search

datacite / lupo

DataCite REST API
https://api.datacite.org
MIT License
12 stars 8 forks source link

Bump nokogiri, bolognese, maremma, faraday, sentry-raven, elasticsearch-transport and elasticsearch #1160

Closed dependabot[bot] closed 7 months ago

dependabot[bot] commented 8 months ago

Bumps nokogiri, bolognese, maremma, faraday, sentry-raven, elasticsearch-transport and elasticsearch. These dependencies needed to be updated together. Updates nokogiri from 1.13.10 to 1.16.3

Release notes

Sourced from nokogiri's releases.

v1.16.3 / 2024-03-15

Dependencies

Changed

  • [CRuby] XML::Reader sets the @encoding instance variable during reading if it is not passed into the initializer. Previously, it would remain nil. The behavior of Reader#encoding has not changed. This works around changes to how libxml2 reports the encoding used in v2.12.6.

sha256 checksums:

3d806263a0548e5163ff256655d78a87998fa83a5ae256b83c14a1a97731e824  nokogiri-1.16.3-aarch64-linux.gem
cfb923c02bde065005e2521f0a6883c63cf305cb899a9dd4c74897731bb2af1d  nokogiri-1.16.3-arm-linux.gem
5d3268558c002fa493e33076798cfda1df8effbd5363060dc41595cfebb1cf90  nokogiri-1.16.3-arm64-darwin.gem
6bf0918233959c7d5e703061ada0f436544612397475a866aa314071f02bfabb  nokogiri-1.16.3-java.gem
656f163dd287671c3a28157a2e853ee1a36afeb3f4185a78af863f3980efc58d  nokogiri-1.16.3-x64-mingw-ucrt.gem
7330f65cf2f8fa442327112b6515b4988f396d23010d33571714fd2ac0648fb9  nokogiri-1.16.3-x64-mingw32.gem
08d8a369940fa2309379cd8af1e7b3cc702b0115d3ddd197cfa7b33daedfd541  nokogiri-1.16.3-x86-linux.gem
cd26e99fa6388cd73c8892bb99ac98af162fe83c8f71c6473dfeba7aac76bcb9  nokogiri-1.16.3-x86-mingw32.gem
bc22786f4db4c32a5587e3b77a106408148d3bb1602dd0b52c0f5c968c42d17d  nokogiri-1.16.3-x86_64-darwin.gem
47a3330e41b49a100225b6fab490b2dc43410931e01e791886e0c2998412e8cb  nokogiri-1.16.3-x86_64-linux.gem
498aa253ccd5b89a0fa5c4c82b346d22176fc865f4a12ef8da642064d1d3e248  nokogiri-1.16.3.gem

v1.16.2 / 2024-02-04

Security

  • [CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See GHSA-xc9x-jj77-9p9j for more information.

Dependencies

sha256 checksums:

69ba15d2a2498324489ed63850997f0b8f684260114ea81116d3082f16551d2d  nokogiri-1.16.2-aarch64-linux.gem
6a05ce42e3587a40cf8936ece0beaa5d32922254215d2e8cf9ad40588bb42e57  nokogiri-1.16.2-arm-linux.gem
c957226c8e36b31be6a3afb8602e2128282bf8b40ea51016c4cd21aa2608d3f8  nokogiri-1.16.2-arm64-darwin.gem
122652bfc338cd8a54a692ac035e245e41fd3b8283299202ca26e7a7d50db310  nokogiri-1.16.2-java.gem
</tr></table>

... (truncated)

Changelog

Sourced from nokogiri's changelog.

v1.16.3 / 2024-03-15

Dependencies

Changed

  • [CRuby] XML::Reader sets the @encoding instance variable during reading if it is not passed into the initializer. Previously, it would remain nil. The behavior of Reader#encoding has not changed. This works around changes to how libxml2 reports the encoding used in v2.12.6.

v1.16.2 / 2024-02-04

Security

  • [CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See GHSA-xc9x-jj77-9p9j for more information.

