Bump the bundler group across 1 directory with 19 updates

[dependabot]

Bumps the bundler group with 5 updates in the / directory:

Package	From	To
devise	4.2.0	4.9.4
rubocop	0.40.0	0.49.0
actionpack	4.2.6	4.2.11.3
rmagick	2.15.4	2.16.0
yard	0.8.7.6	0.9.36

Updates devise from 4.2.0 to 4.9.4

Release notes

Sourced from devise's releases.

v4.9.4

https://github.com/heartcombo/devise/blob/v4.9.4/CHANGELOG.md#494---2024-04-10

v4.9.3

https://github.com/heartcombo/devise/blob/v4.9.3/CHANGELOG.md#493---2023-10-11

v4.9.2

https://github.com/heartcombo/devise/blob/v4.9.2/CHANGELOG.md#unreleased

v4.9.1

https://github.com/heartcombo/devise/blob/v4.9.1/CHANGELOG.md#491---2023-03-31

v4.9.0

https://github.com/heartcombo/devise/blob/v4.9.0/CHANGELOG.md#490---2023-02-17

v4.8.1

No release notes provided.

v4.8.0

No release notes provided.

v4.7.1

No release notes provided.

v4.7.0

No release notes provided.

v4.6.2

No release notes provided.

v4.6.1

No release notes provided.

v4.6.0

No release notes provided.

v4.5.0

No release notes provided.

v4.4.3

No release notes provided.

v4.4.2

No release notes provided.

v4.4.1

No release notes provided.

v4.4.0

No release notes provided.

Commits

• d5a48b4 Release v4.9.4
• bab47e1 Adds Ruby 3.3 to CI on 4-stable
• cee7457 Bump year [ci skip]
• 95ed7d3 Merge pull request #5641 from henryaj/patch-1
• edffc79 Respect locale set by controller in the failure app (#5567)
• 1d66580 Release v4.9.3
• dcbfb32 Merge pull request #5640 from nmaggioni/nm_config_template_typo
• c146b25 Better clarify need to override internal_methods
• 9a08620 Update changelog with Rails 7.1 mention [ci skip]
• 407f223 Fix test warning about deprecated cache format in Rails 7.1
• Additional commits viewable in compare view

Updates rubocop from 0.40.0 to 0.49.0

Release notes

Sourced from rubocop's releases.

RuboCop 1.28 (a.k.a. The 10th Anniversary Edition)

New features

• #10551: Add AllowComments option to Style/RedundantInitialize is true by default. (@​koic)
• #10552: Support autocorrection for Style/RedundantInitialize. (@​koic)
• #10441: Add Security/CompoundHash Cop. (@​sambostock, @​chrisseaton)
• #10521: Add use_builtin_english_names style to Style/SpecialGlobalVars. (@​splattael)
• #10522: Add new Style/ObjectThen cop. (@​ydah)
• #10502: Add new Style/FetchEnvVar cop. (@​johnny-miyake)
• #10544: Support auto-correction for Lint/DuplicateRequire. (@​koic)
• #10481: Add command line options --display-only-correctable and --display-only-safe-correctable. (@​nobuyo)

Bug fixes

• #10528: Fix an infinite loop at autocorrect for Layout/CaseIndentation. (@​ydah)
• #10537: Fix an incorrect auto-correct for Style/MultilineTernaryOperator when returning a multiline ternary operator expression with break, next, or method call. (@​koic)
• #10529: Fix autocorrect for Style/SoleNestedConditional causes logical error when using a outer condition of method call by omitting parentheses for method arguments. (@​nobuyo)
• #10530: Fix a false positive for Style/RedundantRegexpCharacterClass when using regexp character class with a character class containing multiple unicode code-points. (@​koic)
• #10518: Fix a false positive for Style/DoubleNegation when inside returned conditional clauses with Ruby 2.7's pattern matching. (@​koic)
• #10510: Fix an error for Style/SingleArgumentDig when using multiple dig in a method chain. (@​koic)
• #10553: Fix crash with trailing tabs in heredocs for Layout/TrailingWhitespace. (@​dvandersluis)
• #10488: Fix autocorrection for Layout/MultilineMethodCallIndentation breaks indentation for nesting of method calls. (@​nobuyo)
• #10543: Fix incorrect code length calculation for few more patterns of hash folding asked. (@​nobuyo)
• #10541: Fix an incorrect autocorrect for Style/SpecialGlobalVars when global variable as Perl name is used multiple times. (@​koic)
• #10514: Fix an error for Lint/EmptyConditionalBody when missing second elsif body. (@​koic)
• #10469: Fix code length calculation when kwargs written in single line. (@​nobuyo)

