Update dependency webrick to v1.8.2 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
webrick	1.8.1 -> 1.8.2

GitHub Vulnerability Alerts

CVE-2024-47220

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production."

---

Release Notes

ruby/webrick (webrick)

v1.8.2

Compare Source

What's Changed

• Drop commented-out line by @​olleolleolle in https://github.com/ruby/webrick/pull/108
• Add Ruby 3.1 & 3.2 to CI matrix by @​tricknotes in https://github.com/ruby/webrick/pull/109
• Fix/redos by @​ooooooo-q in https://github.com/ruby/webrick/pull/114
• Raise HTTPStatus::BadRequest for requests with invalid/duplicate content-length headers by @​jeremyevans in https://github.com/ruby/webrick/pull/120
• Bump actions/checkout from 3 to 4 by @​dependabot in https://github.com/ruby/webrick/pull/121
• Improve CI by @​hsbt in https://github.com/ruby/webrick/pull/123
• Fix WEBrick::TestFileHandler#test_short_filename test not working on mswin by @​KJTsanaktsidis in https://github.com/ruby/webrick/pull/128
• Fix bug chunk extension detection by @​jeremyevans in https://github.com/ruby/webrick/pull/125
• Fix CI. by @​ioquatix in https://github.com/ruby/webrick/pull/131
• Merge multiple cookie headers, preserving semantic correctness. by @​ioquatix in https://github.com/ruby/webrick/pull/130
• Test on macos-latest by @​byroot in https://github.com/ruby/webrick/pull/132
• Require CRLF line endings in request line and headers by @​jeremyevans in https://github.com/ruby/webrick/pull/138
• Prefer squigly heredocs. by @​ioquatix in https://github.com/ruby/webrick/pull/143
• Only strip space and horizontal tab in headers by @​jeremyevans in https://github.com/ruby/webrick/pull/141
• Treat missing CRLF separator after headers as an EOFError by @​jeremyevans in https://github.com/ruby/webrick/pull/142
• Return 400 response for chunked requests with unexpected data after chunk by @​jeremyevans in https://github.com/ruby/webrick/pull/136
• Fix reference to URI::REGEXP::PATTERN::HOST by @​casperisfine in https://github.com/ruby/webrick/pull/144
• Prevent request smuggling by @​jeremyevans in https://github.com/ruby/webrick/pull/146

New Contributors

• @​tricknotes made their first contribution in https://github.com/ruby/webrick/pull/109
• @​ooooooo-q made their first contribution in https://github.com/ruby/webrick/pull/114
• @​KJTsanaktsidis made their first contribution in https://github.com/ruby/webrick/pull/128
• @​byroot made their first contribution in https://github.com/ruby/webrick/pull/132
• @​casperisfine made their first contribution in https://github.com/ruby/webrick/pull/144

Full Changelog: ruby/webrick@v1.8.1...v1.8.2

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.