Bump nokogiri from 1.8.5 to 1.9.0

[dependabot-preview]

Bumps nokogiri from 1.8.5 to 1.9.0.

Release notes

Sourced from nokogiri's releases.

1.9.0 / 2018-12-17

Security Notes

• [JRuby] Upgrade Xerces dependency from 2.11.0 to 2.12.0 to address upstream vulnerability CVE-2012-0881 [Upgrade actionpack to version 5.0.2 #1831] (Thanks grajagandev for reporting.)

Notable non-functional changes

• Decrease installation size by removing many unneeded files (e.g., /test) from the packaged gems. [R.I.P. CURRENT_YEAR #1719] (Thanks, stevecrozz!)

Features

• XML::Attr#value= allows HTML node attribute values to be set to either a blank string or an empty boolean attribute. [Upgrade http to version 2.2.0 #1800]
• Introduce XML::Node#wrap which does what XML::NodeSet#wrap has always done, but for a single node. [Upgrade ethon to version 0.9.1 #1531] (Thanks, ethirajsrinivasan!)
• [MRI] Improve installation experience on macOS High Sierra (Darwin). [Upgrade hashie to version 3.5.2 #1812, Upgrade hashie to version 3.5.3 #1813] (Thanks, gpakosz and nurse!)
• [MRI] Node#dup supports copying a node directly to a new document. See the method documentation for details.
• [MRI] DocumentFragment#dup is now more memory-efficient, avoiding making unnecessary copies. [Dead link in events section #1063]
• [JRuby] NodeSet has been rewritten to improve performance! [Upgrade i18n-tasks to version 0.9.10 #1795]

Bug fixes

• NodeSet#each now returns self instead of zero. [Upgrade puma to version 3.7.1 #1822] (Thanks, olehif!)
• [MRI] Address a memory leak when using XML::Builder to create nodes with namespaces. [Upgrade bugsnag to version 5.2.0 #1810]
• [MRI] Address a memory leak when unparenting a DTD. [Upgrade poltergeist to version 1.13.0 #1784] (Thanks, stevecheckoway!)
• [MRI] Decrease large memory usage when making nested XPath queries. [Upgrade rainbow to version 2.2.0 #1749]
• [MRI] Use RbConfig::CONFIG instead of ::MAKEFILE_CONFIG to fix installations that use Makefile macros. [Upgrade omniauth to version 1.6.1 #1820] (Thanks, nobu!)
• [JRuby] Fix failing tests on JRuby 9.2.x
• [JRuby] Fix default namespaces in nodes reparented into a different document [Upgrade kaminari-actionview to version 1.0.1 #1774]
• [JRuby] Fix support for Java 9. [Upgrade nokogiri to version 1.7.0.1 #1759] (Thanks, Taywee!)

Dependencies

• [MRI] Upgrade mini_portile2 dependency from ~> 2.3.0 to ~> 2.4.0

1.9.0.rc1 / 2018-12-10

Security Notes

• [JRuby] Upgrade Xerces dependency from 2.11.0 to 2.12.0 to address upstream vulnerability CVE-2012-0881 [Upgrade actionpack to version 5.0.2 #1831] (Thanks grajagandev for reporting.)

Features

• XML::Attr#value= allows HTML node attribute values to be set to either a blank string or an empty boolean attribute. [Upgrade http to version 2.2.0 #1800]

... (truncated)

Changelog

Sourced from nokogiri's changelog.

1.9.0 / 2018-12-17

Security Notes

• [JRuby] Upgrade Xerces dependency from 2.11.0 to 2.12.0 to address upstream vulnerability CVE-2012-0881 [Upgrade actionpack to version 5.0.2 #1831] (Thanks grajagandev for reporting.)

Notable non-functional changes

• Decrease installation size by removing many unneeded files (e.g., /test) from the packaged gems. [R.I.P. CURRENT_YEAR #1719] (Thanks, stevecrozz!)

Features

• XML::Attr#value= allows HTML node attribute values to be set to either a blank string or an empty boolean attribute. [Upgrade http to version 2.2.0 #1800]
• Introduce XML::Node#wrap which does what XML::NodeSet#wrap has always done, but for a single node. [Upgrade ethon to version 0.9.1 #1531] (Thanks, ethirajsrinivasan!)
• [MRI] Improve installation experience on macOS High Sierra (Darwin). [Upgrade hashie to version 3.5.2 #1812, Upgrade hashie to version 3.5.3 #1813] (Thanks, gpakosz and nurse!)
• [MRI] Node#dup supports copying a node directly to a new document. See the method documentation for details.
• [MRI] DocumentFragment#dup is now more memory-efficient, avoiding making unnecessary copies. [Dead link in events section #1063]
• [JRuby] NodeSet has been rewritten to improve performance! [Upgrade i18n-tasks to version 0.9.10 #1795]

Bug fixes

• NodeSet#each now returns self instead of zero. [Upgrade puma to version 3.7.1 #1822] (Thanks, olehif!)
• [MRI] Address a memory leak when using XML::Builder to create nodes with namespaces. [Upgrade bugsnag to version 5.2.0 #1810]
• [MRI] Address a memory leak when unparenting a DTD. [Upgrade poltergeist to version 1.13.0 #1784] (Thanks, stevecheckoway!)
• [MRI] Decrease large memory usage when making nested XPath queries. [Upgrade rainbow to version 2.2.0 #1749]
• [MRI] Use RbConfig::CONFIG instead of ::MAKEFILE_CONFIG to fix installations that use Makefile macros. [Upgrade omniauth to version 1.6.1 #1820] (Thanks, nobu!)
• [JRuby] Fix failing tests on JRuby 9.2.x
• [JRuby] Fix default namespaces in nodes reparented into a different document [Upgrade kaminari-actionview to version 1.0.1 #1774]
• [JRuby] Fix support for Java 9. [Upgrade nokogiri to version 1.7.0.1 #1759] (Thanks, Taywee!)

Dependencies

• [MRI] Upgrade mini_portile2 dependency from ~> 2.3.0 to ~> 2.4.0

Commits

• fff550c version bump to v1.9.0
• 8d9a65b Merge branch '1719-stevecrozz-decrease-gem-size'
• dd19ddd update CHANGELOG
• 985b9fc add .hoerc containing excludes
• b61b34c Make builds minimal
• 9bb0226 remove hacks preventing jruby from using racc and rexical
• dfb25f3 make build_all more robust
• d4c546d version bump to v1.9.0.rc1
• e2a4f6b Merge pull request #1834 from sparklemotion/1063-flavorjones-dup-document-fra...
• ed6afeb update CHANGELOG for #1820
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.