cofacts

Month: 2022-04

2022-04-01

Yang Yang 15:28:29
@ss880309 has joined the channel

2022-04-04

github2 02:47:23

<https://github.com/cofacts/rumors-api/pull/276|#276 Install pino logger and add query logging plug-in>

• Add an additional env var `LOG_REQUESTS` that will output request info for each incoming request • When `LOG_REQUESTS` exists, it also shows incoming GraphQL request, variables, and resolved user info • No change if `LOG_REQUESTS` do not exist in env var

github2 02:47:23

<https://github.com/cofacts/rumors-api/pull/276|#276 Install pino logger and add query logging plug-in>

This PR introduces optional request logging (toggled by env var) to make debugging GraphQL requests easier. • Add an additional env var `LOG_REQUESTS` that will output request info for each incoming request • Turning this flag on will introduce lots of logs, needs to be aware of disk size when it is turned on • When `LOG_REQUESTS` exists, it also shows incoming GraphQL request, variables, and resolved user info • No change if `LOG_REQUESTS` do not exist in env var

:white_check_mark: All checks have passed

github2 02:50:23

<https://github.com/cofacts/rumors-api/pull/276#issuecomment-1086926539|Comment on #276 Install pino logger and add query logging plug-in>

<https://coveralls.io/builds/47949955|Coverage Status> Coverage decreased (-0.2%) to 87.012% when pulling *<https://github.com/cofacts/rumors-api/commit/1485102feacea321a8d1a10576af4d2a8dd5ab68|1485102> on log-requests* into *<https://github.com/cofacts/rumors-api/commit/a709020aa38b1e8987308968e4c8b558525dcd51|a709020> on master*.

github2 02:50:23

<https://github.com/cofacts/rumors-api/pull/276#issuecomment-1086926539|Comment on #276 Install pino logger and add query logging plug-in>

<https://coveralls.io/builds/47949955|Coverage Status> Coverage decreased (-0.2%) to 87.012% when pulling *<https://github.com/cofacts/rumors-api/commit/1485102feacea321a8d1a10576af4d2a8dd5ab68|1485102> on log-requests* into *<https://github.com/cofacts/rumors-api/commit/a709020aa38b1e8987308968e4c8b558525dcd51|a709020> on master*.

cai 16:33:42
cofacts 網站新的熱門回報附有影片的,大概過一天?facebook就會有影片
cai 16:33:42
cofacts 網站新的熱門回報附有影片的,大概過一天?facebook就會有影片
cai 22:16:01
https://cofacts.tw/article/2vhq12xtn3ido 每當有疫情的時候舊串就會浮上來
cai 22:16:01
https://cofacts.tw/article/2vhq12xtn3ido 每當有疫情的時候舊串就會浮上來

2022-04-05

github2 00:18:59

<https://github.com/cofacts/rumors-line-bot/pull/301|#301 Fix "not identical" unit test by making test input and mock data more distinct>

Unit test on master branch is broken when we <https://github.com/cofacts/rumors-line-bot/pull/298|drop the similarity threshold to 0.8>. The broken test case is "groupMessage should handle input is not identical to article". The root cause is that the similarity between test input `我知道黑啤愛吃蠶寶寶哦!` and mockup `我不會說我知道黑啤愛吃蠶寶寶哦!` is higher than the new threshold 0.8. The test case is meant to be testing the behavior when test input is lower than the threshold. Therefore, this PR makes the test input more dissimilar with the mockup data, so that we can test the desired branch and thus fix the test. ``` const ss = require('string-similarity') ss.compareTwoStrings('我不會說我知道黑啤愛吃蠶寶寶哦!', '我知道黑啤愛吃蠶寶寶哦!') // 0.8461538461538461 ss.compareTwoStrings('我不會說我知道黑啤愛吃蠶寶寶哦!', '我知道黑啤愛吃兔寶寶哦!') // 0.6923076923076923 ```

:white_check_mark: All checks have passed

github2 00:18:59

<https://github.com/cofacts/rumors-line-bot/pull/301|#301 Fix "not identical" unit test by making test input and mock data more distinct>

Unit test on master branch is broken when we <https://github.com/cofacts/rumors-line-bot/pull/298|drop the similarity threshold to 0.8>. The broken test case is "groupMessage should handle input is not identical to article". The root cause is that the similarity between test input `我知道黑啤愛吃蠶寶寶哦!` and mockup `我不會說我知道黑啤愛吃蠶寶寶哦!` is higher than the new threshold 0.8. The test case is meant to be testing the behavior when test input is lower than the threshold. Therefore, this PR makes the test input more dissimilar with the mockup data, so that we can test the desired branch and thus fix the test. ``` const ss = require('string-similarity') ss.compareTwoStrings('我不會說我知道黑啤愛吃蠶寶寶哦!', '我知道黑啤愛吃蠶寶寶哦!') // 0.8461538461538461 ss.compareTwoStrings('我不會說我知道黑啤愛吃蠶寶寶哦!', '我知道黑啤愛吃蛾哦!') // 0.5833333333333334 ```

2022-04-06

mrorz 18:33:49
今日議程
https://g0v.hackmd.io/@mrorz/cofacts-meeting-notes/%2FgyIJXbTqRnySbfeaPJcJew

HackMD

Cofacts 會議記錄 - HackMD

# Cofacts 會議記錄 ## 2022 - [20220406 會議記錄](/gyIJXbTqRnySbfeaPJcJew) - [20220330 會議記錄](/OdOwYeKjQsSy

2022-04-07

2022-04-08

fin 10:35:46
@finfin has joined the channel

2022-04-09

github2 08:09:55

<https://github.com/cofacts/rumors-fb-bot/pull/34|#34 Bump moment from 2.22.2 to 2.29.2>