Changes

• #10555: Deprecate IgnoredPatterns in favour of AllowedPatterns. (@​dvandersluis)
• #10356: Add AllowConsecutiveConditionals option to Style/GuardClause and the option is false by default. (@​ydah)
• #10524: Mark Style/RedundantInitialize as unsafe. (@​koic)
• #10280: Add AllowComments option to Style/SymbolProc and the option is false by default. (@​ydah)

Changelog

Sourced from rubocop's changelog.

0.49.0 (2017-05-24)

New features

• #117: Add --parallel option for running RuboCop in multiple processes or threads. ([@​jonas054][])
• Add auto-correct support to Style/MixinGrouping. ([@​rrosenblum][])
• #4236: Add new Rails/ApplicationJob and Rails/ApplicationRecord cops. ([@​tjwp][])
• #4078: Add new Performance/Caller cop. ([@​alpaca-tc][])
• #4314: Check slow hash accessing in Array#sort by Performance/CompareWithBlock. ([@​pocke][])
• #3438: Add new Style/FormatStringToken cop. ([@​backus][])
• #4342: Add new Lint/ScriptPermission cop. ([@​yhirano55][])
• #4145: Add new Style/YodaCondition cop. ([@​smakagon][])
• #4403: Add public API Cop.autocorrect_incompatible_with for specifying other cops that should not auto-correct together. ([@​backus][])
• #4354: Add auto-correct to Style/FormatString. ([@​hoshinotsuyoshi][])
• #4021: Add new Style/MultipleComparison cop. ([@​dabroz][])
• New Lint/RescueType cop. ([@​rrosenblum][])
• #4328: Add --ignore-parent-exclusion flag to ignore AllCops/Exclude inheritance. ([@​nelsonjr][])

Changes

• #4262: Add new MinSize configuration to Style/SymbolArray, consistent with the same configuration in Style/WordArray. ([@​scottmatthewman][])
• #3400: Remove auto-correct support from Lint/Debugger. ([@​ilansh][])
• #4278: Move all cops dealing with whitespace into a new department called Layout. ([@​jonas054][])
• #4320: Update Rails/OutputSafety to disallow wrapping raw or html_safe with safe_join. ([@​klesse413][])
• #4336: Store rubocop_cache in safer directories. ([@​jonas054][])
• #4361: Use relative path for offense message in Lint/DuplicateMethods. ([@​pocke][])
• #4385: Include .jb file by default. ([@​pocke][])

Bug fixes

• #4265: Require a space before first argument of a method call in Style/SpaceBeforeFirstArg cop. ([@​cjlarose][])
• #4237: Fix false positive in Lint/AmbiguousBlockAssociation cop for lambdas. ([@​smakagon][])
• #4242: Add Capfile to the list of known Ruby filenames. ([@​bbatsov][])
• #4240: Handle ||= in Rails/RelativeDateConstant. ([@​bbatsov][])
• #4241: Prevent Rails/Blank and Rails/Present from breaking when there is no explicit receiver. ([@​rrosenblum][])
• #4249: Handle multiple assignment in Rails/RelativeDateConstant. ([@​bbatsov][])
• #4250: Improve a bit the Ruby code detection config. ([@​bbatsov][])
• #4283: Fix Style/EmptyCaseCondition auto-correct bug - when first when branch includes comma-delimited alternatives. ([@​ilansh][])
• #4268: Handle end-of-line comments when auto-correcting Style/EmptyLinesAroundAccessModifier. ([@​vergenzt][])
• #4275: Prevent Style/MethodCallWithArgsParentheses from blowing up on yield. ([@​drenmi][])
• #3969: Handle multiline method call alignment for arguments to methods. ([@​jonas054][])
• #4304: Allow enabling whole departments when DisabledByDefault is true. ([@​jonas054][])
• #4264: Prevent Rails/SaveBang from blowing up when using the assigned variable in a hash. ([@​drenmi][])
• #4310: Treat paths containing invalid byte sequences as non-matches. ([@​mclark][])
• #4063: Fix Rails/ReversibleMigration misdetection. ([@​gprado][])
• #4339: Fix false positive in Security/Eval cop for multiline string literal. ([@​pocke][])
• #4339: Fix false negative in Security/Eval cop for Binding#eval. ([@​pocke][])
• #4327: Prevent Layout/SpaceInsidePercentLiteralDelimiters from registering offenses on execute-strings. ([@​drenmi][])
• #4371: Prevent Style/MethodName from complaining about unary operator definitions. ([@​drenmi][])
• #4366: Prevent Performance/RedundantMerge from blowing up on double splat arguments. ([@​drenmi][])

