homebrew-ppc64le / brew

:beer: :penguin: The missing package manager for Linux PPC64 LE
BSD 2-Clause "Simplified" License
1 stars 1 forks source link

Bump mechanize from 2.7.6 to 2.8.5 in /Library/Homebrew #17

Open dependabot[bot] opened 2 years ago

dependabot[bot] commented 2 years ago

Bumps mechanize from 2.7.6 to 2.8.5.

Release notes

Sourced from mechanize's releases.

2.8.5 / 2022-06-09

Security

Fixes low-severity CVE-2022-31033, "Authorization header leak on port redirect." See GHSA-64qm-hrgp-pgr9 for more details.

2.8.4 / 2022-01-17

Fix

  • Mechanize::CookieJar#load calls Psych.safe_load when using Psych >= 3.1

2.8.3 / 2021-11-11

Update

  • Update the "Linux Firefox" user agent string to rev94 (#587) Thank you, @​ncs1!

2.8.2 / 2021-08-06

Dependencies

2.8.1 / 2021-05-09

Fix

  • Gracefully handle parsing errors that contain an invalid byte sequence. Previously, if libxml2 registered a parsing error that itself contained invalid encoding, an exception might be raised. (#553)

2.8.0 / 2021-04-01

  • Requirements

    • Mechanize now requires Ruby 2.5 or newer.
    • Move from ntlm-http to rubyntlm gem. (#495, #574)
  • New Features

    • Page::Link#uri now handles non-ASCII hrefs. (#569) @​terryyin
    • FileConnection supports Windows drive letters (#483)
    • Credential headers 'Authorization' and 'Cookie' are deleted on cross-origin redirects. (#538) @​kyoshidajp
    • ContentDispositionParser handles ISO8601 date headers, to be robust with websites that ignore RFC2183. (#554) @​reitermarkus
  • Bug fix

    • POST headers 'Content-Length', 'Content-MD5', and 'Content-Type' are deleted in a case-insensitive manner on redirects. Previously these headers were treated as case-sensitive.

... (truncated)

Changelog

Sourced from mechanize's changelog.

2.8.5 / 2022-06-09

Security

Fixes low-severity CVE-2022-31033, "Authorization header leak on port redirect." See GHSA-64qm-hrgp-pgr9 for more details.

2.8.4 / 2022-01-17

Fix

  • Mechanize::CookieJar#load calls Psych.safe_load when using Psych >= 3.1

2.8.3 / 2021-11-11

Update

  • Update the "Linux Firefox" user agent string to rev94 (#587) Thank you, @​ncs1!

2.8.2 / 2021-08-06

Dependencies

2.8.1 / 2021-05-09

Fix

  • Gracefully handle parsing errors that contain an invalid byte sequence. Previously, if libxml2 registered a parsing error that itself contained invalid encoding, an exception might be raised. (#553)

2.8.0 / 2021-04-01

Requirements

  • Mechanize now requires Ruby 2.5 or newer.
  • Move from ntlm-http to rubyntlm gem. (#495, #574)

New Features

  • Page::Link#uri now handles non-ASCII hrefs. (#569) @​terryyin
  • FileConnection supports Windows drive letters (#483)
  • Credential headers 'Authorization' and 'Cookie' are deleted on cross-origin redirects. (#538) @​kyoshidajp
  • ContentDispositionParser handles ISO8601 date headers, to be robust with websites that ignore RFC2183. (#554) @​reitermarkus

Bug fix

... (truncated)

Commits
  • c1091fd version bump to v2.8.5
  • c7fe699 Merge pull request #600 from sparklemotion/flavorjones-redirect-headers
  • 907c778 fix: clear credentials when redirecting to a different port
  • 70ebc34 version bump to v2.8.4
  • c8b9d79 Merge pull request #588 from sparklemotion/flavorjones-update-ci-to-ruby31
  • 8302ec5 ci: update to cover Ruby 3.1
  • ec9af73 Merge pull request #589 from sparklemotion/flavorjones-use-psych-safe-load
  • 1c099a6 use safe_load when using Psych >= 3.1
  • 4a0dfe5 version bump to v2.8.3
  • b898f47 Merge pull request #587 from ncs1/update_linux_firefox_ua
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/homebrew-ppc64le/brew/network/alerts).