Bumps <https://github.com/moment/moment|moment> from 2.22.2 to 2.29.2. Changelog _Sourced from <https://github.com/moment/moment/blob/develop/CHANGELOG.md|moment's changelog>._ &gt; *2.29.2 <https://gist.github.com/ichernev/1904b564f6679d9aac1ae08ce13bc45c|See full changelog>* &gt; &gt; • Release Apr 3 2022 &gt; &gt; Address <https://github.com/advisories/GHSA-8hfj-j24r-96c4|GHSA-8hfj-j24r-96c4> &gt; &gt; *2.29.1 <https://gist.github.com/marwahaha/cc478ba01a1292ab4bd4e861d164d99b|See full changelog>* &gt; &gt; • Release Oct 6, 2020 &gt; &gt; Updated deprecation message, bugfix in hi locale &gt; &gt; *2.29.0 <https://gist.github.com/marwahaha/b0111718641a6461800066549957ec14|See full changelog>* &gt; &gt; • Release Sept 22, 2020 &gt; &gt; New locales (es-mx, bn-bd). Minor bugfixes and locale improvements. More tests. Moment is in maintenance mode. Read more at this link: <https://momentjs.com/docs/#/-project-status/|https://momentjs.com/docs/#/-project-status/> &gt; &gt; *2.28.0 <https://gist.github.com/marwahaha/028fd6c2b2470b2804857cfd63c0e94f|See full changelog>* &gt; &gt; • Release Sept 13, 2020 &gt; &gt; Fix bug where .format() modifies original instance, and locale updates &gt; &gt; *2.27.0 <https://gist.github.com/marwahaha/5100c9c2f42019067b1f6cefc333daa7|See full changelog>* &gt; &gt; • Release June 18, 2020 &gt; &gt; Added Turkmen locale, other locale improvements, slight TypeScript fixes &gt; &gt; *2.26.0 <https://gist.github.com/marwahaha/0725c40740560854a849b096ea7b7590|See full changelog>* &gt; &gt; • Release May 19, 2020 &gt; &gt; TypeScript fixes and many locale improvements &gt; &gt; *2.25.3* &gt; &gt; • Release May 4, 2020 &gt; &gt; Remove package.json module property. It looks like webpack behaves differently for modules loaded via module vs jsnext:main. &gt; &gt; *2.25.2* &gt; &gt; • Release May 4, 2020 ... (truncated) Commits • <https://github.com/moment/moment/commit/75e2ac573e8cd62086a6bc6dc1b8d271e2804391|`75e2ac5`> Build 2.29.2 • <https://github.com/moment/moment/commit/5a2987758edc7d413d1248737d9d0d1b65a70450|`5a29877`> Bump version to 2.29.2 • <https://github.com/moment/moment/commit/4fd847b7a8c7065d88ba0a64b727660190dd45d7|`4fd847b`> Update changelog for 2.29.2 • <https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5|`4211bfc`> [bugfix] Avoid loading path-looking locales from fs • <https://github.com/moment/moment/commit/f2a813afcfd0dd6e63812ea74c46ecc627f6a6a6|`f2a813a`> [misc] Fix indentation (according to prettier) • <https://github.com/moment/moment/commit/7a10de889de64c2519f894a84a98030bec5022d9|`7a10de8`> [test] Avoid hours around DST • <https://github.com/moment/moment/commit/e96809208c9d1b1bbe22d605e76985770024de42|`e968092`> [locale] ar-ly: fix locale name (<https://github-redirect.dependabot.com/moment/moment/issues/5828|#5828>) • <https://github.com/moment/moment/commit/53d7ee6ad8c60c891571c7085db91831bbc095b4|`53d7ee6`> [misc] fix builds (<https://github-redirect.dependabot.com/moment/moment/issues/5836|#5836>) • <https://github.com/moment/moment/commit/52019f1dda47c3e598aaeaa4ac89d5a574641604|`52019f1`> [misc] Specify length of toArray return type (<https://github-redirect.dependabot.com/moment/moment/issues/5766|#5766>) • <https://github.com/moment/moment/commit/0dcaaa689d02dde824029b09ab6aa64ff351ee2e|`0dcaaa6`> [locale] tr: update translation of Monday and Saturday (<https://github-redirect.dependabot.com/moment/moment/issues/5756|#5756>) • Additional commits viewable in <https://github.com/moment/moment/compare/2.22.2...2.29.2|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/cofacts/rumors-fb-bot/network/alerts|Security Alerts page>.

github2 08:09:55

<https://github.com/cofacts/rumors-fb-bot/pull/34|#34 Bump moment from 2.22.2 to 2.29.2>

Bumps <https://github.com/moment/moment|moment> from 2.22.2 to 2.29.2. Changelog _Sourced from <https://github.com/moment/moment/blob/develop/CHANGELOG.md|moment's changelog>._ &gt; *2.29.2 <https://gist.github.com/ichernev/1904b564f6679d9aac1ae08ce13bc45c|See full changelog>* &gt; &gt; • Release Apr 3 2022 &gt; &gt; Address <https://github.com/advisories/GHSA-8hfj-j24r-96c4|GHSA-8hfj-j24r-96c4> &gt; &gt; *2.29.1 <https://gist.github.com/marwahaha/cc478ba01a1292ab4bd4e861d164d99b|See full changelog>* &gt; &gt; • Release Oct 6, 2020 &gt; &gt; Updated deprecation message, bugfix in hi locale &gt; &gt; *2.29.0 <https://gist.github.com/marwahaha/b0111718641a6461800066549957ec14|See full changelog>* &gt; &gt; • Release Sept 22, 2020 &gt; &gt; New locales (es-mx, bn-bd). Minor bugfixes and locale improvements. More tests. Moment is in maintenance mode. Read more at this link: <https://momentjs.com/docs/#/-project-status/|https://momentjs.com/docs/#/-project-status/> &gt; &gt; *2.28.0 <https://gist.github.com/marwahaha/028fd6c2b2470b2804857cfd63c0e94f|See full changelog>* &gt; &gt; • Release Sept 13, 2020 &gt; &gt; Fix bug where .format() modifies original instance, and locale updates &gt; &gt; *2.27.0 <https://gist.github.com/marwahaha/5100c9c2f42019067b1f6cefc333daa7|See full changelog>* &gt; &gt; • Release June 18, 2020 &gt; &gt; Added Turkmen locale, other locale improvements, slight TypeScript fixes &gt; &gt; *2.26.0 <https://gist.github.com/marwahaha/0725c40740560854a849b096ea7b7590|See full changelog>* &gt; &gt; • Release May 19, 2020 &gt; &gt; TypeScript fixes and many locale improvements &gt; &gt; *2.25.3* &gt; &gt; • Release May 4, 2020 &gt; &gt; Remove package.json module property. It looks like webpack behaves differently for modules loaded via module vs jsnext:main. &gt; &gt; *2.25.2* &gt; &gt; • Release May 4, 2020 ... (truncated) Commits • <https://github.com/moment/moment/commit/75e2ac573e8cd62086a6bc6dc1b8d271e2804391|`75e2ac5`> Build 2.29.2 • <https://github.com/moment/moment/commit/5a2987758edc7d413d1248737d9d0d1b65a70450|`5a29877`> Bump version to 2.29.2 • <https://github.com/moment/moment/commit/4fd847b7a8c7065d88ba0a64b727660190dd45d7|`4fd847b`> Update changelog for 2.29.2 • <https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5|`4211bfc`> [bugfix] Avoid loading path-looking locales from fs • <https://github.com/moment/moment/commit/f2a813afcfd0dd6e63812ea74c46ecc627f6a6a6|`f2a813a`> [misc] Fix indentation (according to prettier) • <https://github.com/moment/moment/commit/7a10de889de64c2519f894a84a98030bec5022d9|`7a10de8`> [test] Avoid hours around DST • <https://github.com/moment/moment/commit/e96809208c9d1b1bbe22d605e76985770024de42|`e968092`> [locale] ar-ly: fix locale name (<https://github-redirect.dependabot.com/moment/moment/issues/5828|#5828>) • <https://github.com/moment/moment/commit/53d7ee6ad8c60c891571c7085db91831bbc095b4|`53d7ee6`> [misc] fix builds (<https://github-redirect.dependabot.com/moment/moment/issues/5836|#5836>) • <https://github.com/moment/moment/commit/52019f1dda47c3e598aaeaa4ac89d5a574641604|`52019f1`> [misc] Specify length of toArray return type (<https://github-redirect.dependabot.com/moment/moment/issues/5766|#5766>) • <https://github.com/moment/moment/commit/0dcaaa689d02dde824029b09ab6aa64ff351ee2e|`0dcaaa6`> [locale] tr: update translation of Monday and Saturday (<https://github-redirect.dependabot.com/moment/moment/issues/5756|#5756>) • Additional commits viewable in <https://github.com/moment/moment/compare/2.22.2...2.29.2|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language • `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language • `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the <https://github.com/cofacts/rumors-fb-bot/network/alerts|Security Alerts page>.