... (truncated)

Commits

• 66b305f Release 0.49.0
• fd0a681 Bump the RSpec dep to 3.6
• f109b61 [Fix #4393] Prevent InverseMethods from registering an offense when double ne...
• fc85af0 Fix a couple of changelog entries
• e46cc2e [Fix #4260] Do not register an offense for FileUtils.touch (#4410)
• fdc6786 Add new cop Lint/RescueType (#4358)
• e929147 Freeze constant in Style/YodaCondition cop
• 9fea6d3 Add new Style/MultipleComparison cop (#4021)
• 90e4899 Clean-up and improve a bit Style/YodaCondition
• f3ef983 [Fix #4145] Add a new cop checking for Yoda conditions (#4174)
• Additional commits viewable in compare view

Updates actionpack from 4.2.6 to 4.2.11.3

Release notes

Sourced from actionpack's releases.

4.2.11.3

Action Mailer

• No changes.

Action Pack

• No changes.

Action View

• Backport a missing commit for [CVE-2020-8163]

Active Job

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Active Support

• No changes.

Railties

• No changes.

4.2.11.2

Action Mailer

... (truncated)

Commits

• 3231120 prepping for release
• b9e5577 Preparing for 4.2.11.2 release
• 9855d05 Bumping version for release
• e06a1e0 Prep release
• 58ed245 Only accept formats from registered mime types
• 474b739 Preparing for 4.2.11 release
• 3acf0de assert that nil parameters round trip
• 6b9a1ac Update changelog headers for Rails 4.2.10
• b62714d Preparing for 4.2.10 release
• 84e0a23 Update CHANGELOGS for Rails 4.2.10.rc1
• Additional commits viewable in compare view

Updates actionview from 4.2.6 to 4.2.11.3

Release notes

Sourced from actionview's releases.

4.2.11.3

Action Mailer

• No changes.

Action Pack

• No changes.

Action View

• Backport a missing commit for [CVE-2020-8163]

Active Job

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Active Support

• No changes.

Railties

• No changes.

4.2.11.2

Action Mailer

... (truncated)

Commits

• 3231120 prepping for release
• b9e5577 Preparing for 4.2.11.2 release
• 9855d05 Bumping version for release
• 4c46a15 Restrict which local names can be eval'd
• e06a1e0 Prep release
• 474b739 Preparing for 4.2.11 release
• 718d739 Fix test_should_sanitize_illegal_style_properties failure
• 6b9a1ac Update changelog headers for Rails 4.2.10
• b62714d Preparing for 4.2.10 release
• 84e0a23 Update CHANGELOGS for Rails 4.2.10.rc1
• Additional commits viewable in compare view

Updates activejob from 4.2.6 to 4.2.11.3

Release notes

Sourced from activejob's releases.

4.2.11.3

Action Mailer

• No changes.

Action Pack

• No changes.

Action View

• Backport a missing commit for [CVE-2020-8163]

Active Job

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Active Support

• No changes.

Railties

• No changes.

4.2.11.2

Action Mailer

... (truncated)

Commits

• 3231120 prepping for release
• b9e5577 Preparing for 4.2.11.2 release
• 9855d05 Bumping version for release
• e06a1e0 Prep release
• 474b739 Preparing for 4.2.11 release
• 0cada53 Do not deserialize GlobalID objects that were not generated by Active Job
• 6b9a1ac Update changelog headers for Rails 4.2.10
• b62714d Preparing for 4.2.10 release
• 84e0a23 Update CHANGELOGS for Rails 4.2.10.rc1
• bd6ccff Preparing for 4.2.10.rc1 release
• Additional commits viewable in compare view

Updates activerecord from 4.2.6 to 4.2.11.3

Release notes

Sourced from activerecord's releases.

