choonkeat / attache

Yet another approach to file upload
MIT License
203 stars 10 forks source link

Bump nokogiri from 1.6.8 to 1.9.1 #48

Closed dependabot[bot] closed 4 years ago

dependabot[bot] commented 5 years ago

Bumps nokogiri from 1.6.8 to 1.9.1.

Release notes *Sourced from [nokogiri's releases](https://github.com/sparklemotion/nokogiri/releases).* > # 1.9.1 / 2018-12-17 > > ## Bug fixes > > * Fix a bug introduced in v1.9.0 where `XML::DocumentFragment#dup` no longer returned an instance of the callee's class, instead always returning an `XML::DocumentFragment`. This notably broke any subclass of `XML::DocumentFragment` including `HTML::DocumentFragment` as well as the Loofah gem's `Loofah::HTML::DocumentFragment`. [#1846](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1846) > > > > # 1.9.0 / 2018-12-17 > > ## Security Notes > > * [JRuby] Upgrade Xerces dependency from 2.11.0 to 2.12.0 to address upstream vulnerability CVE-2012-0881 [#1831](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1831) (Thanks [@​grajagandev](https://github.com/grajagandev) for reporting.) > > > ## Notable non-functional changes > > * Decrease installation size by removing many unneeded files (e.g., `/test`) from the packaged gems. [#1719](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1719) (Thanks, [@​stevecrozz](https://github.com/stevecrozz)!) > > > ## Features > > * `XML::Attr#value=` allows HTML node attribute values to be set to either a blank string or an empty boolean attribute. [#1800](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1800) > * Introduce `XML::Node#wrap` which does what `XML::NodeSet#wrap` has always done, but for a single node. [#1531](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1531) (Thanks, [@​ethirajsrinivasan](https://github.com/ethirajsrinivasan)!) > * [MRI] Improve installation experience on macOS High Sierra (Darwin). [#1812, [#1813](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1813)] (Thanks, [@​gpakosz](https://github.com/gpakosz) and [@​nurse](https://github.com/nurse)!) > * [MRI] Node#dup supports copying a node directly to a new document. See the method documentation for details. > * [MRI] DocumentFragment#dup is now more memory-efficient, avoiding making unnecessary copies. [#1063](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1063) > * [JRuby] NodeSet has been rewritten to improve performance! [#1795](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1795) > > > ## Bug fixes > > * `NodeSet#each` now returns `self` instead of zero. [#1822](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1822) (Thanks, [@​olehif](https://github.com/olehif)!) > * [MRI] Address a memory leak when using XML::Builder to create nodes with namespaces. [#1810](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1810) > * [MRI] Address a memory leak when unparenting a DTD. [#1784](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1784) (Thanks, [@​stevecheckoway](https://github.com/stevecheckoway)!) > * [MRI] Use RbConfig::CONFIG instead of ::MAKEFILE_CONFIG to fix installations that use Makefile macros. [#1820](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1820) (Thanks, [@​nobu](https://github.com/nobu)!) > * [JRuby] Decrease large memory usage when making nested XPath queries. [#1749](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1749) > * [JRuby] Fix failing tests on JRuby 9.2.x > * [JRuby] Fix default namespaces in nodes reparented into a different document [#1774](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1774) > * [JRuby] Fix support for Java 9. [#1759](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1759) (Thanks, [@​Taywee](https://github.com/Taywee)!) > > > ## Dependencies > > * [MRI] Upgrade mini_portile2 dependency from `~> 2.3.0` to `~> 2.4.0` > > > > # 1.9.0.rc1 / 2018-12-10 > > ... (truncated)
Changelog *Sourced from [nokogiri's changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md).