cai 11:27:40
沒有放日本機器蛋那篇好可惜?
對耶 XDDD
但我好像小聚的時候有講,也算是無憾 (?
令人誤會的日本洗選工廠
cai 11:27:40
沒有放日本機器蛋那篇好可惜?
對耶 XDDD
但我好像小聚的時候有講,也算是無憾 (?
令人誤會的日本洗選工廠
kevindebruyne9944 11:45:20
@kevindebruyne9944 has joined the channel
github2 14:25:49

<https://github.com/cofacts/rumors-site/issues/481|#481 Category label is not updated after adding one category>

After adding a category, currently there is no any visual feedback that tells the user that the category is added. Current workaround: refresh the whole page Expected: UI should show that the category is added immediately (or shortly after API response)

github2 14:25:49

<https://github.com/cofacts/rumors-site/issues/481|#481 Category label is not updated after adding one category>

After adding a category, currently there is no any visual feedback that tells the user that the category is added. <https://user-images.githubusercontent.com/108608/162559676-022d4169-ba14-4525-a804-47b988fd6df0.gif|no-response> Current workaround: refresh the whole page Expected: UI should show that the category is added immediately (or shortly after API response)

github2 15:58:22

<https://github.com/cofacts/rumors-line-bot/pull/302#discussion_r846597368|Comment on #302 Revamp no reply flow>

I do have a question here. It seems that for most event handlers, we no longer return a `state` anymore. We choose to detect what "state" the user should go to in `handleInput` instead. If this is the case, should we still mutate `state` here?

github2 15:58:22

<https://github.com/cofacts/rumors-line-bot/pull/302#discussion_r846597368|Comment on #302 Revamp no reply flow>

I do have a question here. It seems that for most event handlers, we no longer return a `state` anymore. We choose to detect what "state" the user should go to in `handleInput` instead. If this is the case, should we still mutate `state` here?

github2 16:56:31

<https://github.com/cofacts/rumors-line-bot/pull/302#discussion_r846603268|Comment on #302 Revamp no reply flow>

No. I return `state: CHOOSING_REPLY` at line 127 is because `isSkipUser: true`, which makes `handleInput` continue `choosingReply`. Maybe we can consider calling `choosingReply` directly or use a callback function at line 127 and remove `isSkipUser` do-while loop in `handleInput`. Note: there's another `isSkipUser: true` in `initState`.

github2 16:56:31

<https://github.com/cofacts/rumors-line-bot/pull/302#discussion_r846603268|Comment on #302 Revamp no reply flow>

No. I return `state: CHOOSING_REPLY` at line 127 is because `isSkipUser: true`, which makes `handleInput` continue `choosingReply`. Maybe we can consider calling `choosingReply` directly or use a callback function at line 127 and remove `isSkipUser` do-while loop in `handleInput`. Note: there's another `isSkipUser: true` in `initState`.

2022-04-10

cai 11:28:39
https://cofacts.tw/article/1earjxznpxpt7
https://memeprod.sgp1.digitaloceanspaces.com/user-wtf/1592403380354.jpg
夢裡什麼都有這張每隔幾天就出現欸

我是覺得這種點開圖之後就知道是在開玩笑的,應該沒有人會當真,所以沒有實質危害,不太需要勞師動眾或做裁罰 ._.
😆 4
cai 11:28:39
https://cofacts.tw/article/1earjxznpxpt7
https://memeprod.sgp1.digitaloceanspaces.com/user-wtf/1592403380354.jpg
夢裡什麼都有這張每隔幾天就出現欸
我是覺得這種點開圖之後就知道是在開玩笑的,應該沒有人會當真,所以沒有實質危害,不太需要勞師動眾或做裁罰 ._.

2022-04-11

2022-04-12

github2 10:59:30

<https://github.com/cofacts/rumors-line-bot/pull/302#discussion_r847899926|Comment on #302 Revamp no reply flow>

Thanks! I will remove change regarding `state` returned here. I can try calling `choosingReply` in this handler to reduce the usage of `isSkipUser`. If there is any issue I can still keep using `isSkipUser`.

github2 10:59:30

<https://github.com/cofacts/rumors-line-bot/pull/302#discussion_r847899926|Comment on #302 Revamp no reply flow>

Thanks! I will remove change regarding `state` returned here. This should remove the code change on test fixtures and thus makes code changes cleaner. I can also try calling `choosingReply` in this handler to reduce the usage of `isSkipUser`, so expect some new snapshot changes regarding this. If there is any issue (like more unexpected changes required), I can still keep using `isSkipUser`.