4.2.11.3

Action Mailer

• No changes.

Action Pack

• No changes.

Action View

• Backport a missing commit for [CVE-2020-8163]

Active Job

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Active Support

• No changes.

Railties

• No changes.

4.2.11.2

Action Mailer

... (truncated)

Commits

• 3231120 prepping for release
• b9e5577 Preparing for 4.2.11.2 release
• 9855d05 Bumping version for release
• e06a1e0 Prep release
• 474b739 Preparing for 4.2.11 release
• 6f94f4b Support mysql2 0.4.x and 0.5.x
• 6b9a1ac Update changelog headers for Rails 4.2.10
• b62714d Preparing for 4.2.10 release
• 84e0a23 Update CHANGELOGS for Rails 4.2.10.rc1
• bd6ccff Preparing for 4.2.10.rc1 release
• Additional commits viewable in compare view

Updates activesupport from 4.2.6 to 4.2.11.3

Release notes

Sourced from activesupport's releases.

4.2.11.3

Action Mailer

• No changes.

Action Pack

• No changes.

Action View

• Backport a missing commit for [CVE-2020-8163]

Active Job

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Active Support

• No changes.

Railties

• No changes.

4.2.11.2

Action Mailer

... (truncated)

Commits

• 3231120 prepping for release
• 1f3db0a Merge pull request #39302 from dustym/add-delegation_reserved_method_names
• b9e5577 Preparing for 4.2.11.2 release
• 9855d05 Bumping version for release
• e06a1e0 Prep release
• 474b739 Preparing for 4.2.11 release
• 759d41d Backport fix for Dir::Tmpname.create from #32386
• 7fe69ea Add missing require for remove_possible_method
• 6b9a1ac Update changelog headers for Rails 4.2.10
• b62714d Preparing for 4.2.10 release
• Additional commits viewable in compare view

Updates globalid from 0.3.6 to 0.4.2

Release notes

Sourced from globalid's releases.

v0.4.2

• Allow configuration in initialisers rails/globalid@3c8f909

• Clear to_global_id memoization on dup rails/globalid#109

• Adds hash equality rails/globalid#108

Commits: rails/globalid@v0.4.1...v0.4.2

0.4.1

• Fix occasional error while trying to deserialize arguments: "uninitialized constant GlobalID::Locator"

  Yuji Yaginuma (#102)

v0.4.0

• Generate URL-safe SGIDs by default.

  Goerge Claghorn (#98)

• Bump Rails support to 4.2 and above.

  #98 required the ActiveSupport::MessageVerifier from Active Support 4.2 to work.

  Kasper Timm Hansen

v0.3.7

• Verify instances of SignedGlobalID when locating them.

  y-yagi

Commits

• c98b809 Ignore pkg directory for releasing.
• ae7d97b Release 0.4.2
• c76b027 Test against latest Rubies
• 6fae2d6 Merge pull request #113 from y-yagi/test_against_rails_52
• b4139ef Specify Rails env in a test of secret_key_base is not present
• e3cf5cd Use secret_key_base instead of deprecated secret_token
• 16f47ac Test against Rails 5.2
• 3c8f909 Allow configuration in initializers
• d2a0ece Fix typo
• 288ac24 Merge pull request #108 from fattymiller/uniq-equality
• Additional commits viewable in compare view

Updates i18n from 0.7.0 to 0.9.5

Release notes

Sourced from i18n's releases.

v0.9.5

• #404 reported a regression in 0.9.3, which wasn't fixed by 0.9.4. #408 fixes this issue.