Dependencies

v1.16.1 / 2024-02-03

Dependencies

Fixed

  • [CRuby] XML::Reader defaults the encoding to UTF-8 if it's not specified in either the document or as a method parameter. Previously non-ASCII characters were serialized as NCRs in this case. #2891 (@​flavorjones)
  • [CRuby] Restored support for compilation by GCC versions earlier than 4.6, which was broken in v1.15.0 (540e9aee). #3090 (@​adfoster-r7)
  • [CRuby] Patched upstream libxml2 to allow parsing HTML5 in the context of a namespaced node (e.g., foreign content like MathML). [#3112, #3116] (@​flavorjones)
  • [CRuby] Fixed a small memory leak in libgumbo (HTML5 parser) when the maximum tree depth limit is hit. [#3098, #3100] (@​stevecheckoway)

v1.16.0 / 2023-12-27

Notable Changes

Ruby

This release introduces native gem support for Ruby 3.3.

This release ends support for Ruby 2.7, for which upstream support ended 2023-03-31.

... (truncated)

Commits


Updates bolognese from 2.1.1 to 2.2.0

Release notes

Sourced from bolognese's releases.

2.2.0

What's Changed

New Contributors

Full Changelog: https://github.com/datacite/bolognese/compare/2.1.1...2.2.0

Commits
  • b3721a2 Merge pull request #192 from datacite/upgrade-nokogiri
  • e53767e change required_ruby_version
  • fe303f2 bump test and release ruby version to 3.1.4
  • 9208072 upgrade maremma. upgrade bolognese. bump version to 2.2.0
  • See full diff in compare view


Updates maremma from 4.9.8 to 5.0.0

Release notes

Sourced from maremma's releases.

5.0.0

What's Changed

New Contributors

Full Changelog: https://github.com/datacite/maremma/compare/4.9.9...5.0.0

4.9.9

What's Changed

Full Changelog: https://github.com/datacite/maremma/compare/4.9.8...4.9.9

Changelog

Sourced from maremma's changelog.

Changelog

Unreleased

Full Changelog

Merged pull requests:

4.9.9 (2022-10-19)

Full Changelog

Closed issues:

  • Upgrade Github Actions #24

Merged pull requests:

Commits
  • e9f25ac Merge pull request #36 from datacite/create-version-5-0-0
  • ce77f20 create version 5.0.0
  • 6321330 Merge pull request #33 from datacite/upgrade-nokogiri
  • 78e81ad set ruby test version to 3.x
  • 5b31f9f change ruby version in git action
  • 9bf1bea upgrade nokogiri
  • f19964f Updated CHANGELOG.md
  • 8ab1e97 Merge pull request #30 from datacite/dependabot/bundler/rack-2.2.6.4
  • 75edb5f Bump rack from 2.2.4 to 2.2.6.4
  • a67dfdc Updated CHANGELOG.md
  • Additional commits viewable in compare view


Updates faraday from 0.17.6 to 2.9.0

Release notes

Sourced from faraday's releases.

v2.9.0

What's Changed

NOTE: This release removes support for Ruby 2.6 and 2.7, making Ruby 3.0 the minimum version.

New Contributors

Full Changelog: https://github.com/lostisland/faraday/compare/v2.8.1...v2.9.0

v2.8.1

What's Changed

Full Changelog: https://github.com/lostisland/faraday/compare/v2.8.0...v2.8.1

v2.8.0

What's Changed

New features ✨

Misc/Docs 📄

New Contributors

Full Changelog: https://github.com/lostisland/faraday/compare/v2.7.12...v2.8.0

v2.7.12

What's Changed

New Contributors

Full Changelog: https://github.com/lostisland/faraday/compare/v2.7.11...v2.7.12

v2.7.11

... (truncated)

Commits
  • cc5d607 Version bump to 2.9.0
  • ceb01e4 Bump faraday-net_http version to allow 3.1 (#1546)
  • 074506e Use latest Ruby version to publish and run rubocop
  • 898f203 Run rubocop in CI using Ruby 3.3
  • f0f549d Fix Rubocop offenses
  • caa4ff4 Update GitHub workflows, add 3.3 to CI matrix
  • 13732f7 Remove ruby2_keywords dependency
  • 8cbfd75 Make 3.0 the minimum supported Ruby version
  • 9487833 Remove runtime dependency on base64 (#1541)
  • 7e12133 v2.8.1
  • Additional commits viewable in compare view


Updates sentry-raven from 2.13.0 to 3.1.2

Commits


Updates elasticsearch-transport from 7.5.0 to 7.17.10

Release notes

Sourced from elasticsearch-transport's releases.

v7.17.10

Backports support for Faraday 2 from elastic-transport. ¡Gracias santiagorodriguez96!