2022-04-13

github2 06:46:59

<https://github.com/cofacts/rumors-fb-bot/pull/35|#35 Bump urijs from 1.19.1 to 1.19.11>

Bumps <https://github.com/medialize/URI.js|urijs> from 1.19.1 to 1.19.11. Release notes _Sourced from <https://github.com/medialize/URI.js/releases|urijs's releases>._ &gt; *1.19.11 (April 3rd 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle excessive slashes in scheme-relative URLs - disclosed by <https://github.com/zeyu2001|zeyu2001> via <https://huntr.dev/|https://huntr.dev/> &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> remove `\r` (CR), `\n`, (LF) `\t` (TAB) - disclosed by <https://github.com/haxatron|haxatron> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.10 (March 5th 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle excessive colons in protocol delimiter - disclosed by <https://github.com/huydoppa|huydoppa> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.9 (March 3rd 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle leading whitespace - disclosed by <https://github.com/p0cas|p0cas> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.8 (February 15th 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> treat scheme case-insenstivie when handling excessive slackes and backslashes - [PR <https://github-redirect.dependabot.com/medialize/URI.js/issues/412|#412>](<https://github-redirect.dependabot.com/medialize/URI.js/pull/412|medialize/URI.js#412>) by <https://github.com/r0hanSH|r0hanSH> &gt; &gt; *1.19.7 (July 14th 2021)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parseQuery|`URI.parseQuery()`> to prevent overwriting `__proto__` in parseQuery() - disclosed privately by <https://github.com/NewEraCracker|`@​NewEraCracker`> &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> to handle variable amounts of `\` and `/` in scheme delimiter as Node and Browsers do - disclosed privately by <https://github.com/ready-research|ready-research> via <https://huntr.dev/|https://huntr.dev/> &gt; • removed obsolete build tools &gt; • updated jQuery versions (verifying compatibility with 1.12.4, 2.2.4, 3.6.0) &gt; &gt; *1.19.6 (February 13th 2021)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> to rewrite `\` in scheme delimiter to `/` as Node and Browsers do - disclosed privately by <https://twitter.com/ynizry|Yaniv Nizry> from the CxSCA AppSec team at Checkmarx &gt; &gt; *1.19.5 (December 30th 2020)* &gt; &gt; • dropping jquery.URI.js from minified bundle accidentally added since v1.19.3 - [Issue <https://github-redirect.dependabot.com/medialize/URI.js/issues/404|#404>](<https://github-redirect.dependabot.com/medialize/URI.js/issues/404|medialize/URI.js#404>) &gt; &gt; *1.19.4 (December 23rd 2020)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parseAuthority|`URI.parseAuthority()`> to rewrite `\` to `/` as Node and Browsers do - followed up to by <https://github.com/alesandroortiz|alesandroortiz> in [PR <https://github-redirect.dependabot.com/medialize/URI.js/issues/403|#403>](<https://github-redirect.dependabot.com/medialize/URI.js/issues/403|medialize/URI.js#403>), relates to [Issue <https://github-redirect.dependabot.com/medialize/URI.js/issues/233|#233>](<https://github-redirect.dependabot.com/medialize/URI.js/pull/233|medialize/URI.js#233>) &gt; &gt; *1.19.3 (December 20th 2020)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parseAuthority|`URI.parseAuthority()`> to rewrite `\` to `/` as Node and Browsers do - disclosed privately by <https://github.com/alesandroortiz|alesandroortiz>, relates to [Issue <https://github-redirect.dependabot.com/medialize/URI.js/issues/233|#233>](<https://github-redirect.dependabot.com/medialize/URI.js/pull/233|medialize/URI.js#233>) &gt; &gt; *1.19.2 (October 20th 2019)* &gt; &gt; • fixing <http://medialize.github.io/URI.js/docs.html#static-build|`URI.build()`> to properly handle relative paths when a scheme is given - [Issue <https://github-redirect.dependabot.com/medialize/URI.js/issues/387|#387>](<https://github-redirect.dependabot.com/medialize/URI.js/issues/387|medialize/URI.js#387>) &gt; • fixing <http://medialize.github.io/URI.js/docs.html#static-buildQuery|`URI.buildQuery()`> to properly handle empty param name - [Issue <https://github-redirect.dependabot.com/medialize/URI.js/issues/243|#243>](<https://github-redirect.dependabot.com/medialize/URI.js/issues/243|medialize/URI.js#243>), [PR <https://github-redirect.dependabot.com/medialize/URI.js/issues/383|#383>](<https://github-redirect.dependabot.com/medialize/URI.js/issues/383|medialize/URI.js#383>) &gt; • support Composer [PR <https://github-redirect.dependabot.com/medialize/URI.js/issues/386|#386>](<https://github-redirect.dependabot.com/medialize/URI.js/issues/386|medialize/URI.js#386>) Changelog _Sourced from <https://github.com/medialize/URI.js/blob/gh-pages/CHANGELOG.md|urijs's changelog>._ Commits • <https://github.com/medialize/URI.js/commit/b655c1b972111ade9f181b02374305942e68e30a|`b655c1b`> chore(build): bumping to version 1.19.11 • <https://github.com/medialize/URI.js/commit/b0c9796aa1a95a85f40924fb18b1e5da3dc8ffae|`b0c9796`> fix(parse): handle CR,LF,TAB • <https://github.com/medialize/URI.js/commit/88805fd3da03bd7a5e60947adb49d182011f1277|`88805fd`> fix(parse): handle excessive slashes in scheme-relative URLs • <https://github.com/medialize/URI.js/commit/926b2aa1099f177f82d0a998da4b43e69fe56ec8|`926b2aa`> chore(build): bumping to version 1.19.10 • <https://github.com/medialize/URI.js/commit/a8166fe02f3af6dc1b2b888dcbb807155aad9509|`a8166fe`> fix(parse): handle excessive colons in scheme delimiter • <https://github.com/medialize/URI.js/commit/01920b5cda87d5dd726eab43d6e7f3ce34a2fd52|`01920b5`> chore(build): bumping to version 1.19.9 • <https://github.com/medialize/URI.js/commit/86d10523a6f6e8dc4300d99d671335ee362ad316|`86d1052`> fix(parse): remove leading whitespace • <https://github.com/medialize/URI.js/commit/efae1e56bd80d78478ffb8bcb8a75ee2c0f1031b|`efae1e5`> chore(build): bumping to version 1.19.8 • <https://github.com/medialize/URI.js/commit/6ea641cc8648b025ed5f30b090c2abd4d1a5249f|`6ea641c`> fix(parse): case insensitive scheme - <https://github-redirect.dependabot.com/medialize/URI.js/issues/412|#412> • <https://github.com/medialize/URI.js/commit/19e54c78d5864aec43986e8f96be8d15998daa80|`19e54c7`> chore(build): bumping to version 1.19.7 • Additional commits viewable in <https://github.com/medialize/URI.js/compare/v1.19.1...v1.19.11|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you re…

github2 06:46:59

<https://github.com/cofacts/rumors-fb-bot/pull/35|#35 Bump urijs from 1.19.1 to 1.19.11>

