oss-fuzz

Commit Graph

Author	SHA1	Message	Date
dependabot[bot]	92bce305b4	build(deps-dev): bump rexml from 3.3.3 to 3.3.6 in /docs in the bundler group (#12515 ) Bumps the bundler group in /docs with 1 update: [rexml](https://github.com/ruby/rexml). Updates `rexml` from 3.3.3 to 3.3.6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ruby/rexml/releases">rexml's releases</a>.</em></p> <blockquote> <h2>REXML 3.3.6 - 2024-08-22</h2> <h3>Improvements</h3> <ul> <li> <p>Removed duplicated entity expansions for performance.</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/194">GH-194</a></li> <li>Patch by Viktor Ivarsson.</li> </ul> </li> <li> <p>Improved namespace conflicted attribute check performance. It was too slow for deep elements.</p> <ul> <li>Reported by l33thaxor.</li> </ul> </li> </ul> <h3>Fixes</h3> <ul> <li> <p>Fixed a bug that default entity expansions are counted for security check. Default entity expansions should not be counted because they don't have a security risk.</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/198">GH-198</a></li> <li><a href="https://redirect.github.com/ruby/rexml/issues/199">GH-199</a></li> <li>Patch Viktor Ivarsson</li> </ul> </li> <li> <p>Fixed a parser bug that parameter entity references in internal subsets are expanded. It's not allowed in the XML specification.</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/191">GH-191</a></li> <li>Patch by NAITOH Jun.</li> </ul> </li> <li> <p>Fixed a stream parser bug that user-defined entity references in text aren't expanded.</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/200">GH-200</a></li> <li>Patch by NAITOH Jun.</li> </ul> </li> </ul> <h3>Thanks</h3> <ul> <li> <p>Viktor Ivarsson</p> </li> <li> <p>NAITOH Jun</p> </li> <li> <p>l33thaxor</p> </li> </ul> <h2>REXML 3.3.5 - 2024-08-12</h2> <h3>Fixes</h3> <ul> <li>Fixed a bug that <code>REXML::Security.entity_expansion_text_limit</code> check has wrong text size calculation in SAX and pull parsers. <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/193">GH-193</a></li> <li><a href="https://redirect.github.com/ruby/rexml/issues/195">GH-195</a></li> <li>Reported by Viktor Ivarsson.</li> <li>Patch by NAITOH Jun.</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ruby/rexml/blob/master/NEWS.md">rexml's changelog</a>.</em></p> <blockquote> <h2>3.3.6 - 2024-08-22 {#version-3-3-6}</h2> <h3>Improvements</h3> <ul> <li> <p>Removed duplicated entity expansions for performance.</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/194">GH-194</a></li> <li>Patch by Viktor Ivarsson.</li> </ul> </li> <li> <p>Improved namespace conflicted attribute check performance. It was too slow for deep elements.</p> <ul> <li>Reported by l33thaxor.</li> </ul> </li> </ul> <h3>Fixes</h3> <ul> <li> <p>Fixed a bug that default entity expansions are counted for security check. Default entity expansions should not be counted because they don't have a security risk.</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/198">GH-198</a></li> <li><a href="https://redirect.github.com/ruby/rexml/issues/199">GH-199</a></li> <li>Patch Viktor Ivarsson</li> </ul> </li> <li> <p>Fixed a parser bug that parameter entity references in internal subsets are expanded. It's not allowed in the XML specification.</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/191">GH-191</a></li> <li>Patch by NAITOH Jun.</li> </ul> </li> <li> <p>Fixed a stream parser bug that user-defined entity references in text aren't expanded.</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/200">GH-200</a></li> <li>Patch by NAITOH Jun.</li> </ul> </li> </ul> <h3>Thanks</h3> <ul> <li> <p>Viktor Ivarsson</p> </li> <li> <p>NAITOH Jun</p> </li> <li> <p>l33thaxor</p> </li> </ul> <h2>3.3.5 - 2024-08-12 {#version-3-3-5}</h2> <h3>Fixes</h3> <ul> <li>Fixed a bug that <code>REXML::Security.entity_expansion_text_limit</code> check has wrong text size calculation in SAX and pull parsers. <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/193">GH-193</a></li> <li><a href="https://redirect.github.com/ruby/rexml/issues/195">GH-195</a></li> <li>Reported by Viktor Ivarsson.</li> <li>Patch by NAITOH Jun.</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`95871f399e`"><code>95871f3</code></a> Add 3.3.6 entry</li> <li><a href="`7cb5eaeb22`"><code>7cb5eae</code></a> parser tree: improve namespace conflicted attribute check performance</li> <li><a href="`6109e0183c`"><code>6109e01</code></a> Fix a bug that Stream parser doesn't expand the user-defined entity reference...</li> <li><a href="`cb158582f1`"><code>cb15858</code></a> parser: keep the current namespaces instead of stack of Set</li> <li><a href="`2b47b161db`"><code>2b47b16</code></a> parser: move duplicated end tag check to BaseParser</li> <li><a href="`35e1681a17`"><code>35e1681</code></a> test tree-parser: move common method to base class</li> <li><a href="`6e00a14daf`"><code>6e00a14</code></a> test: fix indent</li> <li><a href="`df3a0cc830`"><code>df3a0cc</code></a> test: fix indent</li> <li><a href="`fdbffe744b`"><code>fdbffe7</code></a> Use loop instead of recursive call for Element#namespace</li> <li><a href="`6422fa3449`"><code>6422fa3</code></a> Use loop instead of recursive call for Element#root</li> <li>Additional commits viewable in <a href="https://github.com/ruby/rexml/compare/v3.3.3...v3.3.6">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rexml&package-manager=bundler&previous-version=3.3.3&new-version=3.3.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/google/oss-fuzz/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-09-19 09:10:34 -04:00
dependabot[bot]	32a0eb55d4	build(deps-dev): bump rexml from 3.2.8 to 3.3.3 in /docs in the bundler group (#12303 ) Bumps the bundler group in /docs with 1 update: [rexml](https://github.com/ruby/rexml). Updates `rexml` from 3.2.8 to 3.3.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ruby/rexml/releases">rexml's releases</a>.</em></p> <blockquote> <h2>REXML 3.3.3 - 2024-08-01</h2> <h3>Improvements</h3> <ul> <li> <p>Added support for detecting invalid XML that has unsupported content before root element</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/184">GH-184</a></li> <li>Patch by NAITOH Jun.</li> </ul> </li> <li> <p>Added support for <code>REXML::Security.entity_expansion_limit=</code> and <code>REXML::Security.entity_expansion_text_limit=</code> in SAX2 and pull parsers</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/187">GH-187</a></li> <li>Patch by NAITOH Jun.</li> </ul> </li> <li> <p>Added more tests for invalid XMLs.</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/183">GH-183</a></li> <li>Patch by Watson.</li> </ul> </li> <li> <p>Added more performance tests.</p> <ul> <li>Patch by Watson.</li> </ul> </li> <li> <p>Improved parse performance.</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/186">GH-186</a></li> <li>Patch by tomoya ishida.</li> </ul> </li> </ul> <h3>Thanks</h3> <ul> <li> <p>NAITOH Jun</p> </li> <li> <p>Watson</p> </li> <li> <p>tomoya ishida</p> </li> </ul> <h2>REXML 3.3.2 - 2024-07-16</h2> <h3>Improvements</h3> <ul> <li> <p>Improved parse performance.</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/160">GH-160</a></li> <li>Patch by NAITOH Jun.</li> </ul> </li> <li> <p>Improved parse performance.</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/169">GH-169</a></li> <li><a href="https://redirect.github.com/ruby/rexml/issues/170">GH-170</a></li> <li><a href="https://redirect.github.com/ruby/rexml/issues/171">GH-171</a></li> <li><a href="https://redirect.github.com/ruby/rexml/issues/172">GH-172</a></li> <li><a href="https://redirect.github.com/ruby/rexml/issues/173">GH-173</a></li> <li><a href="https://redirect.github.com/ruby/rexml/issues/174">GH-174</a></li> <li><a href="https://redirect.github.com/ruby/rexml/issues/175">GH-175</a></li> <li><a href="https://redirect.github.com/ruby/rexml/issues/176">GH-176</a></li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ruby/rexml/blob/master/NEWS.md">rexml's changelog</a>.</em></p> <blockquote> <h2>3.3.3 - 2024-08-01 {#version-3-3-3}</h2> <h3>Improvements</h3> <ul> <li> <p>Added support for detecting invalid XML that has unsupported content before root element</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/184">GH-184</a></li> <li>Patch by NAITOH Jun.</li> </ul> </li> <li> <p>Added support for <code>REXML::Security.entity_expansion_limit=</code> and <code>REXML::Security.entity_expansion_text_limit=</code> in SAX2 and pull parsers</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/187">GH-187</a></li> <li>Patch by NAITOH Jun.</li> </ul> </li> <li> <p>Added more tests for invalid XMLs.</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/183">GH-183</a></li> <li>Patch by Watson.</li> </ul> </li> <li> <p>Added more performance tests.</p> <ul> <li>Patch by Watson.</li> </ul> </li> <li> <p>Improved parse performance.</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/186">GH-186</a></li> <li>Patch by tomoya ishida.</li> </ul> </li> </ul> <h3>Thanks</h3> <ul> <li> <p>NAITOH Jun</p> </li> <li> <p>Watson</p> </li> <li> <p>tomoya ishida</p> </li> </ul> <h2>3.3.2 - 2024-07-16 {#version-3-3-2}</h2> <h3>Improvements</h3> <ul> <li> <p>Improved parse performance.</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/160">GH-160</a></li> <li>Patch by NAITOH Jun.</li> </ul> </li> <li> <p>Improved parse performance.</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/169">GH-169</a></li> <li><a href="https://redirect.github.com/ruby/rexml/issues/170">GH-170</a></li> <li><a href="https://redirect.github.com/ruby/rexml/issues/171">GH-171</a></li> <li><a href="https://redirect.github.com/ruby/rexml/issues/172">GH-172</a></li> <li><a href="https://redirect.github.com/ruby/rexml/issues/173">GH-173</a></li> <li><a href="https://redirect.github.com/ruby/rexml/issues/174">GH-174</a></li> <li><a href="https://redirect.github.com/ruby/rexml/issues/175">GH-175</a></li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`e4a067e112`"><code>e4a067e</code></a> Add 3.3.3 entry</li> <li><a href="`17ff3e7874`"><code>17ff3e7</code></a> test: add a performance test for attribute list declaration</li> <li><a href="`be86b3de0a`"><code>be86b3d</code></a> test: fix wrong test name</li> <li><a href="`b93d790b36`"><code>b93d790</code></a> test: use double quote for string literal</li> <li><a href="`0fbe7d5a0e`"><code>0fbe7d5</code></a> test: don't use abbreviated name</li> <li><a href="`1599e8785f`"><code>1599e87</code></a> test: add a performance test for PI with many tabs</li> <li><a href="`e2546e6eca`"><code>e2546e6</code></a> parse pi: improve invalid case detection</li> <li><a href="`73661ef281`"><code>73661ef</code></a> test: fix a typo</li> <li><a href="`850488abf2`"><code>850488a</code></a> test: use double quote for string literal</li> <li><a href="`46c6397d5c`"><code>46c6397</code></a> test: add performance tests for entity declaration</li> <li>Additional commits viewable in <a href="https://github.com/ruby/rexml/compare/v3.2.8...v3.3.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rexml&package-manager=bundler&previous-version=3.2.8&new-version=3.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/google/oss-fuzz/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-09-18 11:17:14 -04:00