This version of the gem now supports Faraday v2. If you don't have a locked version of Faraday in your project, when you upgrade your gems, Faraday v2 will be installed. The main change on dependencies when using Faraday v2 is all adapters, except for the default net_http one, have been moved out of Faraday into separate gems. This means if you're not using the default adapter and you migrate to Faraday v2, you'll need to add the adapter gems to your Gemfile.

These are the gems required for the different adapters with Faraday 2, instead of the libraries on which they were based:

# HTTPCLient
gem 'faraday-httpclient'

NetHTTPPersistent


gem 'faraday-net_http_persistent'


Patron


gem 'faraday-patron'


Typhoeus


gem 'faraday-typhoeus'

Things should work fine if you migrate to Faraday 2 as long as you include the adapter (unless you're using the default one net-http), but worst case scenario, you can always lock the version of Faraday in your project to 1.x: gem 'faraday', '~> 1'

Be aware if migrating to Faraday v2 that it requires at least Ruby 2.6, unlike Faraday v1 which requires 2.4.

Troubleshooting

If you see a message like: :adapter is not registered on Faraday::Adapter (Faraday::Error) Then you probably need to include the adapter library in your gemfile and require it.

Please submit an issue if you encounter any problems.

v7.17.9

  • Backports fix from elastic-transport: #66 - Manticore transport unable to send custom headers with perform_request Pull Request.

v7.17.8

  • Patch releases back to being detached from Elastic stack releases.
  • Tested compatibility with Elasticsearch v7.17 APIs.
  • Tested versions of Ruby for 7.17.8: Ruby (MRI) 2.7, 3.0, 3.1, 3.2, JRuby 9.3, JRuby 9.4.
  • Bugfix in elasticsearch-transport: Fixes enforcing UTF-8 in Response body, causing an error when the string is frozen, particularly when using webmock: [issue #63](elastic/elastic-transport-ruby#63).

7.17.7

  • Compatibility with Elasticsearch v7.17.7 APIs.
  • Tested versions of Ruby for 7.17.7: Ruby (MRI) 2.6, 2.7, 3.0 and 3.1, JRuby 9.3.

7.17.1

  • Improves handling of YAML parsing, uses safe_load instead of load when doing the product verification (should only affect Ruby < 3.0).
  • Updates headers setup when using the Manticore adapter. This fixes an issue where the user-agent header was being foverridden even when it was being set on initialization via the transport options. Pull Request, issue.

... (truncated)

Commits
  • 015e747 Bumps version to 7.17.10
  • e7e7261 Enable elasticsearch-transport v7 to use Faraday >=2
  • 30bcd1e Bumps version to 7.17.9
  • 3c04cf9 Fixes instantiating Client in Manticore implementation.
  • a797725 Updates version to 7.17.8
  • 776b66a Doesn't enforce UTF-8 encoding in Response object if the string is frozen.
  • e697129 Bumps 7.17 to 7.17.12
  • cc663e7 Bumps 7.17 to 7.17.11
  • 7cab267 Bumps 7.17 to 7.17.10
  • 6df88d1 Locks pry-byebug to 3.9 for Ruby 2.7 support
  • Additional commits viewable in compare view


Updates elasticsearch from 7.5.0 to 8.12.2

Release notes

Sourced from elasticsearch's releases.

v8.12.2

Drops runtime dependency on base64. Thanks Earlopain! Pull Request: #2295.

v8.12.1

Adds base64 dependency: base64 was added to the gemspec, since starting in Ruby 3.4.0, base64 will no longer be part of the default gems and will no longer be in the standard library.

Base64 is used for API key and Cloud ID. The dependency used to be declared in transport, but it's not needed there since the implementation using it is in this codebase. It was removed from transport in the latest patch releases: 8.1.3, 8.2.5 and 8.3.1.

v8.12.0

Client

  • Tested versions of Ruby for 8.12.0: Ruby (MRI) 3.0, 3.1, 3.2 and 3.3. JRuby 9.3 and JRuby 9.4.

API

API Changes:

  • bulk - Adds boolean :list_executed_pipelines parameter: Sets list_executed_pipelines for all incoming documents. Defaults to unset (false).
  • indices.put_settings - Adds boolean :reopen parameter: Whether to close and reopen the index to apply non-dynamic settings. If set to true the indices to which the settings are being applied will be closed temporarily and then reopened in order to apply the changes. The default is false.
  • open_point_in_time - Adds Hash :body parameter: an index_filter specified with the Query DSL.
  • security.get_api_key - Adds boolean :active_only parameter: flag to limit response to only active (not invalidated or expired) API keys.