Bumps <https://github.com/medialize/URI.js|urijs> from 1.19.1 to 1.19.11. Release notes _Sourced from <https://github.com/medialize/URI.js/releases|urijs's releases>._ &gt; *1.19.11 (April 3rd 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle excessive slashes in scheme-relative URLs - disclosed by <https://github.com/zeyu2001|zeyu2001> via <https://huntr.dev/|https://huntr.dev/> &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> remove `\r` (CR), `\n`, (LF) `\t` (TAB) - disclosed by <https://github.com/haxatron|haxatron> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.10 (March 5th 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle excessive colons in protocol delimiter - disclosed by <https://github.com/huydoppa|huydoppa> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.9 (March 3rd 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle leading whitespace - disclosed by <https://github.com/p0cas|p0cas> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.8 (February 15th 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> treat scheme case-insenstivie when handling excessive slackes and backslashes - [PR <https://github-redirect.dependabot.com/medialize/URI.js/issues/412|#412>](<https://github-redirect.dependabot.com/medialize/URI.js/pull/412|medialize/URI.js#412>) by <https://github.com/r0hanSH|r0hanSH> &gt; &gt; *1.19.7 (July 14th 2021)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parseQuery|`URI.parseQuery()`> to prevent overwriting `__proto__` in parseQuery() - disclosed privately by <https://github.com/NewEraCracker|`@​NewEraCracker`> &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> to handle variable amounts of `\` and `/` in scheme delimiter as Node and Browsers do - disclosed privately by <https://github.com/ready-research|ready-research> via <https://huntr.dev/|https://huntr.dev/> &gt; • removed obsolete build tools &gt; • updated jQuery versions (verifying compatibility with 1.12.4, 2.2.4, 3.6.0) &gt; &gt; *1.19.6 (February 13th 2021)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> to rewrite `\` in scheme delimiter to `/` as Node and Browsers do - disclosed privately by <https://twitter.com/ynizry|Yaniv Nizry> from the CxSCA AppSec team at Checkmarx &gt; &gt; *1.19.5 (December 30th 2020)* &gt; &gt; • dropping jquery.URI.js from minified bundle accidentally added since v1.19.3 - [Issue <https://github-redirect.dependabot.com/medialize/URI.js/issues/404|#404>](<https://github-redirect.dependabot.com/medialize/URI.js/issues/404|medialize/URI.js#404>) &gt; &gt; *1.19.4 (December 23rd 2020)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parseAuthority|`URI.parseAuthority()`> to rewrite `\` to `/` as Node and Browsers do - followed up to by <https://github.com/alesandroortiz|alesandroortiz> in [PR <https://github-redirect.dependabot.com/medialize/URI.js/issues/403|#403>](<https://github-redirect.dependabot.com/medialize/URI.js/issues/403|medialize/URI.js#403>), relates to [Issue <https://github-redirect.dependabot.com/medialize/URI.js/issues/233|#233>](<https://github-redirect.dependabot.com/medialize/URI.js/pull/233|medialize/URI.js#233>) &gt; &gt; *1.19.3 (December 20th 2020)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parseAuthority|`URI.parseAuthority()`> to rewrite `\` to `/` as Node and Browsers do - disclosed privately by <https://github.com/alesandroortiz|alesandroortiz>, relates to [Issue <https://github-redirect.dependabot.com/medialize/URI.js/issues/233|#233>](<https://github-redirect.dependabot.com/medialize/URI.js/pull/233|medialize/URI.js#233>) &gt; &gt; *1.19.2 (October 20th 2019)* &gt; &gt; • fixing <http://medialize.github.io/URI.js/docs.html#static-build|`URI.build()`> to properly handle relative paths when a scheme is given - [Issue <https://github-redirect.dependabot.com/medialize/URI.js/issues/387|#387>](<https://github-redirect.dependabot.com/medialize/URI.js/issues/387|medialize/URI.js#387>) &gt; • fixing <http://medialize.github.io/URI.js/docs.html#static-buildQuery|`URI.buildQuery()`> to properly handle empty param name - [Issue <https://github-redirect.dependabot.com/medialize/URI.js/issues/243|#243>](<https://github-redirect.dependabot.com/medialize/URI.js/issues/243|medialize/URI.js#243>), [PR <https://github-redirect.dependabot.com/medialize/URI.js/issues/383|#383>](<https://github-redirect.dependabot.com/medialize/URI.js/issues/383|medialize/URI.js#383>) &gt; • support Composer [PR <https://github-redirect.dependabot.com/medialize/URI.js/issues/386|#386>](<https://github-redirect.dependabot.com/medialize/URI.js/issues/386|medialize/URI.js#386>) Changelog _Sourced from <https://github.com/medialize/URI.js/blob/gh-pages/CHANGELOG.md|urijs's changelog>._ Commits • <https://github.com/medialize/URI.js/commit/b655c1b972111ade9f181b02374305942e68e30a|`b655c1b`> chore(build): bumping to version 1.19.11 • <https://github.com/medialize/URI.js/commit/b0c9796aa1a95a85f40924fb18b1e5da3dc8ffae|`b0c9796`> fix(parse): handle CR,LF,TAB • <https://github.com/medialize/URI.js/commit/88805fd3da03bd7a5e60947adb49d182011f1277|`88805fd`> fix(parse): handle excessive slashes in scheme-relative URLs • <https://github.com/medialize/URI.js/commit/926b2aa1099f177f82d0a998da4b43e69fe56ec8|`926b2aa`> chore(build): bumping to version 1.19.10 • <https://github.com/medialize/URI.js/commit/a8166fe02f3af6dc1b2b888dcbb807155aad9509|`a8166fe`> fix(parse): handle excessive colons in scheme delimiter • <https://github.com/medialize/URI.js/commit/01920b5cda87d5dd726eab43d6e7f3ce34a2fd52|`01920b5`> chore(build): bumping to version 1.19.9 • <https://github.com/medialize/URI.js/commit/86d10523a6f6e8dc4300d99d671335ee362ad316|`86d1052`> fix(parse): remove leading whitespace • <https://github.com/medialize/URI.js/commit/efae1e56bd80d78478ffb8bcb8a75ee2c0f1031b|`efae1e5`> chore(build): bumping to version 1.19.8 • <https://github.com/medialize/URI.js/commit/6ea641cc8648b025ed5f30b090c2abd4d1a5249f|`6ea641c`> fix(parse): case insensitive scheme - <https://github-redirect.dependabot.com/medialize/URI.js/issues/412|#412> • <https://github.com/medialize/URI.js/commit/19e54c78d5864aec43986e8f96be8d15998daa80|`19e54c7`> chore(build): bumping to version 1.19.7 • Additional commits viewable in <https://github.com/medialize/URI.js/compare/v1.19.1...v1.19.11|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you re…

github2 07:30:48

<https://github.com/cofacts/rumors-site/pull/482|#482 Bump urijs from 1.19.6 to 1.19.11>

