize.github.io/URI.js/docs.html#static-buildQuery|`URI.buildQuery()`> to properly handle empty param name - [Issue <https://github-redirect.dependabot.com/medialize/URI.js/issues/243|#243>](<https://github-redirect.dependabot.com/medialize/URI.js/issues/243|medialize/URI.js#243>), [PR <https://github-redirect.dependabot.com/medialize/URI.js/issues/383|#383>](<https://github-redirect.dependabot.com/medialize/URI.js/issues/383|medialize/URI.js#383>) &gt; • support Composer [PR <https://github-redirect.dependabot.com/medialize/URI.js/issues/386|#386>](<https://github-redirect.dependabot.com/medialize/URI.js/issues/386|medialize/URI.js#386>) Changelog _Sourced from <https://github.com/medialize/URI.js/blob/gh-pages/CHANGELOG.md|urijs's changelog>._ Commits • <https://github.com/medialize/URI.js/commit/b655c1b972111ade9f181b02374305942e68e30a|`b655c1b`> chore(build): bumping to version 1.19.11 • <https://github.com/medialize/URI.js/commit/b0c9796aa1a95a85f40924fb18b1e5da3dc8ffae|`b0c9796`> fix(parse): handle CR,LF,TAB • <https://github.com/medialize/URI.js/commit/88805fd3da03bd7a5e60947adb49d182011f1277|`88805fd`> fix(parse): handle excessive slashes in scheme-relative URLs • <https://github.com/medialize/URI.js/commit/926b2aa1099f177f82d0a998da4b43e69fe56ec8|`926b2aa`> chore(build): bumping to version 1.19.10 • <https://github.com/medialize/URI.js/commit/a8166fe02f3af6dc1b2b888dcbb807155aad9509|`a8166fe`> fix(parse): handle excessive colons in scheme delimiter • <https://github.com/medialize/URI.js/commit/01920b5cda87d5dd726eab43d6e7f3ce34a2fd52|`01920b5`> chore(build): bumping to version 1.19.9 • <https://github.com/medialize/URI.js/commit/86d10523a6f6e8dc4300d99d671335ee362ad316|`86d1052`> fix(parse): remove leading whitespace • <https://github.com/medialize/URI.js/commit/efae1e56bd80d78478ffb8bcb8a75ee2c0f1031b|`efae1e5`> chore(build): bumping to version 1.19.8 • <https://github.com/medialize/URI.js/commit/6ea641cc8648b025ed5f30b090c2abd4d1a5249f|`6ea641c`> fix(parse): case insensitive scheme - <https://github-redirect.dependabot.com/medialize/URI.js/issues/412|#412> • <https://github.com/medialize/URI.js/commit/19e54c78d5864aec43986e8f96be8d15998daa80|`19e54c7`> chore(build): bumping to version 1.19.7 • Additional commits viewable in <https://github.com/medialize/URI.js/compare/v1.19.1...v1.19.11|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you re…

<https://github.com/cofacts/rumors-fb-bot/pull/33#issuecomment-1097306261|Comment on #33 Bump urijs from 1.19.1 to 1.19.10>

Superseded by <https://github.com/cofacts/rumors-fb-bot/pull/35|#35>.

<https://github.com/cofacts/rumors-fb-bot/pull/33#issuecomment-1097306261|Comment on #33 Bump urijs from 1.19.1 to 1.19.10>

Superseded by <https://github.com/cofacts/rumors-fb-bot/pull/35|#35>.

<https://github.com/cofacts/rumors-fb-bot/pull/33|#33 Bump urijs from 1.19.1 to 1.19.10>

<https://github.com/cofacts/rumors-fb-bot/pull/33|#33 Bump urijs from 1.19.1 to 1.19.10>

<https://github.com/cofacts/rumors-site/pull/482|#482 Bump urijs from 1.19.6 to 1.19.11>