dependabot[bot]	368993df0a	build(deps-dev): bump the bundler group across 1 directory with 2 updates (#11962 ) Bumps the bundler group with 2 updates in the /docs directory: [nokogiri](https://github.com/sparklemotion/nokogiri) and [rexml](https://github.com/ruby/rexml). Updates `nokogiri` from 1.16.2 to 1.16.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/releases">nokogiri's releases</a>.</em></p> <blockquote> <h2>v1.16.5 / 2024-05-13</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7">GHSA-r95h-9x8f-r3f7</a> for more information.</li> </ul> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7">v2.12.7</a> from v2.12.6. (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> </ul> <hr /> <p>sha256 checksums:</p> <pre><code>af0f44fa3e664dfb2aa10de8b551447d720c1e8d1f0aa3f35783dcc43e40a874 nokogiri-1.16.5-aarch64-linux.gem 23dc2357b26409a5c33b7e32a82902f0e9995305420f16d1a03ab3ea1a482fec nokogiri-1.16.5-arm-linux.gem 950d037530edb49f75ad35de0b8038b970a7dda57e2b6326895b0e49fadf6214 nokogiri-1.16.5-arm64-darwin.gem b7aefc94370c62476b8528e8d8abb6160203abd84a1f4eceda8f1aa8974d9989 nokogiri-1.16.5-java.gem ec2167160df8fec3137bf95d574ed80ebc1d002bb3b281546b60b4aa9002466e nokogiri-1.16.5-x64-mingw-ucrt.gem 6984200491fac69974005ecfa2de129d61843d345eafa5d6f58e8b908d1cf107 nokogiri-1.16.5-x64-mingw32.gem abdc389ab1ec6604492da16bd9d06ad746fdb6bd6a1bd274c400d61ffcadb3c4 nokogiri-1.16.5-x86-linux.gem 63d24981345856f2baf7f4089870a62d3042fb8d3021b280fb04fc052532e3c4 nokogiri-1.16.5-x86-mingw32.gem 71b5f54e378c433d13df67c3b71acc4716129da62402d8181f310c4216a63279 nokogiri-1.16.5-x86_64-darwin.gem 0ca238da870066bed2f7837af6f35791bb9b76c4c5638999c46aac44818a6a97 nokogiri-1.16.5-x86_64-linux.gem ec36162c68984fa0a90a5c4ae7ab7759460639e716cc1ce75f34c3cb54158ad2 nokogiri-1.16.5.gem </code></pre> <h2>v1.16.4 / 2024-04-10</h2> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored zlib in the precompiled native gems is updated to <a href="https://zlib.net/ChangeLog.txt">v1.3.1</a> from v1.3. Nokogiri is not affected by the minizip CVE patched in this version, but this update may satisfy some security scanners. Related, see <a href="https://github.com/sparklemotion/nokogiri/discussions/3168">this discussion</a> about removing the compression libraries altogether in a future version of Nokogiri.</li> </ul> <hr /> <p>sha256 checksums:</p> <pre><code>bdb1dc4378ebcf3ade8f440c7df68f6d76946a1a96c4823a2b4c53c01a320cd5 nokogiri-1.16.4-aarch64-linux.gem 0c994b9996d5576eddcc3201a94ef2bff6fc3627c4ae4d2708b0ec9b9743ec6a nokogiri-1.16.4-arm-linux.gem 8e86abb64c93c06d3c588042a0e757279e8f1dc88b5210a00be892a9a7a27196 nokogiri-1.16.4-arm64-darwin.gem bf84fa28be4943692bd64772186e0832fb1061f80714ccb93e111e9d72b1cadc nokogiri-1.16.4-java.gem a46808467c1f63a2031e1ca0715cd5336bb4ec759e9c0e2f4c951c1cc30994ae nokogiri-1.16.4-x64-mingw-ucrt.gem 4cdf64bc5e9443ec3e0b595347ecc8affe21968d9ae934c0825d26630ef96468 nokogiri-1.16.4-x64-mingw32.gem d86d21bae47dd9f6f5223055e45d33fae08b0b89aad94cbc0ece4f4274fa7af5 nokogiri-1.16.4-x86-linux.gem d488b872884844686780fda7cf5da44ee884d32faa713a55aeb4736d76718168 nokogiri-1.16.4-x86-mingw32.gem a896e52a56951ffb0e6a9279afbf485d683e357a053d27f4cfcb2a73b0824628 nokogiri-1.16.4-x86_64-darwin.gem 92ff4f09910255fec84b3bc4c4b182e94cada3ed12b9f7a6ea058e0af186fb31 nokogiri-1.16.4-x86_64-linux.gem </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md">nokogiri's changelog</a>.</em></p> <blockquote> <h2>v1.16.5</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7">GHSA-r95h-9x8f-r3f7</a> for more information.</li> </ul> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7">v2.12.7</a> from v2.12.6. (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> </ul> <h2>v1.16.4 / 2024-04-10</h2> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored zlib in the precompiled native gems is updated to <a href="https://zlib.net/ChangeLog.txt">v1.3.1</a> from v1.3. Nokogiri is not affected by the minizip CVE patched in this version, but this update may satisfy some security scanners. Related, see <a href="https://github.com/sparklemotion/nokogiri/discussions/3168">this discussion</a> about removing the compression libraries altogether in a future version of Nokogiri.</li> </ul> <h2>v1.16.3 / 2024-03-15</h2> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.6">v2.12.6</a> from v2.12.5. (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> </ul> <h3>Changed</h3> <ul> <li>[CRuby] <code>XML::Reader</code> sets the <code>@encoding</code> instance variable during reading if it is not passed into the initializer. Previously, it would remain <code>nil</code>. The behavior of <code>Reader#encoding</code> has not changed. This works around changes to how libxml2 reports the encoding used in v2.12.6.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`cd70bd3dc9`"><code>cd70bd3</code></a> version bump to v1.16.5</li> <li><a href="`afc36de553`"><code>afc36de</code></a> dep: update vendored libxml2 to v2.12.7 (<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3191">#3191</a>)</li> <li><a href="`41b4f0846d`"><code>41b4f08</code></a> ci: add arm64-darwin coverage using macos-14</li> <li><a href="`67b9e863a6`"><code>67b9e86</code></a> dep: update libxml2 to v2.12.7</li> <li><a href="`17c0362082`"><code>17c0362</code></a> version bump to v1.16.4</li> <li><a href="`1c329e9c09`"><code>1c329e9</code></a> dep: update to zlib 1.3.1 (v1.16.x) (<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3175">#3175</a>)</li> <li><a href="`edeac07bb2`"><code>edeac07</code></a> dep: update to zlib 1.3.1</li> <li><a href="`80fb6085c0`"><code>80fb608</code></a> version bump to v1.16.3</li> <li><a href="`710bd96d70`"><code>710bd96</code></a> dep: update libxml 2.12.6 (branch v1.16.x) (<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3151">#3151</a>)</li> <li><a href="`461a96ea16`"><code>461a96e</code></a> fix: Reader#read sets <a href="https://github.com/encoding"><code>@encoding</code></a> if it is unset</li> <li>Additional commits viewable in <a href="https://github.com/sparklemotion/nokogiri/compare/v1.16.2...v1.16.5">compare view</a></li> </ul> </details> <br /> Updates `rexml` from 3.2.5 to 3.2.8 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ruby/rexml/releases">rexml's releases</a>.</em></p> <blockquote> <h2>REXML 3.2.8 - 2024-05-16</h2> <h3>Fixes</h3> <ul> <li>Suppressed a warning</li> </ul> <h2>REXML 3.2.7 - 2024-05-16</h2> <h3>Improvements</h3> <ul> <li> <p>Improve parse performance by using <code>StringScanner</code>.</p> <ul> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/106">GH-106</a></p> </li> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/107">GH-107</a></p> </li> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/108">GH-108</a></p> </li> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/109">GH-109</a></p> </li> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/112">GH-112</a></p> </li> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/113">GH-113</a></p> </li> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/114">GH-114</a></p> </li> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/115">GH-115</a></p> </li> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/116">GH-116</a></p> </li> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/117">GH-117</a></p> </li> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/118">GH-118</a></p> </li> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/119">GH-119</a></p> </li> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/121">GH-121</a></p> </li> <li> <p>Patch by NAITOH Jun.</p> </li> </ul> </li> <li> <p>Improved parse performance when an attribute has many <code><</code>s.</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/124">GH-124</a></li> </ul> </li> </ul> <h3>Fixes</h3> <ul> <li> <p>XPath: Fixed a bug of <code>normalize_space(array)</code>.</p> <ul> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/110">GH-110</a></p> </li> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/111">GH-111</a></p> </li> <li> <p>Patch by flatisland.</p> </li> </ul> </li> <li> <p>XPath: Fixed a bug that wrong position is used with nested path.</p> <ul> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/110">GH-110</a></p> </li> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/122">GH-122</a></p> </li> <li> <p>Reported by jcavalieri.</p> </li> <li> <p>Patch by NAITOH Jun.</p> </li> </ul> </li> <li> <p>Fixed a bug that an exception message can't be generated for invalid encoding XML.