Bumps <https://github.com/medialize/URI.js|urijs> from 1.19.6 to 1.19.11. Release notes _Sourced from <https://github.com/medialize/URI.js/releases|urijs's releases>._ &gt; *1.19.11 (April 3rd 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle excessive slashes in scheme-relative URLs - disclosed by <https://github.com/zeyu2001|zeyu2001> via <https://huntr.dev/|https://huntr.dev/> &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> remove `\r` (CR), `\n`, (LF) `\t` (TAB) - disclosed by <https://github.com/haxatron|haxatron> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.10 (March 5th 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle excessive colons in protocol delimiter - disclosed by <https://github.com/huydoppa|huydoppa> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.9 (March 3rd 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle leading whitespace - disclosed by <https://github.com/p0cas|p0cas> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.8 (February 15th 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> treat scheme case-insenstivie when handling excessive slackes and backslashes - [PR <https://github-redirect.dependabot.com/medialize/URI.js/issues/412|#412>](<https://github-redirect.dependabot.com/medialize/URI.js/pull/412|medialize/URI.js#412>) by <https://github.com/r0hanSH|r0hanSH> &gt; &gt; *1.19.7 (July 14th 2021)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parseQuery|`URI.parseQuery()`> to prevent overwriting `__proto__` in parseQuery() - disclosed privately by <https://github.com/NewEraCracker|`@​NewEraCracker`> &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> to handle variable amounts of `\` and `/` in scheme delimiter as Node and Browsers do - disclosed privately by <https://github.com/ready-research|ready-research> via <https://huntr.dev/|https://huntr.dev/> &gt; • removed obsolete build tools &gt; • updated jQuery versions (verifying compatibility with 1.12.4, 2.2.4, 3.6.0) Changelog _Sourced from <https://github.com/medialize/URI.js/blob/gh-pages/CHANGELOG.md|urijs's changelog>._ &gt; *1.19.11 (April 3rd 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle excessive slashes in scheme-relative URLs - disclosed by <https://github.com/zeyu2001|zeyu2001> via <https://huntr.dev/|https://huntr.dev/> &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> remove `\r` (CR), `\n`, (LF) `\t` (TAB) - disclosed by <https://github.com/haxatron|haxatron> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.10 (March 5th 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle excessive colons in protocol delimiter - disclosed by <https://github.com/huydoppa|huydoppa> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.9 (March 3rd 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle leading whitespace - disclosed by <https://github.com/p0cas|p0cas> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.8 (February 15th 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> treat scheme case-insenstivie when handling excessive slackes and backslashes - [PR <https://github-redirect.dependabot.com/medialize/URI.js/issues/412|#412>](<https://github-redirect.dependabot.com/medialize/URI.js/pull/412|medialize/URI.js#412>) by <https://github.com/r0hanSH|r0hanSH> &gt; &gt; *1.19.7 (July 14th 2021)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parseQuery|`URI.parseQuery()`> to prevent overwriting `__proto__` in parseQuery() - disclosed privately by <https://github.com/NewEraCracker|`@​NewEraCracker`> &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> to handle variable amounts of `\` and `/` in scheme delimiter as Node and Browsers do - disclosed privately by <https://github.com/ready-research|ready-research> via <https://huntr.dev/|https://huntr.dev/> &gt; • removed obsolete build tools &gt; • updated jQuery versions (verifying compatibility with 1.12.4, 2.2.4, 3.6.0) Commits • <https://github.com/medialize/URI.js/commit/b655c1b972111ade9f181b02374305942e68e30a|`b655c1b`> chore(build): bumping to version 1.19.11 • <https://github.com/medialize/URI.js/commit/b0c9796aa1a95a85f40924fb18b1e5da3dc8ffae|`b0c9796`> fix(parse): handle CR,LF,TAB • <https://github.com/medialize/URI.js/commit/88805fd3da03bd7a5e60947adb49d182011f1277|`88805fd`> fix(parse): handle excessive slashes in scheme-relative URLs • <https://github.com/medialize/URI.js/commit/926b2aa1099f177f82d0a998da4b43e69fe56ec8|`926b2aa`> chore(build): bumping to version 1.19.10 • <https://github.com/medialize/URI.js/commit/a8166fe02f3af6dc1b2b888dcbb807155aad9509|`a8166fe`> fix(parse): handle excessive colons in scheme delimiter • <https://github.com/medialize/URI.js/commit/01920b5cda87d5dd726eab43d6e7f3ce34a2fd52|`01920b5`> chore(build): bumping to version 1.19.9 • <https://github.com/medialize/URI.js/commit/86d10523a6f6e8dc4300d99d671335ee362ad316|`86d1052`> fix(parse): remove leading whitespace • <https://github.com/medialize/URI.js/commit/efae1e56bd80d78478ffb8bcb8a75ee2c0f1031b|`efae1e5`> chore(build): bumping to version 1.19.8 • <https://github.com/medialize/URI.js/commit/6ea641cc8648b025ed5f30b090c2abd4d1a5249f|`6ea641c`> fix(parse): case insensitive scheme - <https://github-redirect.dependabot.com/medialize/URI.js/issues/412|#412> • <https://github.com/medialize/URI.js/commit/19e54c78d5864aec43986e8f96be8d15998daa80|`19e54c7`> chore(build): bumping to version 1.19.7 • Additional commits viewable in <https://github.com/medialize/URI.js/compare/v1.19.6...v1.19.11|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current review…

:white_check_mark: All checks have passed

github2 07:30:48

<https://github.com/cofacts/rumors-site/pull/482|#482 Bump urijs from 1.19.6 to 1.19.11>