Bumps <https://github.com/medialize/URI.js|urijs> from 1.19.6 to 1.19.11. Release notes _Sourced from <https://github.com/medialize/URI.js/releases|urijs's releases>._ &gt; *1.19.11 (April 3rd 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle excessive slashes in scheme-relative URLs - disclosed by <https://github.com/zeyu2001|zeyu2001> via <https://huntr.dev/|https://huntr.dev/> &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> remove `\r` (CR), `\n`, (LF) `\t` (TAB) - disclosed by <https://github.com/haxatron|haxatron> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.10 (March 5th 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle excessive colons in protocol delimiter - disclosed by <https://github.com/huydoppa|huydoppa> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.9 (March 3rd 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle leading whitespace - disclosed by <https://github.com/p0cas|p0cas> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.8 (February 15th 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> treat scheme case-insenstivie when handling excessive slackes and backslashes - [PR <https://github-redirect.dependabot.com/medialize/URI.js/issues/412|#412>](<https://github-redirect.dependabot.com/medialize/URI.js/pull/412|medialize/URI.js#412>) by <https://github.com/r0hanSH|r0hanSH> &gt; &gt; *1.19.7 (July 14th 2021)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parseQuery|`URI.parseQuery()`> to prevent overwriting `__proto__` in parseQuery() - disclosed privately by <https://github.com/NewEraCracker|`@​NewEraCracker`> &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> to handle variable amounts of `\` and `/` in scheme delimiter as Node and Browsers do - disclosed privately by <https://github.com/ready-research|ready-research> via <https://huntr.dev/|https://huntr.dev/> &gt; • removed obsolete build tools &gt; • updated jQuery versions (verifying compatibility with 1.12.4, 2.2.4, 3.6.0) Changelog _Sourced from <https://github.com/medialize/URI.js/blob/gh-pages/CHANGELOG.md|urijs's changelog>._ &gt; *1.19.11 (April 3rd 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle excessive slashes in scheme-relative URLs - disclosed by <https://github.com/zeyu2001|zeyu2001> via <https://huntr.dev/|https://huntr.dev/> &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> remove `\r` (CR), `\n`, (LF) `\t` (TAB) - disclosed by <https://github.com/haxatron|haxatron> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.10 (March 5th 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle excessive colons in protocol delimiter - disclosed by <https://github.com/huydoppa|huydoppa> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.9 (March 3rd 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle leading whitespace - disclosed by <https://github.com/p0cas|p0cas> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.8 (February 15th 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> treat scheme case-insenstivie when handling excessive slackes and backslashes - [PR <https://github-redirect.dependabot.com/medialize/URI.js/issues/412|#412>](<https://github-redirect.dependabot.com/medialize/URI.js/pull/412|medialize/URI.js#412>) by <https://github.com/r0hanSH|r0hanSH> &gt; &gt; *1.19.7 (July 14th 2021)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parseQuery|`URI.parseQuery()`> to prevent overwriting `__proto__` in parseQuery() - disclosed privately by <https://github.com/NewEraCracker|`@​NewEraCracker`> &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> to handle variable amounts of `\` and `/` in scheme delimiter as Node and Browsers do - disclosed privately by <https://github.com/ready-research|ready-research> via <https://huntr.dev/|https://huntr.dev/> &gt; • removed obsolete build tools &gt; • updated jQuery versions (verifying compatibility with 1.12.4, 2.2.4, 3.6.0) Commits • <https://github.com/medialize/URI.js/commit/b655c1b972111ade9f181b02374305942e68e30a|`b655c1b`> chore(build): bumping to version 1.19.11 • <https://github.com/medialize/URI.js/commit/b0c9796aa1a95a85f40924fb18b1e5da3dc8ffae|`b0c9796`> fix(parse): handle CR,LF,TAB • <https://github.com/medialize/URI.js/commit/88805fd3da03bd7a5e60947adb49d182011f1277|`88805fd`> fix(parse): handle excessive slashes in scheme-relative URLs • <https://github.com/medialize/URI.js/commit/926b2aa1099f177f82d0a998da4b43e69fe56ec8|`926b2aa`> chore(build): bumping to version 1.19.10 • <https://github.com/medialize/URI.js/commit/a8166fe02f3af6dc1b2b888dcbb807155aad9509|`a8166fe`> fix(parse): handle excessive colons in scheme delimiter • <https://github.com/medialize/URI.js/commit/01920b5cda87d5dd726eab43d6e7f3ce34a2fd52|`01920b5`> chore(build): bumping to version 1.19.9 • <https://github.com/medialize/URI.js/commit/86d10523a6f6e8dc4300d99d671335ee362ad316|`86d1052`> fix(parse): remove leading whitespace • <https://github.com/medialize/URI.js/commit/efae1e56bd80d78478ffb8bcb8a75ee2c0f1031b|`efae1e5`> chore(build): bumping to version 1.19.8 • <https://github.com/medialize/URI.js/commit/6ea641cc8648b025ed5f30b090c2abd4d1a5249f|`6ea641c`> fix(parse): case insensitive scheme - <https://github-redirect.dependabot.com/medialize/URI.js/issues/412|#412> • <https://github.com/medialize/URI.js/commit/19e54c78d5864aec43986e8f96be8d15998daa80|`19e54c7`> chore(build): bumping to version 1.19.7 • Additional commits viewable in <https://github.com/medialize/URI.js/compare/v1.19.6...v1.19.11|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current review…