</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ruby/rexml/blob/master/NEWS.md">rexml's changelog</a>.</em></p> <blockquote> <h2>3.2.8 - 2024-05-16 {#version-3-2-8}</h2> <h3>Fixes</h3> <ul> <li>Suppressed a warning</li> </ul> <h2>3.2.7 - 2024-05-16 {#version-3-2-7}</h2> <h3>Improvements</h3> <ul> <li> <p>Improve parse performance by using <code>StringScanner</code>.</p> <ul> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/106">GH-106</a></p> </li> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/107">GH-107</a></p> </li> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/108">GH-108</a></p> </li> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/109">GH-109</a></p> </li> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/112">GH-112</a></p> </li> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/113">GH-113</a></p> </li> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/114">GH-114</a></p> </li> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/115">GH-115</a></p> </li> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/116">GH-116</a></p> </li> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/117">GH-117</a></p> </li> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/118">GH-118</a></p> </li> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/119">GH-119</a></p> </li> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/121">GH-121</a></p> </li> <li> <p>Patch by NAITOH Jun.</p> </li> </ul> </li> <li> <p>Improved parse performance when an attribute has many <code><</code>s.</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/124">GH-124</a></li> </ul> </li> </ul> <h3>Fixes</h3> <ul> <li> <p>XPath: Fixed a bug of <code>normalize_space(array)</code>.</p> <ul> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/110">GH-110</a></p> </li> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/111">GH-111</a></p> </li> <li> <p>Patch by flatisland.</p> </li> </ul> </li> <li> <p>XPath: Fixed a bug that wrong position is used with nested path.</p> <ul> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/110">GH-110</a></p> </li> <li> <p><a href="https://redirect.github.com/ruby/rexml/issues/122">GH-122</a></p> </li> <li> <p>Reported by jcavalieri.</p> </li> <li> <p>Patch by NAITOH Jun.</p> </li> </ul> </li> <li> <p>Fixed a bug that an exception message can't be generated for</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`1cf37bab79`"><code>1cf37ba</code></a> Add 3.2.8 entry</li> <li><a href="`b67081caa8`"><code>b67081c</code></a> Remove an unused variable (<a href="https://redirect.github.com/ruby/rexml/issues/128">#128</a>)</li> <li><a href="`94e180e939`"><code>94e180e</code></a> Suppress a warning</li> <li><a href="`d574ba5fe1`"><code>d574ba5</code></a> ci: install only gems required for running tests (<a href="https://redirect.github.com/ruby/rexml/issues/129">#129</a>)</li> <li><a href="`4670f8fc18`"><code>4670f8f</code></a> Add missing Thanks section</li> <li><a href="`9ba35f9f03`"><code>9ba35f9</code></a> Bump version</li> <li><a href="`085def0742`"><code>085def0</code></a> Add 3.2.7 entry</li> <li><a href="`4325835f92`"><code>4325835</code></a> Read quoted attributes in chunks (<a href="https://redirect.github.com/ruby/rexml/issues/126">#126</a>)</li> <li><a href="`e77365e2d1`"><code>e77365e</code></a> Exclude older than 2.6 on macos-14</li> <li><a href="`bf2c8edb5f`"><code>bf2c8ed</code></a> Move development dependencies to Gemfile (<a href="https://redirect.github.com/ruby/rexml/issues/124">#124</a>)</li> <li>Additional commits viewable in <a href="https://github.com/ruby/rexml/compare/v3.2.5...v3.2.8">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/google/oss-fuzz/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-05-20 08:34:54 -04:00
dependabot[bot]	5a6fc533e1	build(deps-dev): bump nokogiri from 1.14.3 to 1.16.2 in /docs (#11572 ) Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.14.3 to 1.16.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/releases">nokogiri's releases</a>.</em></p> <blockquote> <h2>v1.16.2 / 2024-02-04</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j">GHSA-xc9x-jj77-9p9j</a> for more information.</li> </ul> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5">v2.12.5</a> from v2.12.4. (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> </ul> <hr /> <p>sha256 checksums:</p> <pre><code>69ba15d2a2498324489ed63850997f0b8f684260114ea81116d3082f16551d2d nokogiri-1.16.2-aarch64-linux.gem 6a05ce42e3587a40cf8936ece0beaa5d32922254215d2e8cf9ad40588bb42e57 nokogiri-1.16.2-arm-linux.gem c957226c8e36b31be6a3afb8602e2128282bf8b40ea51016c4cd21aa2608d3f8 nokogiri-1.16.2-arm64-darwin.gem 122652bfc338cd8a54a692ac035e245e41fd3b8283299202ca26e7a7d50db310 nokogiri-1.16.2-java.gem 7344b5072ca69fc5bedb61cb01a3b765b93a27aae5a2a845c2ba7200e4345074 nokogiri-1.16.2-x64-mingw-ucrt.gem a2a5e184a424111a0d5b77947986484920ad708009c667f061e8d02035c562dd nokogiri-1.16.2-x64-mingw32.gem 833efddeb51a6c2c9f6356295623c2b2e0d50050d468695c59bd929162953323 nokogiri-1.16.2-x86-linux.gem e67fc0418dffaff9dc8b1dc65f0605282c3fee9488832d0223b620b4319e0b53 nokogiri-1.16.2-x86-mingw32.gem 5def799e5f139f21a79d7cf71172313a7b6fb0e4b2a31ab9bd5d4ad305994539 nokogiri-1.16.2-x86_64-darwin.gem 5b146240ac6ec6c40fd4367623e74442bca45a542bd3282b1d4d18b07b8e5dfe nokogiri-1.16.2-x86_64-linux.gem 68922ee5cde27497d995c46f2821957bae961947644eed2822d173daf7567f9c nokogiri-1.16.2.gem </code></pre> <h2>v1.16.1 / 2024-02-03</h2> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.4">v2.12.4</a> from v2.12.3. (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> </ul> <h3>Fixed</h3> <ul> <li>[CRuby] <code>XML::Reader</code> defaults the encoding to UTF-8 if it's not specified in either the document or as a method parameter. Previously non-ASCII characters were serialized as NCRs in this case. <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2891">#2891</a> (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> <li>[CRuby] Restored support for compilation by GCC versions earlier than 4.6, which was broken in v1.15.0 (540e9aee). <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3090">#3090</a> (<a href="https://github.com/adfoster-r7"><code>@adfoster-r7</code></a>)</li> <li>[CRuby] Patched upstream libxml2 to allow parsing HTML5 in the context of a namespaced node (e.g., foreign content like MathML). [#3112, <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3116">#3116</a>] (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> <li>[CRuby] Fixed a small memory leak in libgumbo (HTML5 parser) when the maximum tree depth limit is hit. [#3098, <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3100">#3100</a>] (<a href="https://github.com/stevecheckoway"><code>@stevecheckoway</code></a>)</li> </ul> <hr /> <p>sha256 checksums:</p> <pre><code>a541f35e5b9798a0c97300f9ee18f4217da2a2945a6d5499e4123b9018f9cafc nokogiri-1.16.1-aarch64-linux.gem 6b82affd195000ab2f9c36cc08744ec2d2fcf6d8da88d59a2db67e83211f7c69 nokogiri-1.16.1-arm-linux.gem </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md">nokogiri's changelog</a>.</em></p> <blockquote> <h2>v1.16.2 / 2024-02-04</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j">GHSA-xc9x-jj77-9p9j</a> for more information.</li> </ul> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5">v2.12.5</a> from v2.12.4. (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> </ul> <h2>v1.16.1 / 2024-02-03</h2> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.4">v2.12.4</a> from v2.12.3. (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> </ul> <h3>Fixed</h3> <ul> <li>[CRuby] <code>XML::Reader</code> defaults the encoding to UTF-8 if it's not specified in either the document or as a method parameter. Previously non-ASCII characters were serialized as NCRs in this case. <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2891">#2891</a> (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> <li>[CRuby] Restored support for compilation by GCC versions earlier than 4.6, which was broken in v1.15.0 (540e9aee). <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3090">#3090</a> (<a href="https://github.com/adfoster-r7"><code>@adfoster-r7</code></a>)</li> <li>[CRuby] Patched upstream libxml2 to allow parsing HTML5 in the context of a namespaced node (e.g., foreign content like MathML). [#3112, <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3116">#3116</a>] (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> <li>[CRuby] Fixed a small memory leak in libgumbo (HTML5 parser) when the maximum tree depth limit is hit. [#3098, <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3100">#3100</a>] (<a href="https://github.com/stevecheckoway"><code>@stevecheckoway</code></a>)</li> </ul> <h2>v1.16.0 / 2023-12-27</h2> <h3>Notable Changes</h3> <h4>Ruby</h4> <p>This release introduces native gem support for Ruby 3.3.</p> <p>This release ends support for Ruby 2.7, for which <a href="https://www.ruby-lang.org/en/downloads/branches/">upstream support ended 2023-03-31</a>.