Thanks @​wjordan!

v0.9.4

• Fixed a regression with chained backends introduced in v0.9.3 (#402) - #405 - bug report / #407 - PR to fix
• Optimize Backend::Simple#available_locales - reports are that this is now 4x faster than previously - #406

v0.9.3

(For those wondering where v0.9.2 went: I got busy after I pushed the commit for the release, so there was no gem release that day. I am not busy today, so here is v0.9.3 in its stead. This changelog contains changes from v0.9.1 -> v0.9.3)

• I18n no longer stores translations for unavailable locales. #391.
• Added the ability to interpolate with arrays #395.
• Documentation for lambda has been corrected. #396
• I18n will use oj -- a faster JSON library -- but only if it is available. #398
• Fixed an issue with translate and default: [false] as an option. #399
• Fixed an issue with translate with nil and empty keys. #400
• Fix issue with disabled subtrees and pluralization for KeyValue backend #402

Thank you to @​stereobooster, @​fatkodima and @​lulalala for the patches that went towards this release. We appreciate your efforts!

v0.9.1

• Reverted Hash#slice behaviour introduced with #250 - See #390.
• Fixed a regression caused by #387, where translations may have returned a not-helpful error message - See #389

v0.9.0

• Made Backend::Memoize threadsafe. See #51 and #352.
• Added a middleware I18n::Middleware that should be used to ensure that i18n config is reset correctly between requests. See #381 and #382.

v0.8.6

Fixed a small regression introduced in v0.8.5 when using fallbacks - See #378

v0.8.5

• Improved error message for MissingPluralizationKey error - See #371
• Fixed a thread issue when calling translate when fallbacks were enabled - See #369

v0.8.4

Reverted #236 - "Don't allow nil to be submitted as a key to I18n.translate" - See #370

v0.8.3

I18n::Gettext#plural_keys will now return a hash from Gettext if no arguments are provided - svenfuchs/i18n#122 Fixed a bug where passing false to translate would not translate that value - svenfuchs/i18n#367

v0.8.2

Do not allow nil to be passed to translate - svenfuchs/i18n#236

... (truncated)

Commits

• 416859a Bump to 0.9.5
• 5c28de8 Lock Rake to 12.2.x versions
• 29fe565 Merge pull request #408 from wjordan/enforce_available_locales_false_fix
• 596a71d store translations for unavailable locales if enforce_available_locales is false
• 888abcb Bump to 0.9.4
• ba8b206 Merge pull request #407 from fatkodima/fix-key-value-subtrees
• 9ddc9f5 Merge pull request #406 from jhawthorn/optimize_available_locales
• 77c26aa Fix Chained backend with KeyValue
• 7eb3576 Optimize Backend::Simple#available_locales
• 7c6ccf4 Bump to 0.9.3
• Additional commits viewable in compare view

Updates json from 1.8.3 to 1.8.6

Release notes

Sourced from json's releases.

v1.8.6

Full Changelog: flori/json@v1.8.5...v1.8.6

v1.8.5

Full Changelog: flori/json@v1.8.3...v1.8.5

Changelog

Sourced from json's changelog.

2017-01-13 (1.8.6)

• Be compatible with ancient ruby 1.8 (maybe?)

2015-09-11 (1.8.5)

• Be compatible with ruby 2.4.0
• There were still some mentions of dual GPL licensing in the source, but JSON has just the Ruby license that itself includes an explicit dual-licensing clause that allows covered software to be distributed under the terms of the Simplified BSD License instead for all ruby versions >= 1.9.3. This is however a GPL compatible license according to the Free Software Foundation. I changed these mentions to be consistent with the Ruby license setting in the gemspec files which were already correct now.

Commits

• 7f4cfd8 Try to be compatible with ruby 1.8
• 4cf6c62 Update gemspecs
• 48c5e99 Stop testing on 1.8, it might work though
• 5d46fb9 Travis don't know how to build these rubies
• 7f05140 Fix conversion crash on 1.9
• 2bcacc1 Require ruby version 2.0 or better
• f8e2aa6 Reduce supported ruby versions
• b4eeed1 Test newer rubies
• c7a6e31 Use 2.3.1 for testing
• 953f474 Merge RUBY_INTEGER_UNIFICATION changes
• Additional commits viewable in compare view

Updates loofah from 2.0.3 to 2.21.1

Release notes

Sourced from loofah's releases.

2.21.1 / 2023-05-10

Fixed

• Don't define HTML5::Document and HTML5::DocumentFragment when Nokogiri is < 1.14. In 2.21.0 these classes were defined whenever Nokogiri::HTML5 was defined, but Nokogiri v1.12 and v1.13 do not support Loofah subclassing properly.

2.21.0 / 2023-05-10

HTML5 Support

Classes Loofah::HTML5::Document and Loofah::HTML5::DocumentFragment are introduced, along with helper methods:

• Loofah.html5_document
• Loofah.html5_fragment
• Loofah.scrub_html5_document
• Loofah.scrub_html5_fragment

These classes and methods use Nokogiri's HTML5 parser to ensure modern web standards are used.