:white_check_mark: All checks have passed

<https://github.com/cofacts/rumors-site/pull/482|#482 Bump urijs from 1.19.6 to 1.19.11>

Bumps <https://github.com/medialize/URI.js|urijs> from 1.19.6 to 1.19.11. Release notes _Sourced from <https://github.com/medialize/URI.js/releases|urijs's releases>._ &gt; *1.19.11 (April 3rd 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle excessive slashes in scheme-relative URLs - disclosed by <https://github.com/zeyu2001|zeyu2001> via <https://huntr.dev/|https://huntr.dev/> &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> remove `\r` (CR), `\n`, (LF) `\t` (TAB) - disclosed by <https://github.com/haxatron|haxatron> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.10 (March 5th 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle excessive colons in protocol delimiter - disclosed by <https://github.com/huydoppa|huydoppa> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.9 (March 3rd 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle leading whitespace - disclosed by <https://github.com/p0cas|p0cas> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.8 (February 15th 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> treat scheme case-insenstivie when handling excessive slackes and backslashes - [PR <https://github-redirect.dependabot.com/medialize/URI.js/issues/412|#412>](<https://github-redirect.dependabot.com/medialize/URI.js/pull/412|medialize/URI.js#412>) by <https://github.com/r0hanSH|r0hanSH> &gt; &gt; *1.19.7 (July 14th 2021)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parseQuery|`URI.parseQuery()`> to prevent overwriting `__proto__` in parseQuery() - disclosed privately by <https://github.com/NewEraCracker|`@​NewEraCracker`> &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> to handle variable amounts of `\` and `/` in scheme delimiter as Node and Browsers do - disclosed privately by <https://github.com/ready-research|ready-research> via <https://huntr.dev/|https://huntr.dev/> &gt; • removed obsolete build tools &gt; • updated jQuery versions (verifying compatibility with 1.12.4, 2.2.4, 3.6.0) Changelog _Sourced from <https://github.com/medialize/URI.js/blob/gh-pages/CHANGELOG.md|urijs's changelog>._ &gt; *1.19.11 (April 3rd 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle excessive slashes in scheme-relative URLs - disclosed by <https://github.com/zeyu2001|zeyu2001> via <https://huntr.dev/|https://huntr.dev/> &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> remove `\r` (CR), `\n`, (LF) `\t` (TAB) - disclosed by <https://github.com/haxatron|haxatron> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.10 (March 5th 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle excessive colons in protocol delimiter - disclosed by <https://github.com/huydoppa|huydoppa> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.9 (March 3rd 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle leading whitespace - disclosed by <https://github.com/p0cas|p0cas> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.8 (February 15th 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> treat scheme case-insenstivie when handling excessive slackes and backslashes - [PR <https://github-redirect.dependabot.com/medialize/URI.js/issues/412|#412>](<https://github-redirect.dependabot.com/medialize/URI.js/pull/412|medialize/URI.js#412>) by <https://github.com/r0hanSH|r0hanSH> &gt; &gt; *1.19.7 (July 14th 2021)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parseQuery|`URI.parseQuery()`> to prevent overwriting `__proto__` in parseQuery() - disclosed privately by <https://github.com/NewEraCracker|`@​NewEraCracker`> &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> to handle variable amounts of `\` and `/` in scheme delimiter as Node and Browsers do - disclosed privately by <https://github.com/ready-research|ready-research> via <https://huntr.dev/|https://huntr.dev/> &gt; • removed obsolete build tools &gt; • updated jQuery versions (verifying compatibility with 1.12.4, 2.2.4, 3.6.0) Commits • <https://github.com/medialize/URI.js/commit/b655c1b972111ade9f181b02374305942e68e30a|`b655c1b`> chore(build): bumping to version 1.19.11 • <https://github.com/medialize/URI.js/commit/b0c9796aa1a95a85f40924fb18b1e5da3dc8ffae|`b0c9796`> fix(parse): handle CR,LF,TAB • <https://github.com/medialize/URI.js/commit/88805fd3da03bd7a5e60947adb49d182011f1277|`88805fd`> fix(parse): handle excessive slashes in scheme-relative URLs • <https://github.com/medialize/URI.js/commit/926b2aa1099f177f82d0a998da4b43e69fe56ec8|`926b2aa`> chore(build): bumping to version 1.19.10 • <https://github.com/medialize/URI.js/commit/a8166fe02f3af6dc1b2b888dcbb807155aad9509|`a8166fe`> fix(parse): handle excessive colons in scheme delimiter • <https://github.com/medialize/URI.js/commit/01920b5cda87d5dd726eab43d6e7f3ce34a2fd52|`01920b5`> chore(build): bumping to version 1.19.9 • <https://github.com/medialize/URI.js/commit/86d10523a6f6e8dc4300d99d671335ee362ad316|`86d1052`> fix(parse): remove leading whitespace • <https://github.com/medialize/URI.js/commit/efae1e56bd80d78478ffb8bcb8a75ee2c0f1031b|`efae1e5`> chore(build): bumping to version 1.19.8 • <https://github.com/medialize/URI.js/commit/6ea641cc8648b025ed5f30b090c2abd4d1a5249f|`6ea641c`> fix(parse): case insensitive scheme - <https://github-redirect.dependabot.com/medialize/URI.js/issues/412|#412> • <https://github.com/medialize/URI.js/commit/19e54c78d5864aec43986e8f96be8d15998daa80|`19e54c7`> chore(build): bumping to version 1.19.7 • Additional commits viewable in <https://github.com/medialize/URI.js/compare/v1.19.6...v1.19.11|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current review…