New APIs

New API for Universal profiling:

  • profiling.status - Returns basic information about the status of Universal Profiling.

New experimental API:

Connectors API

Version 8.12 introduces the experimental Connectors API. Use the following APIs to manage connectors:

  • connector.post - Creates a connector. See documentation
  • connector.put - Creates or updates a connector. See documentation
  • connector.delete - Deletes a connector. See documentation
  • connector.get - Returns the details about a connector. See documentation
  • connector.list - Lists all connectors. See documentation
  • connector.check_in - Updates the last_seen timestamp in the connector document. See documentation
  • connector.update_configuration - Updates the connector configuration. See documentation
  • connector.update_error - Updates the error field in the connector document. See documentation
  • connector.update_filtering - Updates the filtering field in the connector document. See documentation
  • connector.last_sync - Updates the stats of last sync in the connector document. See documentation
  • connector.update_name - Updates the name and/or description fields in the connector document. See documentation
  • connector.update_pipeline - Updates the pipeline field in the connector document. See documentation
  • connector.update_scheduling - Updates the scheduling field in the connector document. See documentation

... (truncated)

Changelog

Sourced from elasticsearch's changelog.

To see release notes for the 7.x branch and older releases, see CHANGELOG on the 7.17 branch.

8.12.0 Release notes

Client

  • Tested versions of Ruby for 8.12.0: Ruby (MRI) 3.0, 3.1, 3.2 and 3.3. JRuby 9.3 and JRuby 9.4.

API

API Changes:

  • bulk - Adds boolean :list_executed_pipelines parameter: Sets list_executed_pipelines for all incoming documents. Defaults to unset (false).
  • indices.put_settings - Adds boolean :reopen parameter: Whether to close and reopen the index to apply non-dynamic settings. If set to true the indices to which the settings are being applied will be closed temporarily and then reopened in order to apply the changes. The default is false.
  • open_point_in_time - Adds Hash :body parameter: an index_filter specified with the Query DSL.
  • security.get_api_key - Adds boolean :active_only parameter: flag to limit response to only active (not invalidated or expired) API keys.

New APIs

New API for Universal profiling:

  • profiling.status - Returns basic information about the status of Universal Profiling.

New experimental API:

Connectors API

Version 8.12 introduces the experimental Connectors API. Use the following APIs to manage connectors:

  • connector.post - Creates a connector. See documentation
  • connector.put - Creates or updates a connector. See documentation
  • connector.delete - Deletes a connector. See documentation
  • connector.get - Returns the details about a connector. See documentation
  • connector.list - Lists all connectors. See documentation
  • connector.check_in - Updates the last_seen timestamp in the connector document. See documentation
  • connector.update_configuration - Updates the connector configuration. See documentation
  • connector.update_error - Updates the error field in the connector document. See documentation
  • connector.update_filtering - Updates the filtering field in the connector document. See documentation
  • connector.last_sync - Updates the stats of last sync in the connector document. See documentation
  • connector.update_name - Updates the name and/or description fields in the connector document. See documentation
  • connector.update_pipeline - Updates the pipeline field in the connector document. See documentation
  • connector.update_scheduling - Updates the scheduling field in the connector document. See documentation

Use the following APIs to manage sync jobs:

  • connector_sync_job.cancel - Cancels a connector sync job. See documentation
  • connector_sync_job.check_in - Checks in a connector sync job (refreshes 'last_seen'). See documentation
  • connector_sync_job.delete - Deletes a connector sync job. See documentation

... (truncated)

Commits
  • 9bb4997 [DOCS] Updates release notes for 8.12.2
  • afb90e0 Bumps version to 8.12.2
  • 85b65dc Drop runtime dependency on base64
  • a07501e [DOCS] Updates 8.12.1 release notes
  • 3443be1 Bumps version to 8.12.1
  • 23b57c4 Adds base64 dependency
  • 109a971 [DOCS] Release notes 8.12
  • 9aab364 [DOCS] Updates generated docs
  • e590347 [CI] Adds doc task to git add files from OK response
  • e074d09 [CI] Prepare log file for git comsumption
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/datacite/lupo/network/alerts).
dependabot[bot] commented 7 months ago

Looks like these dependencies are updatable in another way, so this is no longer needed.