* > ## 1.9.1 / 2018-12-17 > > ### Bug fixes > > * Fix a bug introduced in v1.9.0 where `XML::DocumentFragment#dup` no longer returned an instance of the callee's class, instead always returning an `XML::DocumentFragment`. This notably broke any subclass of `XML::DocumentFragment` including `HTML::DocumentFragment` as well as the Loofah gem's `Loofah::HTML::DocumentFragment`. [#1846](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1846) > > > ## 1.9.0 / 2018-12-17 > > ### Security Notes > > * [JRuby] Upgrade Xerces dependency from 2.11.0 to 2.12.0 to address upstream vulnerability CVE-2012-0881 [#1831](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1831) (Thanks [@​grajagandev](https://github.com/grajagandev) for reporting.) > > > ### Notable non-functional changes > > * Decrease installation size by removing many unneeded files (e.g., `/test`) from the packaged gems. [#1719](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1719) (Thanks, [@​stevecrozz](https://github.com/stevecrozz)!) > > > ### Features > > * `XML::Attr#value=` allows HTML node attribute values to be set to either a blank string or an empty boolean attribute. [#1800](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1800) > * Introduce `XML::Node#wrap` which does what `XML::NodeSet#wrap` has always done, but for a single node. [#1531](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1531) (Thanks, [@​ethirajsrinivasan](https://github.com/ethirajsrinivasan)!) > * [MRI] Improve installation experience on macOS High Sierra (Darwin). [#1812, [#1813](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1813)] (Thanks, [@​gpakosz](https://github.com/gpakosz) and [@​nurse](https://github.com/nurse)!) > * [MRI] Node#dup supports copying a node directly to a new document. See the method documentation for details. > * [MRI] DocumentFragment#dup is now more memory-efficient, avoiding making unnecessary copies. [#1063](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1063) > * [JRuby] NodeSet has been rewritten to improve performance! [#1795](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1795) > > > ### Bug fixes > > * `NodeSet#each` now returns `self` instead of zero. [#1822](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1822) (Thanks, [@​olehif](https://github.com/olehif)!) > * [MRI] Address a memory leak when using XML::Builder to create nodes with namespaces. [#1810](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1810) > * [MRI] Address a memory leak when unparenting a DTD. [#1784](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1784) (Thanks, [@​stevecheckoway](https://github.com/stevecheckoway)!) > * [MRI] Use RbConfig::CONFIG instead of ::MAKEFILE_CONFIG to fix installations that use Makefile macros. [#1820](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1820) (Thanks, [@​nobu](https://github.com/nobu)!) > * [JRuby] Decrease large memory usage when making nested XPath queries. [#1749](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1749) > * [JRuby] Fix failing tests on JRuby 9.2.x > * [JRuby] Fix default namespaces in nodes reparented into a different document [#1774](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1774) > * [JRuby] Fix support for Java 9. [#1759](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1759) (Thanks, [@​Taywee](https://github.com/Taywee)!) > > > ### Dependencies > > * [MRI] Upgrade mini_portile2 dependency from `~> 2.3.0` to `~> 2.4.0` > > > ## 1.8.5 / 2018-10-04 > > ### Security Notes > > ... (truncated)
Commits - [`db26a04`](https://github.com/sparklemotion/nokogiri/commit/db26a04e3d8f2b30456ae203d6c023b299a8e0f9) limit test of libxml-specific DocumentFragment#dup behavior - [`2e15c88`](https://github.com/sparklemotion/nokogiri/commit/2e15c885de3e0669f35dca1f5a1dd047c92e1c7d) version bump to v1.9.1 - [`e9ac292`](https://github.com/sparklemotion/nokogiri/commit/e9ac29275afde6f670a4db64d609a7a07c828ea6) Fix XML::DocumentFragment to return an instance of callee's class - [`ab40787`](https://github.com/sparklemotion/nokogiri/commit/ab40787f49fc71d566cd5a2c3a16c21edffd9d2b) correct CHANGELOG - [`fff550c`](https://github.com/sparklemotion/nokogiri/commit/fff550cbfbfbc7da0ab6f5f16da37fb576afb4c2) version bump to v1.9.0 - [`8d9a65b`](https://github.com/sparklemotion/nokogiri/commit/8d9a65b34d51cf9e5c3ebf5756521126d9dbd959) Merge branch '1719-stevecrozz-decrease-gem-size' - [`dd19ddd`](https://github.com/sparklemotion/nokogiri/commit/dd19ddd5ab9ca6c2d7044274eae11e98b645d57e) update CHANGELOG - [`985b9fc`](https://github.com/sparklemotion/nokogiri/commit/985b9fc229792a658c631ba78b6fbd1010a01fec) add .hoerc containing excludes - [`b61b34c`](https://github.com/sparklemotion/nokogiri/commit/b61b34c1815d7e05b4bfb5a16c6570073f393ccd) Make builds minimal - [`9bb0226`](https://github.com/sparklemotion/nokogiri/commit/9bb0226b680ef0d248504379be0584ae6f64a49d) remove hacks preventing jruby from using racc and rexical - Additional commits viewable in [compare view](https://github.com/sparklemotion/nokogiri/compare/v1.6.8...v1.9.1)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/choonkeat/attache/network/alerts).