</p> <h4>Pattern matching</h4> <p>This version marks <em>official support</em> for the pattern matching API in <code>XML::Attr</code>, <code>XML::Document</code>, <code>XML::DocumentFragment</code>, <code>XML::Namespace</code>, <code>XML::Node</code>, and <code>XML::NodeSet</code> (and their subclasses), originally introduced as an experimental feature in v1.14.0. (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</p> <p>Documentation on what can be matched:</p> <ul> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/Attr.html?h=deconstruct#method-i-deconstruct_keys"><code>XML::Attr#deconstruct_keys</code></a></li> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/Document.html?h=deconstruct#method-i-deconstruct_keys"><code>XML::Document#deconstruct_keys</code></a></li> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/Namespace.html?h=deconstruct+namespace#method-i-deconstruct_keys"><code>XML::Namespace#deconstruct_keys</code></a></li> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/Node.html?h=deconstruct#method-i-deconstruct_keys"><code>XML::Node#deconstruct_keys</code></a></li> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/DocumentFragment.html?h=deconstruct#method-i-deconstruct"><code>XML::DocumentFragment#deconstruct</code></a></li> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/NodeSet.html?h=deconstruct#method-i-deconstruct"><code>XML::NodeSet#deconstruct</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`673756fdd6`"><code>673756f</code></a> version bump to v1.16.2</li> <li><a href="`74ffd67a8e`"><code>74ffd67</code></a> dep: update libxml to 2.12.5 (branch v1.16.x) (<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3122">#3122</a>)</li> <li><a href="`0d4018dc70`"><code>0d4018d</code></a> dep: update libxml2 to v2.12.5</li> <li><a href="`f33a25f437`"><code>f33a25f</code></a> dep: remove patch from <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3112">#3112</a> which has been released upstream</li> <li><a href="`e99416896a`"><code>e994168</code></a> version bump to v1.16.1</li> <li><a href="`77ea2f228c`"><code>77ea2f2</code></a> dev: add files to manifest ignore list</li> <li><a href="`756f27c6b7`"><code>756f27c</code></a> build(deps): bump actions/{download,upload}-artifact from 3 to 4</li> <li><a href="`464f8d41eb`"><code>464f8d4</code></a> .gitignore: clangd-related files</li> <li><a href="`2beeb96069`"><code>2beeb96</code></a> doc: update CHANGELOG</li> <li><a href="`a26536d7a4`"><code>a26536d</code></a> fix: apply upstream patch for in-context parsing (<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3116">#3116</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sparklemotion/nokogiri/compare/v1.14.3...v1.16.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=nokogiri&package-manager=bundler&previous-version=1.14.3&new-version=1.16.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/google/oss-fuzz/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-02-21 11:14:27 -05:00
dependabot[bot]	5dc040c2bb	build(deps-dev): bump activesupport from 7.0.4.3 to 7.0.7.2 in /docs (#10879 ) Bumps [activesupport](https://github.com/rails/rails) from 7.0.4.3 to 7.0.7.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rails/rails/releases">activesupport's releases</a>.</em></p> <blockquote> <h2>7.0.7.2 release</h2> <p>No changes between this and 7.0.7.2. This release was just to fix file permissions in the previous release.</p> <h2>7.0.7.1</h2> <h2>Active Support</h2> <ul> <li> <p>Use a temporary file for storing unencrypted files while editing</p> <p>[CVE-2023-38037]</p> </li> </ul> <h2>Active Model</h2> <ul> <li>No changes.</li> </ul> <h2>Active Record</h2> <ul> <li>No changes.</li> </ul> <h2>Action View</h2> <ul> <li>No changes.</li> </ul> <h2>Action Pack</h2> <ul> <li>No changes.</li> </ul> <h2>Active Job</h2> <ul> <li>No changes.</li> </ul> <h2>Action Mailer</h2> <ul> <li>No changes.</li> </ul> <h2>Action Cable</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rails/rails/blob/v7.0.7.2/activesupport/CHANGELOG.md">activesupport's changelog</a>.</em></p> <blockquote> <h2>Rails 7.0.7.2 (August 22, 2023)</h2> <ul> <li>No changes.</li> </ul> <h2>Rails 7.0.7.1 (August 22, 2023)</h2> <ul> <li> <p>Use a temporary file for storing unencrypted files while editing</p> <p>[CVE-2023-38037]</p> </li> </ul> <h2>Rails 7.0.7 (August 09, 2023)</h2> <ul> <li> <p>Fix <code>Cache::NullStore</code> with local caching for repeated reads.</p> <p><em>fatkodima</em></p> </li> <li> <p>Fix <code>to_s</code> with no arguments not respecting custom <code>:default</code> formats</p> <p><em>Hartley McGuire</em></p> </li> <li> <p>Fix <code>ActiveSupport::Inflector.humanize(nil)</code> raising <code>NoMethodError: undefined method `end_with?' for nil:NilClass</code>.</p> <p><em>James Robinson</em></p> </li> <li> <p>Fix <code>Enumerable#sum</code> for <code>Enumerator#lazy</code>.</p> <p><em>fatkodima</em>, <em>Matthew Draper</em>, <em>Jonathan Hefner</em></p> </li> <li> <p>Improve error message when EventedFileUpdateChecker is used without a compatible version of the Listen gem</p> <p><em>Hartley McGuire</em></p> </li> </ul> <h2>Rails 7.0.6 (June 29, 2023)</h2> <ul> <li> <p>Fix <code>EncryptedConfiguration</code> returning incorrect values for some <code>Hash</code> methods</p> <p><em>Hartley McGuire</em></p> </li> <li> <p>Fix arguments being destructed <code>Enumerable#many?</code> with block.</p> <p><em>Andrew Novoselac</em></p> </li> <li> <p>Fix humanize for strings ending with id.</p> <p><em>fatkodima</em></p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`3668b4b597`"><code>3668b4b</code></a> Preparing for 7.0.7.2 release</li> <li><a href="`2294b8b27a`"><code>2294b8b</code></a> Bumping version</li> <li><a href="`c92caefc2b`"><code>c92caef</code></a> Preparing for 7.0.7.1 release</li> <li><a href="`936587d49b`"><code>936587d</code></a> updating version / changelog</li> <li><a href="`a21d6edf35`"><code>a21d6ed</code></a> Use a temporary file for storing unencrypted files while editing</li> <li><a href="`522c86f35c`"><code>522c86f</code></a> Preparing for 7.0.7 release</li> <li><a href="`5610cbacc5`"><code>5610cba</code></a> Sync CHANGELOG with the changes in the repository</li> <li><a href="`7e9ffc2e13`"><code>7e9ffc2</code></a> Fix to_s not using :default format with no args</li> <li><a href="`a8e88e2e4f`"><code>a8e88e2</code></a> Fix <code>Cache::NullStore</code> with local caching for repeated reads</li> <li><a href="`b18b9df65e`"><code>b18b9df</code></a> Merge pull request <a href="https://redirect.github.com/rails/rails/issues/48800">#48800</a> from robinjam/fix-humanize-nil</li> <li>Additional commits viewable in <a href="https://github.com/rails/rails/compare/v7.0.4.3...v7.0.7.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=activesupport&package-manager=bundler&previous-version=7.0.4.3&new-version=7.0.7.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/google/oss-fuzz/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-28 12:49:45 -04:00
dependabot[bot]	4f0dd2adcb	build(deps-dev): bump commonmarker from 0.23.9 to 0.23.10 in /docs (#10811 ) Bumps [commonmarker](https://github.com/gjtorikian/commonmarker) from 0.23.9 to 0.23.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gjtorikian/commonmarker/releases">commonmarker's releases</a>.</em></p> <blockquote> <h2>v0.23.10</h2> <h2>What's Changed</h2> <ul> <li>Update to 0.29.0.gfm.13 by <a href="https://github.com/anticomputer"><code>@anticomputer</code></a> in <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/247">gjtorikian/commonmarker#247</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.9...v0.23.10">https://github.com/gjtorikian/commonmarker/compare/v0.23.9...v0.23.10</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/gjtorikian/commonmarker/blob/v0.23.10/CHANGELOG.md">commonmarker's changelog</a>.</em></p> <blockquote> <h2>[v0.23.10] (2023-07-31)</h2> <ul> <li>Update GFM release to <a href="https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.12"><code>0.29.0.gfm.12</code></a> and <a href="https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.13"><code>0.29.0.gfm.13</code></a>, thereby <a href="https://github.com/github/cmark-gfm/security/advisories/GHSA-w4qg-3vf7-m9x5">fixing a polynomial time complexity security vulnerability</a>.</li> <li>Of note to users of this library, GFM releases <code>0.29.0.gfm.12</code> and <code>0.29.0.gfm.13</code> also: <ul> <li>Normalized marker row vs. delimiter row nomenclature (<a href="https://redirect.github.com/github/cmark-gfm/pull/273">#273</a>)</li> <li>Exposed CMARK_NODE_FOOTNOTE_DEFINITION literal value (<a href="https://redirect.github.com/github/cmark-gfm/pull/336">#336</a>)</li> </ul> </li> </ul> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v0.23.4">v0.23.4</a> (2022-03-03)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.2...v0.23.4">Full Changelog</a></p> <p><strong>Fixed bugs:</strong></p> <ul> <li><code>#render_html</code> way slower than <code>#render_doc.to_html</code> <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/141">#141</a></li> </ul> <p><strong>Closed issues:</strong></p> <ul> <li>allow keeping text content of unknown tags <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/169">#169</a></li> <li>STRIKETHROUGH_DOUBLE_TILDE not working <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/168">#168</a></li> <li>Allow disabling 4-space code blocks <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/167">#167</a></li> <li>tables with escaped pipes are not recognized <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/166">#166</a></li> </ul> <p><strong>Merged pull requests:</strong></p> <ul> <li>CI: Drop a duplicate 'bundle install' <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/173">#173</a> (<a href="https://github.com/olleolleolle">olleolleolle</a>)</li> <li>CI: Drop duplicate bundle install <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/172">#172</a> (<a href="https://github.com/olleolleolle">olleolleolle</a>)</li> <li>Fixup benchmark and speedup a little, fixes <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/141">#141</a> <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/171">#171</a> (<a href="https://github.com/ojab">ojab</a>)</li> </ul> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v0.23.2">v0.23.2</a> (2021-09-17)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.1...v0.23.2">Full Changelog</a></p> <p><strong>Merged pull requests:</strong></p> <ul> <li>Update GFM release to <code>0.29.0.gfm.2</code> <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/148">#148</a> (<a href="https://github.com/phillmv">phillmv</a>)</li> </ul> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v0.23.1">v0.23.1</a> (2021-09-03)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.0...v0.23.1">Full Changelog</a></p> <p><strong>Closed issues:</strong></p> <ul> <li>Incorrect processing of list and next block of code <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/146">#146</a></li> </ul> <p><strong>Merged pull requests:</strong></p> <ul> <li>Normalize parse and render options <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/145">#145</a> (<a href="https://github.com/phillmv">phillmv</a>)</li> </ul> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v0.23.0">v0.23.0</a> (2021-08-30)</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`db8cd377b5`"><code>db8cd37</code></a> Merge pull request <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/247">#247</a> from anticomputer/update-to-0.29.0.gfm.13</li> <li><a href="`e1e450c381`"><code>e1e450c</code></a> 💎 release 0.23.10</li> <li><a href="`08b7c4b96c`"><code>08b7c4b</code></a> Update cmark-upstream to <a href="https://github.com/github/cmark-gfm/commit/587a12bb5">https://github.com/github/cmark-gfm/commit/587a12bb5</a>...