⚠ HTML5 functionality is only available with Nokogiri v1.14.0 and higher.

⚠ HTML5 functionality is not available for JRuby. Please see this upstream Nokogiri issue if you're interested in helping implement and support HTML5 support.

Loofah::HTML4 module and namespace

Loofah::HTML has been renamed to Loofah::HTML4, and Loofah::HTML is aliased to preserve backwards-compatibility. Nokogiri::HTML and Nokogiri::HTML4 parse methods still use libxml2's (or NekoHTML's) HTML4 parser.

Take special note that if you rely on the class name of an object in your code, objects will now report a class of Loofah::HTML4::Foo where they previously reported Loofah::HTML::Foo. Instead of relying on the string returned by Object#class, prefer Class#=== or Object#is_a? or Object#instance_of?.

Future releases of Nokogiri may deprecate HTML classes and methods or otherwise change this behavior, so please start using HTML4 in place of HTML.

Official support for JRuby

This version introduces official support for JRuby. Previously, the test suite had never been green due to differences in behavior in the underlying HTML parser used by Nokogiri. We've updated the test suite to accommodate those differences, and have added JRuby to the CI suite.

2.21.0.rc1 / 2023-04-02

HTML5 Support

Classes Loofah::HTML5::Document and Loofah::HTML5::DocumentFragment are introduced, along with helper methods:

• Loofah.html5_document
• Loofah.html5_fragment
• Loofah.scrub_html5_document
• Loofah.scrub_html5_fragment

... (truncated)

Changelog

Sourced from loofah's changelog.

2.21.1 / 2023-05-10

Fixed

• Don't define HTML5::Document and HTML5::DocumentFragment when Nokogiri is < 1.14. In 2.21.0 these classes were defined whenever Nokogiri::HTML5 was defined, but Nokogiri v1.12 and v1.13 do not support Loofah subclassing properly.

2.21.0 / 2023-05-10

HTML5 Support

Classes Loofah::HTML5::Document and Loofah::HTML5::DocumentFragment are introduced, along with helper methods:

• Loofah.html5_document
• Loofah.html5_fragment
• Loofah.scrub_html5_document
• Loofah.scrub_html5_fragment

These classes and methods use Nokogiri's HTML5 parser to ensure modern web standards are used.

⚠ HTML5 functionality is only available with Nokogiri v1.14.0 and higher.

⚠ HTML5 functionality is not available for JRuby. Please see this upstream Nokogiri issue if you're interested in helping implement and support HTML5 support.

Loofah::HTML4 module and namespace

Loofah::HTML has been renamed to Loofah::HTML4, and Loofah::HTML is aliased to preserve backwards-compatibility. Nokogiri::HTML and Nokogiri::HTML4 parse methods still use libxml2's (or NekoHTML's) HTML4 parser.

Take special note that if you rely on the class name of an object in your code, objects will now report a class of Loofah::HTML4::Foo where they previously reported Loofah::HTML::Foo. Instead of relying on the string returned by Object#class, prefer Class#=== or Object#is_a? or Object#instance_of?.

Future releases of Nokogiri may deprecate HTML classes and methods or otherwise change this behavior, so please start using HTML4 in place of HTML.

Official support for JRuby

This version introduces official support for JRuby. Previously, the test suite had never been green due to differences in behavior in the underlying HTML parser used by Nokogiri. We've updated the test suite to accommodate those differences, and have added JRuby to the CI suite.

2.20.0 / 2023-04-01

Features

• Allow SVG attributes color-profile, cursor, filter, marker, and mask. [#246]
• Allow SVG elements altGlyph, cursor, feImage, pattern, and tref. [#246]
• Allow protocols fax and modem. [#255] (Thanks, @​cjba7!)