Bumps <https://github.com/medialize/URI.js|urijs> from 1.19.6 to 1.19.11. Release notes _Sourced from <https://github.com/medialize/URI.js/releases|urijs's releases>._ &gt; *1.19.11 (April 3rd 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle excessive slashes in scheme-relative URLs - disclosed by <https://github.com/zeyu2001|zeyu2001> via <https://huntr.dev/|https://huntr.dev/> &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> remove `\r` (CR), `\n`, (LF) `\t` (TAB) - disclosed by <https://github.com/haxatron|haxatron> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.10 (March 5th 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle excessive colons in protocol delimiter - disclosed by <https://github.com/huydoppa|huydoppa> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.9 (March 3rd 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle leading whitespace - disclosed by <https://github.com/p0cas|p0cas> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.8 (February 15th 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> treat scheme case-insenstivie when handling excessive slackes and backslashes - [PR <https://github-redirect.dependabot.com/medialize/URI.js/issues/412|#412>](<https://github-redirect.dependabot.com/medialize/URI.js/pull/412|medialize/URI.js#412>) by <https://github.com/r0hanSH|r0hanSH> &gt; &gt; *1.19.7 (July 14th 2021)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parseQuery|`URI.parseQuery()`> to prevent overwriting `__proto__` in parseQuery() - disclosed privately by <https://github.com/NewEraCracker|`@​NewEraCracker`> &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> to handle variable amounts of `\` and `/` in scheme delimiter as Node and Browsers do - disclosed privately by <https://github.com/ready-research|ready-research> via <https://huntr.dev/|https://huntr.dev/> &gt; • removed obsolete build tools &gt; • updated jQuery versions (verifying compatibility with 1.12.4, 2.2.4, 3.6.0) Changelog _Sourced from <https://github.com/medialize/URI.js/blob/gh-pages/CHANGELOG.md|urijs's changelog>._ &gt; *1.19.11 (April 3rd 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle excessive slashes in scheme-relative URLs - disclosed by <https://github.com/zeyu2001|zeyu2001> via <https://huntr.dev/|https://huntr.dev/> &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> remove `\r` (CR), `\n`, (LF) `\t` (TAB) - disclosed by <https://github.com/haxatron|haxatron> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.10 (March 5th 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle excessive colons in protocol delimiter - disclosed by <https://github.com/huydoppa|huydoppa> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.9 (March 3rd 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> handle leading whitespace - disclosed by <https://github.com/p0cas|p0cas> via <https://huntr.dev/|https://huntr.dev/> &gt; &gt; *1.19.8 (February 15th 2022)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> treat scheme case-insenstivie when handling excessive slackes and backslashes - [PR <https://github-redirect.dependabot.com/medialize/URI.js/issues/412|#412>](<https://github-redirect.dependabot.com/medialize/URI.js/pull/412|medialize/URI.js#412>) by <https://github.com/r0hanSH|r0hanSH> &gt; &gt; *1.19.7 (July 14th 2021)* &gt; &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parseQuery|`URI.parseQuery()`> to prevent overwriting `__proto__` in parseQuery() - disclosed privately by <https://github.com/NewEraCracker|`@​NewEraCracker`> &gt; • *SECURITY* fixing <http://medialize.github.io/URI.js/docs.html#static-parse|`URI.parse()`> to handle variable amounts of `\` and `/` in scheme delimiter as Node and Browsers do - disclosed privately by <https://github.com/ready-research|ready-research> via <https://huntr.dev/|https://huntr.dev/> &gt; • removed obsolete build tools &gt; • updated jQuery versions (verifying compatibility with 1.12.4, 2.2.4, 3.6.0) Commits • <https://github.com/medialize/URI.js/commit/b655c1b972111ade9f181b02374305942e68e30a|`b655c1b`> chore(build): bumping to version 1.19.11 • <https://github.com/medialize/URI.js/commit/b0c9796aa1a95a85f40924fb18b1e5da3dc8ffae|`b0c9796`> fix(parse): handle CR,LF,TAB • <https://github.com/medialize/URI.js/commit/88805fd3da03bd7a5e60947adb49d182011f1277|`88805fd`> fix(parse): handle excessive slashes in scheme-relative URLs • <https://github.com/medialize/URI.js/commit/926b2aa1099f177f82d0a998da4b43e69fe56ec8|`926b2aa`> chore(build): bumping to version 1.19.10 • <https://github.com/medialize/URI.js/commit/a8166fe02f3af6dc1b2b888dcbb807155aad9509|`a8166fe`> fix(parse): handle excessive colons in scheme delimiter • <https://github.com/medialize/URI.js/commit/01920b5cda87d5dd726eab43d6e7f3ce34a2fd52|`01920b5`> chore(build): bumping to version 1.19.9 • <https://github.com/medialize/URI.js/commit/86d10523a6f6e8dc4300d99d671335ee362ad316|`86d1052`> fix(parse): remove leading whitespace • <https://github.com/medialize/URI.js/commit/efae1e56bd80d78478ffb8bcb8a75ee2c0f1031b|`efae1e5`> chore(build): bumping to version 1.19.8 • <https://github.com/medialize/URI.js/commit/6ea641cc8648b025ed5f30b090c2abd4d1a5249f|`6ea641c`> fix(parse): case insensitive scheme - <https://github-redirect.dependabot.com/medialize/URI.js/issues/412|#412> • <https://github.com/medialize/URI.js/commit/19e54c78d5864aec43986e8f96be8d15998daa80|`19e54c7`> chore(build): bumping to version 1.19.7 • Additional commits viewable in <https://github.com/medialize/URI.js/compare/v1.19.6...v1.19.11|compare view> <https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores|Dependabot compatibility score> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. * * * Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: • `@dependabot rebase` will rebase this PR • `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it • `@dependabot merge` will merge this PR after your CI passes on it • `@dependabot squash and merge` will squash and merge this PR after your CI passes on it • `@dependabot cancel merge` will cancel a previously requested merge and block automerging • `@dependabot reopen` will reopen this PR if it is closed • `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually • `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) • `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) • `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language • `@dependabot use these reviewers` will set the current review…

github2 07:32:59

<https://github.com/cofacts/rumors-site/pull/482#issuecomment-1097361278|Comment on #482 Bump urijs from 1.19.6 to 1.19.11>

<https://coveralls.io/builds/48231192|Coverage Status> Coverage remained the same at 73.942% when pulling *<https://github.com/cofacts/rumors-site/commit/5d63be008c5fe4264c3291f8253857beb17c57c7|5d63be0> on dependabot/npm_and_yarn/urijs-1.19.11* into *<https://github.com/cofacts/rumors-site/commit/61c7e77da047d69bc2173c456ca0ca4a69be5d78|61c7e77> on master*.

github2 07:32:59

<https://github.com/cofacts/rumors-site/pull/482#issuecomment-1097361278|Comment on #482 Bump urijs from 1.19.6 to 1.19.11>

<https://coveralls.io/builds/48231192|Coverage Status> Coverage remained the same at 73.942% when pulling *<https://github.com/cofacts/rumors-site/commit/5d63be008c5fe4264c3291f8253857beb17c57c7|5d63be0> on dependabot/npm_and_yarn/urijs-1.19.11* into *<https://github.com/cofacts/rumors-site/commit/61c7e77da047d69bc2173c456ca0ca4a69be5d78|61c7e77> on master*.