</li> <li><a href="`d0e81e2392`"><code>d0e81e2</code></a> I've used this version of the update_submodules script for several releases, ...</li> <li>See full diff in <a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.9...v0.23.10">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commonmarker&package-manager=bundler&previous-version=0.23.9&new-version=0.23.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/google/oss-fuzz/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-09 12:54:20 -04:00
dependabot[bot]	63fe031ba5	build(deps): bump commonmarker from 0.23.7 to 0.23.9 in /docs (#10065 ) Bumps [commonmarker](https://github.com/gjtorikian/commonmarker) from 0.23.7 to 0.23.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gjtorikian/commonmarker/releases">commonmarker's releases</a>.</em></p> <blockquote> <h2>v0.23.9</h2> <h2>What's Changed</h2> <ul> <li>Update to 0.29.0.gfm.11 by <a href="https://github.com/anticomputer"><code>@anticomputer</code></a> in <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/236">gjtorikian/commonmarker#236</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.8...v0.23.9">https://github.com/gjtorikian/commonmarker/compare/v0.23.8...v0.23.9</a></p> <h2>v0.23.8</h2> <h2>What's Changed</h2> <ul> <li>Update cmark-upstream to <code>0.29.0.gfm.9</code> by <a href="https://github.com/smockle"><code>@smockle</code></a> in <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/227">gjtorikian/commonmarker#227</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/smockle"><code>@smockle</code></a> made their first contribution in <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/227">gjtorikian/commonmarker#227</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.7...v0.23.8">https://github.com/gjtorikian/commonmarker/compare/v0.23.7...v0.23.8</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/gjtorikian/commonmarker/blob/main/CHANGELOG.md">commonmarker's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v1.0.0.pre9">v1.0.0.pre9</a> (2023-03-28)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v1.0.0.pre8...v1.0.0.pre9">Full Changelog</a></p> <p><strong>Merged pull requests:</strong></p> <ul> <li>Updates from upstream <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/235">#235</a> (<a href="https://github.com/gjtorikian">gjtorikian</a>)</li> <li>Bump comrak from 0.16.0 to 0.17.1 <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/234">#234</a> (<a href="https://github.com/apps/dependabot">dependabot[bot]</a>)</li> <li>Bump magnus from 0.5.1 to 0.5.2 <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/233">#233</a> (<a href="https://github.com/apps/dependabot">dependabot[bot]</a>)</li> <li>Add ability to load <code>tmtheme</code>s from a folder <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/232">#232</a> (<a href="https://github.com/gjtorikian">gjtorikian</a>)</li> <li>Bump magnus from 0.5.0 to 0.5.1 <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/231">#231</a> (<a href="https://github.com/apps/dependabot">dependabot[bot]</a>)</li> <li>Bump magnus from 0.4.4 to 0.5.0 <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/230">#230</a> (<a href="https://github.com/apps/dependabot">dependabot[bot]</a>)</li> <li>Test the new integrated rb-sys <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/228">#228</a> (<a href="https://github.com/gjtorikian">gjtorikian</a>)</li> </ul> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v1.0.0.pre8">v1.0.0.pre8</a> (2023-03-09)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.8...v1.0.0.pre8">Full Changelog</a></p> <p><strong>Closed issues:</strong></p> <ul> <li>Something changed in how header anchors are named in the output HTML <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/229">#229</a></li> <li>Problem with CommonMarker on an Azure VM <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/226">#226</a></li> </ul> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v0.23.8">v0.23.8</a> (2023-01-31)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v1.0.0.pre7...v0.23.8">Full Changelog</a></p> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v1.0.0.pre7">v1.0.0.pre7</a> (2023-01-26)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.7...v1.0.0.pre7">Full Changelog</a></p> <p><strong>Merged pull requests:</strong></p> <ul> <li>Bump comrak from 0.15.0 to 0.16.0 <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/225">#225</a> (<a href="https://github.com/apps/dependabot">dependabot[bot]</a>)</li> <li>Change <code>unsafe_</code> to <code>unsafe</code> <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/220">#220</a> (<a href="https://github.com/gjtorikian">gjtorikian</a>)</li> <li>Clarify syntax highlighter plugin usage in README <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/218">#218</a> (<a href="https://github.com/DannyBen">DannyBen</a>)</li> <li>Fix a couple of misleading README points <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/215">#215</a> (<a href="https://github.com/DannyBen">DannyBen</a>)</li> <li>remove gemspec <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/214">#214</a> (<a href="https://github.com/gjtorikian">gjtorikian</a>)</li> <li>Add shortcodes/emoji <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/210">#210</a> (<a href="https://github.com/gjtorikian">gjtorikian</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`42cfc90251`"><code>42cfc90</code></a> Merge pull request <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/236">#236</a> from anticomputer/update-to-0.29.0.gfm.10</li> <li><a href="`d793fbf451`"><code>d793fbf</code></a> Update cmark-upstream to <a href="https://github.com/github/cmark-gfm/commit/1e230827a">https://github.com/github/cmark-gfm/commit/1e230827a</a>...</li> <li><a href="`4e4588f2e0`"><code>4e4588f</code></a> Update Makefile for export header consolidation</li> <li><a href="`2eb8ca8f2f`"><code>2eb8ca8</code></a> Update cmark-upstream to <a href="https://github.com/github/cmark-gfm/commit/c8dcdc71c">https://github.com/github/cmark-gfm/commit/c8dcdc71c</a>...</li> <li><a href="`bbb49db722`"><code>bbb49db</code></a> HtmlRenderer: don't nest <strong></li> <li><a href="`f303e6bae7`"><code>f303e6b</code></a> 💎 release 0.23.9</li> <li><a href="`d6fe4c8be4`"><code>d6fe4c8</code></a> Update cmark-upstream to <a href="https://github.com/github/cmark-gfm/commit/dcf6b3862">https://github.com/github/cmark-gfm/commit/dcf6b3862</a>...</li> <li><a href="`94c0af96f0`"><code>94c0af9</code></a> Merge pull request <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/227">#227</a> from gjtorikian/update-to-0.29.0.gfm.9</li> <li><a href="`5249f70a97`"><code>5249f70</code></a> 💎 release 0.23.8</li> <li><a href="`85c205798f`"><code>85c2057</code></a> Added aria-label changes to test-footnotes.rb</li> <li>Additional commits viewable in <a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.7...v0.23.9">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commonmarker&package-manager=bundler&previous-version=0.23.7&new-version=0.23.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/google/oss-fuzz/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com>	2023-04-14 08:20:12 -04:00
dependabot[bot]	b9fd3a17ef	build(deps): bump nokogiri from 1.13.10 to 1.14.3 in /docs (#10066 ) Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.10 to 1.14.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/releases">nokogiri's releases</a>.</em></p> <blockquote> <h2>1.14.3 / 2023-04-11</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to address CVE-2023-29469, CVE-2023-28484, and one other security-related issue. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-pxvg-2qj5-37jq">GHSA-pxvg-2qj5-37jqGHSA-pxvg-2qj5-37jq</a> for more information.</li> </ul> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4">v2.10.4</a> from v2.10.3.