2.19.1 / 2022-12-13

... (truncated)

Commits

• bb6653d version bump to v2.21.1
• f874431 Merge pull request #265 from flavorjones/flavorjones-test-with-old-nokogiri
• d2744d4 doc: better exception when HTML5 functionality isn't supported
• 730c135 fix: don't define HTML5 doc and frag classes when not supported
• a9b51f4 version bump to v2.21.0
• 5f7efdb Merge pull request #264 from flavorjones/flavorjones-support-libxml-2.10.4
• d7efe5e test: support libxml 2.10.4 behavior around namespaces
• 4e55b64 Merge pull request #263 from flavorjones/flavorjones-rubocop-packaging
• baf13d5 dep(style): rubocop-packaging
• 4b1f3f3 version bump to v2.21.0.rc1
• Additional commits viewable in compare view

Updates nokogiri from 1.6.8 to 1.9.1

Release notes

Sourced from nokogiri's releases.

1.9.1 / 2018-12-17

Bug fixes

• Fix a bug introduced in v1.9.0 where XML::DocumentFragment#dup no longer returned an instance of the callee's class, instead always returning an XML::DocumentFragment. This notably broke any subclass of XML::DocumentFragment including HTML::DocumentFragment as well as the Loofah gem's Loofah::HTML::DocumentFragment. #1846

1.9.0 / 2018-12-17

Security Notes

• [JRuby] Upgrade Xerces dependency from 2.11.0 to 2.12.0 to address upstream vulnerability CVE-2012-0881 #1831 (Thanks @​grajagandev for reporting.)

Notable non-functional changes

• Decrease installation size by removing many unneeded files (e.g., /test) from the packaged gems. #1719 (Thanks, @​stevecrozz!)

Features

• XML::Attr#value= allows HTML node attribute values to be set to either a blank string or an empty boolean attribute. #1800
• Introduce XML::Node#wrap which does what XML::NodeSet#wrap has always done, but for a single node. #1531 (Thanks, @​ethirajsrinivasan!)
• [MRI] Improve installation experience on macOS High Sierra (Darwin). [#1812, #1813] (Thanks, @​gpakosz and @​nurse!)
• [MRI] Node#dup supports copying a node directly to a new document. See the method documentation for details.
• [MRI] DocumentFragment#dup is now more memory-efficient, avoiding making unnecessary copies. #1063
• [JRuby] NodeSet has been rewritten to improve performance! #1795

Bug fixes

• NodeSet#each now returns self instead of zero. #1822 (Thanks, @​olehif!)
• [MRI] Address a memory leak when using XML::Builder to create nodes with namespaces. #1810
• [MRI] Address a memory leak when unparenting a DTD. #1784 (Thanks, @​stevecheckoway!)
• [MRI] Use RbConfig::CONFIG instead of ::MAKEFILE_CONFIG to fix installations that use Makefile macros. #1820 (Thanks, @​nobu!)
• [JRuby] Decrease large memory usage when making nested XPath queries. #1749
• [JRuby] Fix failing tests on JRuby 9.2.x
• [JRuby] Fix default namespaces in nodes reparented into a different document #1774
• [JRuby] Fix support for Java 9. #1759 (Thanks, @​Taywee!)

Dependencies

• [MRI] Upgrade mini_portile2 dependency from ~> 2.3.0 to ~> 2.4.0

1.9.0.rc1 / 2018-12-10

... (truncated)

Changelog

Sourced from nokogiri's changelog.

1.9.1 / 2018-12-17

Fixed

• Fix a bug introduced in v1.9.0 where XML::DocumentFragment#dup no longer returned an instance of the callee's class, instead always returning an XML::DocumentFragment. This notably broke any subclass of XML::DocumentFragment including HTML::DocumentFragment as well as the Loofah gem's Loofah::HTML::DocumentFragment. #1846

1.9.0 / 2018-12-17

Security

• [JRuby] Upgrade Xerces dependency from 2.11.0 to 2.12.0 to address upstream vulnerability CVE-2012-0881 #1831 (Thanks @​grajagandev for reporting.)

Improved

• Decrease installation size by removing many unneeded files (e.g., /test) from the packaged gems. #1719 (@​stevecrozz)

Added

• XML::Attr#value= allows HTML node attribute values to be set to either a blank string or an empty boolean attribute. #1800
• Introduce XML::Node#wrap which does what XML::NodeSet#wrap has always done, but for a single node. #1531 (@​ethirajsrinivasan)
• [MRI] Improve installation experience on macOS High Sierra (Darwin). [#1812, #1813] (@​gpakosz and @​nurse)
• [MRI] Node#dup supports copying a node directly to a new do...

  Description has been truncated