Ying 15:35:01
@averyying2022 has joined the channel
github2 21:01:53

<https://github.com/cofacts/rumors-site/issues/483|#483 [Image-M1] Display image on Cofacts website>

Blocked by: <https://github.com/cofacts/design/issues/1|cofacts/design#1> • Display image in Cofacts detail &amp; article list • Allow users to reply to images

github2 21:03:03

<https://github.com/cofacts/design/issues/1|#1 [Image-M1] Design: display image in Cofacts website / LIFF>

Figma mockup for image display under the following context • Cofacts website: Article list • Cofacts website: Article detail • ~Cofacts LINE bot: list of found articles~ • In Image-M1 and M2, only 1 article (with 100% matching hash) will be returned, so no need for listing at this stage • Cofacts LINE bot: LIFF viewed article • Cofacts LINE bot: LIFF article detail

github2 21:03:03

<https://github.com/cofacts/design/issues/1|#1 Design: display image in Cofacts website / LIFF>

Figma mockup for image display under the following context • Cofacts website: Article list • Cofacts website: Article detail • Cofacts LINE bot: list of found articles • Cofacts LINE bot: LIFF viewed article • Cofacts LINE bot: LIFF article detail

github2 21:09:28

<https://github.com/cofacts/rumors-api/issues/277|#277 [Image-M1] Wrap image management / dedup mechanism into library>

Move file upload &amp; hash generation code from <https://github.com/cofacts/rumors-api/pull/273|#273> to a separate Node.JS repository with the following functionality: • setup GCP credential • upload image • search for near duplicate result given a query image • documentation

github2 21:16:46

<https://github.com/cofacts/rumors-line-bot/issues/304|#304 [Image-M2] LINE bot can search for images>

• User can forward images to Cofacts LINE bot • LINE bot can return image result • User can choose found images • LINE bot can return fact-checking replies to images Blocked by: • <https://github.com/cofacts/design/issues/1|cofacts/design#1> • <https://github.com/cofacts/rumors-api/pull/273|cofacts/rumors-api#273>

github2 21:16:46

<https://github.com/cofacts/rumors-line-bot/issues/304|#304 [Image-M2] LINE bot can search for images>

• User can forward images to Cofacts LINE bot • LINE bot can return image result • There should be only 1 image result because similarity search is not in place in this case • User can choose found images • LINE bot can return fact-checking replies to images Blocked by: • <https://github.com/cofacts/design/issues/1|cofacts/design#1> • <https://github.com/cofacts/rumors-api/pull/273|cofacts/rumors-api#273>

github2 21:21:19

<https://github.com/cofacts/rumors-line-bot/issues/305|#305 [Image-M2] LINE bot server image proxy>

• An endpoint for rumors-api to fetch images from LINE messaging API • Forwards image request to LINE messaging API's <https://developers.line.biz/en/reference/messaging-api/#get-content|Get content> endpoint • It's a streaming proxy; no temp file is stored on rumors-line-bot server

github2 21:21:19

<https://github.com/cofacts/rumors-line-bot/issues/305|#305 [Image-M2] LINE bot server image proxy>

• An endpoint for rumors-api to fetch images from LINE messaging API • Forwards image request to LINE messaging API's <https://developers.line.biz/en/reference/messaging-api/#get-content|Get content> endpoint • It's a streaming proxy; no temp file is stored on rumors-line-bot server

github2 21:22:53

<https://github.com/cofacts/rumors-line-bot/issues/306|#306 [Image-M2] LINE bot can submit new images>

Similar to submitting new text rumors, LINE bot should ask for source (if the image is from LINE) and ask for user's consent to submit this image to public database.

github2 21:22:53

<https://github.com/cofacts/rumors-line-bot/issues/306|#306 [Image-M2] LINE bot can submit new images>

Similar to submitting new text rumors, LINE bot should ask for source (if the image is from LINE) and ask for user's consent to submit this image to public database.

2022-04-14

mrorz 18:47:57
免費快篩訊息大量發生中!!
image.png
快篩的今天記者會有記者提問
😱 1
cai 20:22:24
為什麼會出現實聯制+1+2的謠言阿
這個超多
跟錢有關的大家傳很勤
免費快篩也是錢
今天記者會有記者提問這題,但台上台下認知好像有差異
事實查核中心的報告也是
https://tfc-taiwan.org.tw/articles/7204

所以要先釐清被匡列是指被衛生局匡列,還是只是收到細胞簡訊?
其實 MyGoPen 有訪到網傳當事人,也就是說這個訊息應該是民眾的真實體驗
https://www.mygopen.com/2022/04/pcr-free.html

我的想法是這樣
1. 疫調人員透過簡訊實聯匡列送簡訊,確實只會送給傳簡訊的那個人
2. 但透過簡訊實聯制框到的都只是時空有重疊的「接觸者」,不一定「密切接觸」也還沒有發現確診。跟這個人同行的 +1、+2 的這些人,就只是「一起有時空重疊」而已。
3. 在醫院現場,他們要負責把關是否要公費採檢。即使「理論上」+1 的人和送簡訊的人風險是一樣大的,所以送簡訊的人若可以公費、+1 的人也應該要符合資格,但「實務上」醫院端很難驗證「這兩個人真的有一起出席」,自然會用最保守的方式認定,也就是只讓收到疫調簡訊的人公費採檢,其他自費。
4. 如果收到簡訊的人日後採檢確診了,那這些 +1 的人還是會被疫調到(只是可能晚一波)。不過,現在的防疫方向也是走「減緩上升」而不是要做到「滴水不漏」,漏掉那些 +1、+2 的應該也還好。不過,可以想像這些 +1 在疫調實務上,確實造成掃碼的人困擾、也造成疫調通知上稍慢,所以 MyGoPen 訪到的、執行框列的單位也坦言,其實每個人都掃的話最有效也最方便,畢竟在有必要時可以在系統上一次撈出來通知。
cai 20:22:24
為什麼會出現實聯制+1+2的謠言阿
這個超多
跟錢有關的大家傳很勤
免費快篩也是錢
今天記者會有記者提問這題,但台上台下認知好像有差異
事實查核中心的報告也是
https://tfc-taiwan.org.tw/articles/7204

所以要先釐清被匡列是指被衛生局匡列,還是只是收到細胞簡訊?
其實 MyGoPen 有訪到網傳當事人,也就是說這個訊息應該是民眾的真實體驗
https://www.