</li> </ul> <hr /> <p>sha256 checksums:</p> <pre><code>9cc53dd8d92868a0f5bcee44396357a19f95e32d8b9754092622a25bc954c60c nokogiri-1.14.3-aarch64-linux.gem 320fa1836b8e59e86a804baee534893bcf3b901cc255bbec6d87f3dd3e431610 nokogiri-1.14.3-arm-linux.gem 67dd4ac33a8cf0967c521fa57e5a5422db39da8a9d131aaa2cd53deaa12be4cd nokogiri-1.14.3-arm64-darwin.gem 13969ec7f41d9cff46fc7707224c55490a519feef7cfea727c6945c5b444caa2 nokogiri-1.14.3-java.gem 9885085249303461ee08f9a9b161d0a570391b8f5be0316b3ac5a6d9a947e1e2 nokogiri-1.14.3-x64-mingw-ucrt.gem 997943d7582a23ad6e7a0abe081d0d40d2c1319a6b2749f9b30fd18037f0c38a nokogiri-1.14.3-x64-mingw32.gem 58c30b763aebd62dc4222385509d7f83ac398ee520490fadc4b6d7877e29895a nokogiri-1.14.3-x86-linux.gem e1d58a5c56c34aab71b00901a969e19bf9f7322ee459b4e9380f433213887c04 nokogiri-1.14.3-x86-mingw32.gem f0a1ed1460a91fd2daf558357f4c0ceac6d994899da1bf98431aeda301e4dc74 nokogiri-1.14.3-x86_64-darwin.gem e323a7c654ef846e64582fb6e26f6fed869a96753f8e048ff723e74d8005cb11 nokogiri-1.14.3-x86_64-linux.gem 3b1cee0eb8879e9e25b6dd431be597ca68f20283b0d4f4ca986521fad107dc3a nokogiri-1.14.3.gem </code></pre> <h2>1.14.2 / 2023-02-13</h2> <h3>Fixed</h3> <ul> <li>Calling <code>NodeSet#to_html</code> on an empty node set no longer raises an encoding-related exception. This bug was introduced in v1.14.0 while fixing <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2649">#2649</a>. [<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2784">#2784</a>]</li> </ul> <hr /> <p>sha256 checksums:</p> <pre lang="text"><code>966acf4f6c1fba10518f86498141cf44265564ac5a65dcc8496b65f8c354f776 nokogiri-1.14.2-aarch64-linux.gem 8a3a35cadae4a800ddc0b967394257343d62196d9d059b54e38cf067981db428 nokogiri-1.14.2-arm-linux.gem 81404cd014ecb597725c3847523c2ee365191a968d0b5f7d857e03f388c57631 nokogiri-1.14.2-arm64-darwin.gem 0a39222af14e75eb0243e8d969345e03b90c0e02b0f33c61f1ebb6ae53538bb5 nokogiri-1.14.2-java.gem 62a18f9213a0ceeaf563d1bc7ccfd93273323c4356ded58a5617c59bc4635bc5 nokogiri-1.14.2-x64-mingw-ucrt.gem 54f6ac2c15a7a88f431bb5e23f4616aa8fc97a92eb63336bcf65b7050f2d3be0 nokogiri-1.14.2-x64-mingw32.gem c42fa0856f01f901954898e28c3c2b4dce0e843056b1b126f441d06e887e1b77 nokogiri-1.14.2-x86-linux.gem f940d9c8e47b0f19875465376f2d1c8911bc9489ac9a48c124579819dc4a7f19 nokogiri-1.14.2-x86-mingw32.gem 2508978f5ca28944919973f6300f0a7355fbe72604ab6a6913f1630be1030265 nokogiri-1.14.2-x86_64-darwin.gem bc6405e1f3ddac6e401f82d775f1c0c24c6e58c371b3fadaca0596d5d511e476 nokogiri-1.14.2-x86_64-linux.gem </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md">nokogiri's changelog</a>.</em></p> <blockquote> <h2>1.14.3 / 2023-04-11</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to address CVE-2023-29469, CVE-2023-28484, and one other security-related issue. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-pxvg-2qj5-37jq">GHSA-pxvg-2qj5-37jqGHSA-pxvg-2qj5-37jq</a> for more information.</li> </ul> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4">v2.10.4</a> from v2.10.3.</li> </ul> <h2>1.14.2 / 2023-02-13</h2> <h3>Fixed</h3> <ul> <li>Calling <code>NodeSet#to_html</code> on an empty node set no longer raises an encoding-related exception. This bug was introduced in v1.14.0 while fixing <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2649">#2649</a>. [<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2784">#2784</a>]</li> </ul> <h2>1.14.1 / 2023-01-30</h2> <h3>Fixed</h3> <ul> <li>Serializing documents now works again with pseudo-IO objects that don't support IO's encoding API (like rubyzip's <code>Zip::OutputStream</code>). This was a regression in v1.14.0 due to the fix for <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/752">#752</a> in <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2434">#2434</a>, and was not completely fixed by <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2753">#2753</a>. [<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2773">#2773</a>]</li> <li>[CRuby] Address compiler warnings about <code>void*</code> casting and old-style C function definitions.</li> </ul> <h2>1.14.0 / 2023-01-12</h2> <h3>Notable Changes</h3> <h4>Ruby</h4> <p>This release introduces native gem support for Ruby 3.2. (Also see "Technical note" under "Changed" below.)</p> <p>This release ends support for:</p> <ul> <li>Ruby 2.6, for which <a href="https://www.ruby-lang.org/en/downloads/branches/">upstream support ended 2022-04-12</a>.</li> <li>JRuby 9.3, which is not fully compatible with Ruby 2.7+</li> </ul> <h4>Faster, more reliable installation: Native Gem for <code>aarch64-linux</code> (aka <code>linux/arm64/v8</code>)</h4> <p>This version of Nokogiri ships <em>official</em> native gem support for the <code>aarch64-linux</code> platform, which should support AWS Graviton and other ARM64 Linux platforms. Please note that glibc >= 2.29 is required for aarch64-linux systems, see <a href="https://nokogiri.org/#supported-platforms">Supported Platforms</a> for more information.</p> <h4>Faster, more reliable installation: Native Gem for <code>arm-linux</code> (aka <code>linux/arm/v7</code>)</h4> <p>This version of Nokogiri ships <em>experimental</em> native gem support for the <code>arm-linux</code> platform. Please note that glibc >= 2.29 is required for arm-linux systems, see <a href="https://nokogiri.org/#supported-platforms">Supported Platforms</a> for more information.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`e8d2f4a829`"><code>e8d2f4a</code></a> version bump to v1.14.3</li> <li><a href="`59fbc7b6d5`"><code>59fbc7b</code></a> doc: update CHANGELOG for v1.14.3</li> <li><a href="`347eacbeea`"><code>347eacb</code></a> Merge pull request <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2852">#2852</a> from sparklemotion/flavorjones-libxml2-2.10.4-backport</li> <li><a href="`36b0b3355d`"><code>36b0b33</code></a> dep: update libxml2 to 2.10.4 from 2.10.3</li> <li><a href="`ac83e6ee70`"><code>ac83e6e</code></a> test: update behavior of namespaces in HTML4</li> <li><a href="`2cf4996c52`"><code>2cf4996</code></a> test: make default GC behavior "normal"</li> <li><a href="`1580121eea`"><code>1580121</code></a> version bump to v1.14.2</li> <li><a href="`530947753e`"><code>5309477</code></a> Merge pull request <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2791">#2791</a> from sparklemotion/2784-encoding-empty-strings-v1.14.x</li> <li><a href="`975ae491c4`"><code>975ae49</code></a> doc: update CHANGELOG</li> <li><a href="`f13cdb4640`"><code>f13cdb4</code></a> fix: empty node set serialization when document encoding is nil</li> <li>Additional commits viewable in <a href="https://github.com/sparklemotion/nokogiri/compare/v1.13.10...v1.14.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=nokogiri&package-manager=bundler&previous-version=1.13.10&new-version=1.14.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/google/oss-fuzz/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-14 08:07:03 -04:00
dependabot[bot]	c9914cb385	build(deps): bump commonmarker from 0.23.6 to 0.23.7 in /docs (#9496 ) Bumps [commonmarker](https://github.com/gjtorikian/commonmarker) from 0.23.6 to 0.23.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gjtorikian/commonmarker/releases">commonmarker's releases</a>.</em></p> <blockquote> <h2>v0.23.7</h2> <h2>What's Changed</h2> <ul> <li>C API stable test by <a href="https://github.com/gjtorikian"><code>@gjtorikian</code></a> in <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/201">gjtorikian/commonmarker#201</a></li> <li>Update to 29.0.gfm.7 by <a href="https://github.com/anticomputer"><code>@anticomputer</code></a> in <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/224">gjtorikian/commonmarker#224</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.6...v0.23.7">https://github.com/gjtorikian/commonmarker/compare/v0.23.6...v0.23.7</a></p> <h2>v0.23.7.pre1</h2> <h2>What's Changed</h2> <ul> <li>C API stable test by <a href="https://github.com/gjtorikian"><code>@gjtorikian</code></a> in <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/201">gjtorikian/commonmarker#201</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.6...v0.23.7.pre1">https://github.com/gjtorikian/commonmarker/compare/v0.23.6...v0.23.7.pre1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/gjtorikian/commonmarker/blob/main/CHANGELOG.md">commonmarker's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v1.0.0.pre6">v1.0.0.pre6</a> (2023-01-09)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v1.0.0.pre5...v1.0.0.pre6">Full Changelog</a></p> <p><strong>Closed issues:</strong></p> <ul> <li>Cargo.lock prevents Ruby 3.2.0 from installing commonmarker v1.0.0.pre4 <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/issues/211">#211</a></li> </ul> <p><strong>Merged pull requests:</strong></p> <ul> <li>always use rb_sys (don't use Ruby's emerging cargo tooling where available) <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/213">#213</a> (<a href="https://github.com/kivikakk">kivikakk</a>)</li> </ul> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v1.0.0.pre5">v1.0.0.pre5</a> (2023-01-08)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v1.0.0.pre4...v1.0.0.pre5">Full Changelog</a></p> <p><strong>Merged pull requests:</strong></p> <ul> <li>Provide 3.2 build support <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/212">#212</a> (<a href="https://github.com/gjtorikian">gjtorikian</a>)</li> </ul> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v1.0.0.pre4">v1.0.0.pre4</a> (2022-12-28)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v1.0.0.pre3...v1.0.0.pre4">Full Changelog</a></p> <p><strong>Closed issues:</strong></p> <ul> <li>Will the cmark-gfm branch continue to be maintained for awhile? <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/issues/207">#207</a></li> </ul> <p><strong>Merged pull requests:</strong></p> <ul> <li>Implement native syntax highlighting <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/209">#209</a> (<a href="https://github.com/gjtorikian">gjtorikian</a>)</li> <li>Bump magnus from 0.4.3 to 0.4.4 <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/208">#208</a> (<a href="https://github.com/apps/dependabot">dependabot[bot]</a>)</li> <li>Bump magnus from 0.4.2 to 0.4.3 <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/206">#206</a> (<a href="https://github.com/apps/dependabot">dependabot[bot]</a>)</li> <li>Bump comrak from 0.14.0 to 0.15.0 <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/205">#205</a> (<a href="https://github.com/apps/dependabot">dependabot[bot]</a>)</li> <li>Bump magnus from 0.4.1 to 0.4.2 <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/204">#204</a> (<a href="https://github.com/apps/dependabot">dependabot[bot]</a>)</li> </ul> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v1.0.0.pre3">v1.0.0.pre3</a> (2022-11-30)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v1.0.0.pre.2...v1.0.0.pre3">Full Changelog</a></p> <p><strong>Closed issues:</strong></p> <ul> <li>Code block incorrectly parsed in commonmarker 1.0.0.pre <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/issues/202">#202</a></li> </ul> <p><strong>Merged pull requests:</strong></p> <ul> <li>Windows build <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/197">#197</a> (<a href="https://github.com/gjtorikian">gjtorikian</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`734fd86c97`"><code>734fd86</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/issues/224">#224</a> from gjtorikian/update-to-29.0.gfm.7</li> <li><a href="`2e724ec52a`"><code>2e724ec</code></a> Turned off Rubocop.