search

Dynamoid / dynamoid

Ruby ORM for Amazon's DynamoDB.
MIT License
582 stars 195 forks source link

Bump rexml from 3.3.1 to 3.3.5 #791

Closed dependabot[bot] closed 3 months ago

dependabot[bot] commented 3 months ago

Bumps rexml from 3.3.1 to 3.3.5.

Release notes

Sourced from rexml's releases.

REXML 3.3.5 - 2024-08-12

Fixes

  • Fixed a bug that REXML::Security.entity_expansion_text_limit check has wrong text size calculation in SAX and pull parsers.
    • GH-193
    • GH-195
    • Reported by Viktor Ivarsson.
    • Patch by NAITOH Jun.

Thanks

  • Viktor Ivarsson

  • NAITOH Jun

REXML 3.3.4 - 2024-08-01

Fixes

  • Fixed a bug that REXML::Security isn't defined when REXML::Parsers::StreamParser is used and rexml/parsers/streamparser is only required.
    • GH-189
    • Patch by takuya kodama.

Thanks

  • takuya kodama

REXML 3.3.3 - 2024-08-01

Improvements

  • Added support for detecting invalid XML that has unsupported content before root element

  • Added support for REXML::Security.entity_expansion_limit= and REXML::Security.entity_expansion_text_limit= in SAX2 and pull parsers

  • Added more tests for invalid XMLs.

... (truncated)

Changelog

Sourced from rexml's changelog.

3.3.5 - 2024-08-12 {#version-3-3-5}

Fixes

  • Fixed a bug that REXML::Security.entity_expansion_text_limit check has wrong text size calculation in SAX and pull parsers.
    • GH-193
    • GH-195
    • Reported by Viktor Ivarsson.
    • Patch by NAITOH Jun.

Thanks

  • Viktor Ivarsson

  • NAITOH Jun

3.3.4 - 2024-08-01 {#version-3-3-4}

Fixes

  • Fixed a bug that REXML::Security isn't defined when REXML::Parsers::StreamParser is used and rexml/parsers/streamparser is only required.
    • GH-189
    • Patch by takuya kodama.

Thanks

  • takuya kodama

3.3.3 - 2024-08-01 {#version-3-3-3}

Improvements

  • Added support for detecting invalid XML that has unsupported content before root element

  • Added support for REXML::Security.entity_expansion_limit= and REXML::Security.entity_expansion_text_limit= in SAX2 and pull parsers

  • Added more tests for invalid XMLs.

... (truncated)

Commits
  • 21d90cb Add 3.3.5 entry
  • 1892770 Fix calculation of Security.entity_expansion_text_limit in SAX/pull parsers (...
  • e3f747f Bump version
  • 911dca4 Add 3.3.4 entry
  • cb21378 Add missing rexml/security require in rexml/parsers/baseparser.rb (#189)
  • d65e27c Bump version
  • e4a067e Add 3.3.3 entry
  • 17ff3e7 test: add a performance test for attribute list declaration
  • be86b3d test: fix wrong test name
  • b93d790 test: use double quote for string literal
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 3 months ago

Superseded by #795.