<https://github.com/cofacts/rumors-site/pull/480#issuecomment-1097358354|Comment on #480 Bump urijs from 1.19.6 to 1.19.10>

Superseded by <https://github.com/cofacts/rumors-site/pull/482|#482>.

<https://github.com/cofacts/rumors-site/pull/480#issuecomment-1097358354|Comment on #480 Bump urijs from 1.19.6 to 1.19.10>

Superseded by <https://github.com/cofacts/rumors-site/pull/482|#482>.

<https://github.com/cofacts/rumors-site/pull/480|#480 Bump urijs from 1.19.6 to 1.19.10>

<https://github.com/cofacts/rumors-site/pull/480|#480 Bump urijs from 1.19.6 to 1.19.10>

<https://github.com/cofacts/rumors-site/pull/482#issuecomment-1097361278|Comment on #482 Bump urijs from 1.19.6 to 1.19.11>

<https://coveralls.io/builds/48231192|Coverage Status> Coverage remained the same at 73.942% when pulling *<https://github.com/cofacts/rumors-site/commit/5d63be008c5fe4264c3291f8253857beb17c57c7|5d63be0> on dependabot/npm_and_yarn/urijs-1.19.11* into *<https://github.com/cofacts/rumors-site/commit/61c7e77da047d69bc2173c456ca0ca4a69be5d78|61c7e77> on master*.

<https://github.com/cofacts/rumors-site/pull/482#issuecomment-1097361278|Comment on #482 Bump urijs from 1.19.6 to 1.19.11>

<https://coveralls.io/builds/48231192|Coverage Status> Coverage remained the same at 73.942% when pulling *<https://github.com/cofacts/rumors-site/commit/5d63be008c5fe4264c3291f8253857beb17c57c7|5d63be0> on dependabot/npm_and_yarn/urijs-1.19.11* into *<https://github.com/cofacts/rumors-site/commit/61c7e77da047d69bc2173c456ca0ca4a69be5d78|61c7e77> on master*.