</li> <li><a href="`9c923b0bfd`"><code>9c923b0</code></a> 💎 release 0.23.7</li> <li><a href="`30419c25e8`"><code>30419c2</code></a> Added call to cmark_init_standard_node_flags()</li> <li><a href="`9007c3798f`"><code>9007c37</code></a> Update cmark-upstream to <a href="https://github.com/github/cmark-gfm/commit/57d5e093e">https://github.com/github/cmark-gfm/commit/57d5e093e</a>...</li> <li><a href="`1cfec13373`"><code>1cfec13</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/issues/201">#201</a> from gjtorikian/c-api-stable-test</li> <li><a href="`bbf631b413`"><code>bbf631b</code></a> lint</li> <li><a href="`5b807a115d`"><code>5b807a1</code></a> ease up</li> <li><a href="`9a24e6d2fe`"><code>9a24e6d</code></a> Test fake version</li> <li><a href="`d8a43bc73a`"><code>d8a43bc</code></a> Allow for manual dispatch</li> <li>Additional commits viewable in <a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.6...v0.23.7">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commonmarker&package-manager=bundler&previous-version=0.23.6&new-version=0.23.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/google/oss-fuzz/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-24 19:43:27 -05:00
jonathanmetzman	2c347b059b	Upgrade activesupport (#9499 )	2023-01-24 19:40:39 -05:00
jonathanmetzman	8df1de8725	Update activesupport (#9495 )	2023-01-24 15:06:51 -05:00
dependabot[bot]	ade3ed3b9d	build(deps): bump nokogiri from 1.13.9 to 1.13.10 in /docs (#9165 ) Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.9 to 1.13.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/releases">nokogiri's releases</a>.</em></p> <blockquote> <h2>1.13.10 / 2022-12-07</h2> <h3>Security</h3> <ul> <li>[CRuby] Address CVE-2022-23476, unchecked return value from <code>xmlTextReaderExpand</code>. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj">GHSA-qv4q-mr5r-qprj</a> for more information.</li> </ul> <h3>Improvements</h3> <ul> <li>[CRuby] <code>XML::Reader#attribute_hash</code> now returns <code>nil</code> on parse errors. This restores the behavior of <code>#attributes</code> from v1.13.7 and earlier. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2715">#2715</a>]</li> </ul> <hr /> <p>sha256 checksums:</p> <pre><code>777ce2e80f64772e91459b943e531dfef387e768f2255f9bc7a1655f254bbaa1 nokogiri-1.13.10-aarch64-linux.gem b432ff47c51386e07f7e275374fe031c1349e37eaef2216759063bc5fa5624aa nokogiri-1.13.10-arm64-darwin.gem 73ac581ddcb680a912e92da928ffdbac7b36afd3368418f2cee861b96e8c830b nokogiri-1.13.10-java.gem 916aa17e624611dddbf2976ecce1b4a80633c6378f8465cff0efab022ebc2900 nokogiri-1.13.10-x64-mingw-ucrt.gem 0f85a1ad8c2b02c166a6637237133505b71a05f1bb41b91447005449769bced0 nokogiri-1.13.10-x64-mingw32.gem 91fa3a8724a1ce20fccbd718dafd9acbde099258183ac486992a61b00bb17020 nokogiri-1.13.10-x86-linux.gem d6663f5900ccd8f72d43660d7f082565b7ffcaade0b9a59a74b3ef8791034168 nokogiri-1.13.10-x86-mingw32.gem 81755fc4b8130ef9678c76a2e5af3db7a0a6664b3cba7d9fe8ef75e7d979e91b nokogiri-1.13.10-x86_64-darwin.gem 51d5246705dedad0a09b374d09cc193e7383a5dd32136a690a3cd56e95adf0a3 nokogiri-1.13.10-x86_64-linux.gem d3ee00f26c151763da1691c7fc6871ddd03e532f74f85101f5acedc2d099e958 nokogiri-1.13.10.gem </code></pre> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md">nokogiri's changelog</a>.</em></p> <blockquote> <h2>1.13.10 / 2022-12-07</h2> <h3>Security</h3> <ul> <li>[CRuby] Address CVE-2022-23476, unchecked return value from <code>xmlTextReaderExpand</code>. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj">GHSA-qv4q-mr5r-qprj</a> for more information.</li> </ul> <h3>Improvements</h3> <ul> <li>[CRuby] <code>XML::Reader#attribute_hash</code> now returns <code>nil</code> on parse errors. This restores the behavior of <code>#attributes</code> from v1.13.7 and earlier. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2715">#2715</a>]</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`4c80121dc3`"><code>4c80121</code></a> version bump to v1.13.10</li> <li><a href="`85410e3841`"><code>85410e3</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2715">#2715</a> from sparklemotion/flavorjones-fix-reader-error-hand...</li> <li><a href="`9fe0761c47`"><code>9fe0761</code></a> fix(cruby): XML::Reader#attribute_hash returns nil on error</li> <li><a href="`3b9c736bee`"><code>3b9c736</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2717">#2717</a> from sparklemotion/flavorjones-lock-psych-to-fix-bui...</li> <li><a href="`2efa87b49a`"><code>2efa87b</code></a> test: skip large cdata test on system libxml2</li> <li><a href="`3187d6739c`"><code>3187d67</code></a> dep(dev): pin psych to v4 until v5 builds in CI</li> <li><a href="`a16b4bf14c`"><code>a16b4bf</code></a> style(rubocop): disable Minitest/EmptyLineBeforeAssertionMethods</li> <li>See full diff in <a href="https://github.com/sparklemotion/nokogiri/compare/v1.13.9...v1.13.10">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=nokogiri&package-manager=bundler&previous-version=1.13.9&new-version=1.13.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/google/oss-fuzz/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-12 10:51:55 -05:00
dependabot[bot]	3682b65805	build(deps): bump nokogiri from 1.13.8 to 1.13.9 in /docs (#8827 ) Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.8 to 1.13.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/releases">nokogiri's releases</a>.</em></p> <blockquote> <h2>1.13.9 / 2022-10-18</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to address <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-2309">CVE-2022-2309</a>, <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-40304">CVE-2022-40304</a>, and <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-40303">CVE-2022-40303</a>. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw">GHSA-2qc6-mcvw-92cw</a> for more information.</li> <li>[CRuby] Vendored zlib is updated to address <a href="https://ubuntu.com/security/CVE-2022-37434">CVE-2022-37434</a>. Nokogiri was not affected by this vulnerability, but this version of zlib was being flagged up by some vulnerability scanners, see <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2626">#2626</a> for more information.</li> </ul> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.3">v2.10.3</a> from v2.9.14.</li> <li>[CRuby] Vendored libxslt is updated to <a href="https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.37">v1.1.37</a> from v1.1.35.</li> <li>[CRuby] Vendored zlib is updated from 1.2.12 to 1.2.13. (See <a href="https://github.com/sparklemotion/nokogiri/blob/v1.13.x/LICENSE-DEPENDENCIES.md#platform-releases">LICENSE-DEPENDENCIES.md</a> for details on which packages redistribute this library.)</li> </ul> <h3>Fixed</h3> <ul> <li>[CRuby] <code>Nokogiri::XML::Namespace</code> objects, when compacted, update their internal struct's reference to the Ruby object wrapper. Previously, with GC compaction enabled, a segmentation fault was possible after compaction was triggered. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2658">#2658</a>] (Thanks, <a href="https://github.com/eightbitraptor"><code>@eightbitraptor</code></a> and <a href="https://github.com/peterzhu2118"><code>@peterzhu2118</code></a>!)</li> <li>[CRuby] <code>Document#remove_namespaces!</code> now defers freeing the underlying <code>xmlNs</code> struct until the <code>Document</code> is GCed. Previously, maintaining a reference to a <code>Namespace</code> object that was removed in this way could lead to a segfault. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2658">#2658</a>]</li> </ul> <hr /> <p>sha256 checksums:</p> <pre><code>9b69829561d30c4461ea803baeaf3460e8b145cff7a26ce397119577a4083a02 nokogiri-1.13.9-aarch64-linux.gem e76ebb4b7b2e02c72b2d1541289f8b0679fb5984867cf199d89b8ef485764956 nokogiri-1.13.9-arm64-darwin.gem 15bae7d08bddeaa898d8e3f558723300137c26a2dc2632a1f89c8574c4467165 nokogiri-1.13.9-java.gem f6a1dbc7229184357f3129503530af73cc59ceba4932c700a458a561edbe04b9 nokogiri-1.13.9-x64-mingw-ucrt.gem 36d935d799baa4dc488024f71881ff0bc8b172cecdfc54781169c40ec02cbdb3 nokogiri-1.13.9-x64-mingw32.gem ebaf82aa9a11b8fafb67873d19ee48efb565040f04c898cdce8ca0cd53ff1a12 nokogiri-1.13.9-x86-linux.gem 11789a2a11b28bc028ee111f23311461104d8c4468d5b901ab7536b282504154 nokogiri-1.13.9-x86-mingw32.gem 01830e1646803ff91c0fe94bc768ff40082c6de8cfa563dafd01b3f7d5f9d795 nokogiri-1.13.9-x86_64-darwin.gem 8e93b8adec22958013799c8690d81c2cdf8a90b6f6e8150ab22e11895844d781 nokogiri-1.13.9-x86_64-linux.gem 96f37c1baf0234d3ae54c2c89aef7220d4a8a1b03d2675ff7723565b0a095531 nokogiri-1.13.9.gem </code></pre> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md">nokogiri's changelog</a>.</em></p> <blockquote> <h2>1.13.9 / 2022-10-18</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to address <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-2309">CVE-2022-2309</a>, <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-40304">CVE-2022-40304</a>, and <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-40303">CVE-2022-40303</a>. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw">GHSA-2qc6-mcvw-92cw</a> for more information.</li> <li>[CRuby] Vendored zlib is updated to address <a href="https://ubuntu.com/security/CVE-2022-37434">CVE-2022-37434</a>. Nokogiri was not affected by this vulnerability, but this version of zlib was being flagged up by some vulnerability scanners, see <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2626">#2626</a> for more information.</li> </ul> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.3">v2.10.3</a> from v2.9.14.</li> <li>[CRuby] Vendored libxslt is updated to <a href="https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.37">v1.1.37</a> from v1.1.35.</li> <li>[CRuby] Vendored zlib is updated from 1.2.12 to 1.2.13. (See <a href="https://github.com/sparklemotion/nokogiri/blob/v1.13.x/LICENSE-DEPENDENCIES.md#platform-releases">LICENSE-DEPENDENCIES.md</a> for details on which packages redistribute this library.)</li> </ul> <h3>Fixed</h3> <ul> <li>[CRuby] <code>Nokogiri::XML::Namespace</code> objects, when compacted, update their internal struct's reference to the Ruby object wrapper. Previously, with GC compaction enabled, a segmentation fault was possible after compaction was triggered. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2658">#2658</a>] (Thanks, <a href="https://github.com/eightbitraptor"><code>@eightbitraptor</code></a> and <a href="https://github.com/peterzhu2118"><code>@peterzhu2118</code></a>!)</li> <li>[CRuby] <code>Document#remove_namespaces!</code> now defers freeing the underlying <code>xmlNs</code> struct until the <code>Document</code> is GCed. Previously, maintaining a reference to a <code>Namespace</code> object that was removed in this way could lead to a segfault. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2658">#2658</a>]</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`897759cc25`"><code>897759c</code></a> version bump to v1.13.9</li> <li><a href="`aeb1ac3283`"><code>aeb1ac3</code></a> doc: update CHANGELOG</li> <li><a href="`c663e4905a`"><code>c663e49</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2671">#2671</a> from sparklemotion/flavorjones-update-zlib-1.2.13_v1...</li> <li><a href="`212e07da28`"><code>212e07d</code></a> ext: hack to cross-compile zlib v1.2.13 on darwin</li> <li><a href="`76dbc8c5be`"><code>76dbc8c</code></a> dep: update zlib to v1.2.13</li> <li><a href="`24e3a9c414`"><code>24e3a9c</code></a> doc: update CHANGELOG</li> <li><a href="`4db3b4daa9`"><code>4db3b4d</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2668">#2668</a> from sparklemotion/flavorjones-namespace-scopes-comp...</li> <li><a href="`73d73d6e43`"><code>73d73d6</code></a> fix: Document#remove_namespaces! use-after-free bug</li> <li><a href="`5f58b34724`"><code>5f58b34</code></a> fix: namespace nodes behave properly when compacted</li> <li><a href="`b08a8586c7`"><code>b08a858</code></a> test: repro namespace_scopes compaction issue</li> <li>Additional commits viewable in <a href="https://github.com/sparklemotion/nokogiri/compare/v1.13.8...v1.13.9">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=nokogiri&package-manager=bundler&previous-version=1.13.8&new-version=1.13.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/google/oss-fuzz/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-10-24 17:01:50 -04:00
dependabot[bot]	dc07f98f97	build(deps): bump commonmarker from 0.23.5 to 0.23.6 in /docs (#8560 ) Bumps [commonmarker](https://github.com/gjtorikian/commonmarker) from 0.23.5 to 0.23.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gjtorikian/commonmarker/releases">commonmarker's releases</a>.</em></p> <blockquote> <h2>v0.23.6</h2> <h2>What's Changed</h2> <p>This release includes two updates from the upstream <code>cmark-gfm</code> library, namely:</p> <ul> <li><a href="https://github.com/github/cmark-gfm/releases">DoS vulnerability in autolink extension</a> per <a href="https://github.com/github/cmark-gfm/security/advisories/GHSA-cgh3-p57x-9q7q">GHSA-cgh3-p57x-9q7q</a></li> <li><a href="https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.5">Added <code>xmpp:</code> and <code>mailto:</code> support to the autolink extension</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`a8f8d76fbc`"><code>a8f8d76</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/issues/190">#190</a> from anticomputer/main</li> <li><a href="`ac91634631`"><code>ac91634</code></a> 💎 release 0.23.6</li> <li><a href="`777fd3054b`"><code>777fd30</code></a> Update cmark-upstream to <a href="https://github.com/github/cmark-gfm/commit/9d57d8a23">https://github.com/github/cmark-gfm/commit/9d57d8a23</a>...</li> <li><a href="`7aaeb37e97`"><code>7aaeb37</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/issues/188">#188</a> from stevenlaidlaw/update-to-0290gfm5</li> <li><a href="`795e628a40`"><code>795e628</code></a> Update cmark-upstream to <a href="https://github.com/github/cmark-gfm/commit/0578e1e4f">https://github.com/github/cmark-gfm/commit/0578e1e4f</a>...</li> <li><a href="`39d19d6530`"><code>39d19d6</code></a> Update cmark-upstream to <a href="https://github.com/github/cmark-gfm/commit/766f161ef">https://github.com/github/cmark-gfm/commit/766f161ef</a>...</li> <li><a href="`63b7bf89ee`"><code>63b7bf8</code></a> Update FUNDING.yml</li> <li>See full diff in <a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.5...v0.23.6">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=commonmarker&package-manager=bundler&previous-version=0.23.5&new-version=0.23.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/google/oss-fuzz/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-09-22 10:45:09 -04:00
jonathanmetzman	3f31d55731	Update docs gems (#8115 )	2022-08-02 10:44:36 +10:00
dependabot[bot]	f014b858d9	build(deps): bump tzinfo from 1.2.9 to 1.2.10 in /docs (#8053 ) Bumps [tzinfo](https://github.com/tzinfo/tzinfo) from 1.2.9 to 1.2.10. - [Release notes](https://github.com/tzinfo/tzinfo/releases) - [Changelog](https://github.com/tzinfo/tzinfo/blob/master/CHANGES.md) - [Commits](https://github.com/tzinfo/tzinfo/compare/v1.2.9...v1.2.10) --- updated-dependencies: - dependency-name: tzinfo dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-07-22 10:10:27 -04:00
dependabot[bot]	018fb0da9b	build(deps): bump nokogiri from 1.13.4 to 1.13.6 in /docs (#7719 ) Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.4 to 1.13.6. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.13.4...v1.13.6) --- updated-dependencies: - dependency-name: nokogiri dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-06-10 13:15:21 -04:00
dependabot[bot]	5398f4253d	build(deps): bump nokogiri from 1.13.3 to 1.13.4 in /docs (#7555 ) Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.3 to 1.13.4. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/v1.13.4/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.13.3...v1.13.4) --- updated-dependencies: - dependency-name: nokogiri dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-04-12 10:20:59 -04:00
dependabot[bot]	f13e294933	Bump nokogiri from 1.12.5 to 1.13.3 in /docs (#7334 ) Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.12.5 to 1.13.3. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.12.5...v1.13.3) --- updated-dependencies: - dependency-name: nokogiri dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-02-27 11:39:44 -05:00
dependabot[bot]	b3577655f2	build(deps): bump nokogiri from 1.12.2 to 1.12.5 in /docs (#6535 ) Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.12.2 to 1.12.5. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.12.2...v1.12.5) --- updated-dependencies: - dependency-name: nokogiri dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-09-28 17:14:20 +10:00
jonathanmetzman	80160735b6	Reinstall jekyll deps to update kramdown version in Gemfile.lock (#6168 )	2021-08-04 20:51:07 -07:00
dependabot[bot]	cf39156080	Bump addressable from 2.7.0 to 2.8.0 in /docs (#6031 ) Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.7.0 to 2.8.0. - [Release notes](https://github.com/sporkmonger/addressable/releases) - [Changelog](https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md) - [Commits](https://github.com/sporkmonger/addressable/compare/addressable-2.7.0...addressable-2.8.0) --- updated-dependencies: - dependency-name: addressable dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-07-13 08:09:18 -07:00
dependabot[bot]	6f24755983	Bump nokogiri from 1.11.1 to 1.11.5 in /docs (#5806 ) Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.11.1 to 1.11.5. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.11.1...v1.11.5) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-05-20 13:17:00 -07:00
dependabot[bot]	98f5a82bdb	Bump rexml from 3.2.4 to 3.2.5 in /docs (#5696 ) Bumps [rexml](https://github.com/ruby/rexml) from 3.2.4 to 3.2.5. - [Release notes](https://github.com/ruby/rexml/releases) - [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md) - [Commits](https://github.com/ruby/rexml/compare/v3.2.4...v3.2.5) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-05-02 15:55:39 -07:00
Abhishek Arya	e3b3ba3db2	Upgrade docs. (#4966 )	2021-01-14 10:13:22 -08:00
Abhishek Arya	08254b99c4	Update docs, add python support. (#4878 )	2020-12-21 13:43:26 -08:00
Abhishek Arya	518eec903e	Upgrade docs rubygems. (#4165 )	2020-07-20 08:00:45 -07:00
Max Moroz	bc2ae2ba51	[docs] Add FAQ entry regarding forked repos + bump the bundler version. (#4078 ) * [docs] Add FAQ entry regarding forked repos + bump the bundler version. * format	2020-07-07 09:22:05 -07:00
dependabot[bot]	d52152df97	Bump nokogiri from 1.10.4 to 1.10.8 in /docs (#3430 ) Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.4 to 1.10.8. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.10.4...v1.10.8) Signed-off-by: dependabot[bot] <support@github.com>	2020-02-26 11:51:08 +11:00
Abhishek Arya	b6643c7c5f	Update ruby gems for docs. (#2749 )	2019-08-22 10:50:17 -07:00
Abhishek Arya	d58c419177	Add jekyll generator for docs. (#2660 ) * Add jekyll generator for docs. * Add content for index.md	2019-08-06 13:29:19 -07:00

31 Commits