<https://github.com/cofacts/takedowns/pull/59|#59 Create 0413-ads.md>

<https://github.com/cofacts/takedowns/pull/59|#59 Create 0413-ads.md>

Review on #59 Create 0413-ads.md

Review on #59 Create 0413-ads.md

Review on #59 Create 0413-ads.md

Review on #59 Create 0413-ads.md

<https://github.com/cofacts/takedowns/pull/59|#59 Create 0413-ads.md>

<https://github.com/cofacts/takedowns/pull/59|#59 Create 0413-ads.md>

<https://github.com/cofacts/rumors-site/issues/483|#483 Display image on Cofacts website>

<https://github.com/cofacts/rumors-site/issues/483|#483 [Image-M1] Display image on Cofacts website>

Blocked by: <https://github.com/cofacts/design/issues/1|cofacts/design#1> • Display image in Cofacts detail &amp; article list • Allow users to reply to images

<https://github.com/cofacts/design/issues/1|#1 [Image-M1] Design: display image in Cofacts website / LIFF>

Figma mockup for image display under the following context • Cofacts website: Article list • Cofacts website: Article detail • ~Cofacts LINE bot: list of found articles~ • In Image-M1 and M2, only 1 article (with 100% matching hash) will be returned, so no need for listing at this stage • Cofacts LINE bot: LIFF viewed article • Cofacts LINE bot: LIFF article detail

<https://github.com/cofacts/design/issues/1|#1 Design: display image in Cofacts website / LIFF>

Figma mockup for image display under the following context • Cofacts website: Article list • Cofacts website: Article detail • Cofacts LINE bot: list of found articles • Cofacts LINE bot: LIFF viewed article • Cofacts LINE bot: LIFF article detail

<https://github.com/cofacts/rumors-api/issues/277|#277 [Image-M1] Wrap image management / dedup mechanism into library>

<https://github.com/cofacts/rumors-api/issues/277|#277 [Image-M1] Wrap image management / dedup mechanism into library>

Move file upload &amp; hash generation code from <https://github.com/cofacts/rumors-api/pull/273|#273> to a separate Node.JS repository with the following functionality: • setup GCP credential • upload image • search for near duplicate result given a query image • documentation

<https://github.com/cofacts/rumors-line-bot/issues/304|#304 [Image-M2] LINE bot can search for images>

• User can forward images to Cofacts LINE bot • LINE bot can return image result • User can choose found images • LINE bot can return fact-checking replies to images Blocked by: • <https://github.com/cofacts/design/issues/1|cofacts/design#1> • <https://github.com/cofacts/rumors-api/pull/273|cofacts/rumors-api#273>

<https://github.com/cofacts/rumors-line-bot/issues/304|#304 [Image-M2] LINE bot can search for images>

• User can forward images to Cofacts LINE bot • LINE bot can return image result • There should be only 1 image result because similarity search is not in place in this case • User can choose found images • LINE bot can return fact-checking replies to images Blocked by: • <https://github.com/cofacts/design/issues/1|cofacts/design#1> • <https://github.com/cofacts/rumors-api/pull/273|cofacts/rumors-api#273>

<https://github.com/cofacts/rumors-line-bot/issues/305|#305 [Image-M2] LINE bot server image proxy>

• An endpoint for rumors-api to fetch images from LINE messaging API • Forwards image request to LINE messaging API's <https://developers.line.biz/en/reference/messaging-api/#get-content|Get content> endpoint • It's a streaming proxy; no temp file is stored on rumors-line-bot server

<https://github.com/cofacts/rumors-line-bot/issues/305|#305 [Image-M2] LINE bot server image proxy>

• An endpoint for rumors-api to fetch images from LINE messaging API • Forwards image request to LINE messaging API's <https://developers.line.biz/en/reference/messaging-api/#get-content|Get content> endpoint • It's a streaming proxy; no temp file is stored on rumors-line-bot server

<https://github.com/cofacts/rumors-line-bot/issues/306|#306 [Image-M2] LINE bot can submit new images>

Similar to submitting new text rumors, LINE bot should ask for source (if the image is from LINE) and ask for user's consent to submit this image to public database.

<https://github.com/cofacts/rumors-line-bot/issues/306|#306 [Image-M2] LINE bot can submit new images>

Similar to submitting new text rumors, LINE bot should ask for source (if the image is from LINE) and ask for user's consent to submit this image to public database.

image.png

cai 2022-04-14 20:22:54

快篩的今天記者會有記者提問