build(deps): bump the bundler group across 7 directories with 10 updates

[dependabot]

Bumps the bundler group with 4 updates in the /pkgs/applications/misc/gollum directory: json, nokogiri, rack and sinatra.
Bumps the bundler group with 6 updates in the /pkgs/development/tools/chefdk directory:

Package	From	To
json	2.5.1	2.7.2
nokogiri	1.11.1	1.16.5
rack	2.2.3	2.2.9
activesupport	5.2.4.5	7.1.3.2
git	1.8.1	1.11.0
jmespath	1.4.0	1.6.2

Bumps the bundler group with 4 updates in the /pkgs/servers/http/showoff directory: json, nokogiri, rack and addressable.
Bumps the bundler group with 3 updates in the /pkgs/tools/admin/fastlane directory: json, addressable and jmespath.
Bumps the bundler group with 3 updates in the /pkgs/tools/admin/oxidized directory: json, rack and git.
Bumps the bundler group with 1 update in the /pkgs/tools/audio/mpdcron directory: nokogiri.
Bumps the bundler group with 2 updates in the /pkgs/tools/misc/anystyle-cli directory: tzinfo and yard.

Updates json from 2.5.1 to 2.7.2

Release notes

Sourced from json's releases.

v2.7.2

What's Changed

• Use rb_sym2str instead of SYM2ID by @​jhawthorn in flori/json#561
• Fix memory leak when exception is raised during JSON generation by @​peterzhu2118 in flori/json#574
• Remove references to "19" methods in JRuby by @​headius in flori/json#576
• Make OpenStruct support as optional by @​hsbt in flori/json#565
• Autoload JSON::GenericObject to avoid require ostruct warning in Ruby 3.4 by @​tompng in flori/json#577
• Warn to install ostruct if json couldn't load it by @​hsbt in flori/json#578

New Contributors

• @​mperham made their first contribution in flori/json#571
• @​peterzhu2118 made their first contribution in flori/json#574

Full Changelog: ruby/json@v2.7.1...v2.7.2

v2.7.1

What's Changed

Improved

• [DOC] RDoc for additions by @​BurdetteLamar in flori/json#557

Fixed

• JSON.dump: handle unenclosed hashes regression by @​casperisfine in flori/json#554
• Overload kwargs in JSON.dump by @​k0kubun in flori/json#556
• Fix JSON.dump overload combination by @​tompng in flori/json#558

Misc

• Remove needless encodings by @​hsbt in flori/json#559
• Unify versions by @​hsbt in flori/json#560

New Contributors

• @​k0kubun made their first contribution in flori/json#556
• @​tompng made their first contribution in flori/json#558

Full Changelog: ruby/json@v2.7.0...v2.7.1

v2.7.0

What's Changed

Improved

• Perf. improvements to Hash#to_json in pure implementation generator. by @​vipulnsward in flori/json#203
• Remove unnecessary initialization of create_id in JSON.parse() by @​Watson1978 in flori/json#454

Added

• Call super in included hook by @​paracycle in flori/json#486
• Rename escape_slash in script_safe and also escape E+2028 and E+2029 by @​casperisfine in flori/json#525
• Add a strict option to Generator by @​casperisfine in flori/json#519

... (truncated)

Changelog

Sourced from json's changelog.

2024-04-04 (2.7.2)

• Use rb_sym2str instead of SYM2ID #561
• Fix memory leak when exception is raised during JSON generation #574
• Remove references to "19" methods in JRuby #576
• Make OpenStruct support as optional by @​hsbt in #565
• Autoload JSON::GenericObject to avoid require ostruct warning in Ruby 3.4 #577
• Warn to install ostruct if json couldn't load it by @​hsbt #578

2023-12-05 (2.7.1)

• JSON.dump: handle unenclosed hashes regression #554
• Overload kwargs in JSON.dump #556
• [DOC] RDoc for additions #557
• Fix JSON.dump overload combination #558

2023-12-01 (2.7.0)

• Add a strict option to Generator #519
• escape_slash option was renamed as script_safe and now also escape U+2028 and U+2029. escape_slash is now an alias of script_safe #525
• Remove unnecessary initialization of create_id in JSON.parse() #454
• Improvements to Hash#to_json in pure implementation generator #203
• Use ruby_xfree to free buffers #518
• Fix "unexpected token" offset for Infinity #507
• Avoid using deprecated BigDecimal.new on JRuby #546
• Removed code for Ruby 1.8 #540
• Rename JSON::ParseError to JSON:ParserError #530
• Call super in included hook #486
• JRuby requires a minimum of Java 8 #516
• Always indent even if empty #517

2022-11-30 (2.6.3)

• bugfix json/pure mixing escaped with literal unicode raises Encoding::CompatibilityError #483
• Stop including the parser source LINE in exceptions #470

2022-11-17 (2.6.2)

• Remove unknown keyword arg from DateTime.parse #488
• Ignore java artifacts by @​hsbt #489
• Fix parser bug for empty string allocation #496

2021-10-24 (2.6.1)

• Restore version.rb with 2.6.1

2021-10-14 (2.6.0)

• Use rb_enc_interned_str if available to reduce allocations in freeze: true mode. #451.
• Bump required_ruby_version to 2.3.

... (truncated)

Commits

• 036944a Bump up 2.7.2
• 5a1659d Merge pull request #578 from flori/warn-bundled-gems
• fff2859 Warn to install ostruct if json couldn't load it
• cdbcbd0 Merge pull request #577 from tompng/autoload_generic_object
• 84b7517 Merge pull request #576 from headius/no_19_jruby_methods
• b507f9e Autoload GenericObject to avoid require ostruct warning in Ruby 3.4
• a480682 Remove references to "19" methods in JRuby
• 35d435e Merge pull request #575 from flori/refine-ci
• 817d7b0 Exclude 2.3-2.5 on macos-14 iamge
• df33e8e Added JRuby 9.4
• Additional commits viewable in compare view

Updates nokogiri from 1.11.1 to 1.16.5

Release notes

Sourced from nokogiri's releases.

v1.16.5 / 2024-05-13

Security

• [CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See GHSA-r95h-9x8f-r3f7 for more information.

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.7 from v2.12.6. (@​flavorjones)

---

sha256 checksums:

af0f44fa3e664dfb2aa10de8b551447d720c1e8d1f0aa3f35783dcc43e40a874  nokogiri-1.16.5-aarch64-linux.gem
23dc2357b26409a5c33b7e32a82902f0e9995305420f16d1a03ab3ea1a482fec  nokogiri-1.16.5-arm-linux.gem
950d037530edb49f75ad35de0b8038b970a7dda57e2b6326895b0e49fadf6214  nokogiri-1.16.5-arm64-darwin.gem
b7aefc94370c62476b8528e8d8abb6160203abd84a1f4eceda8f1aa8974d9989  nokogiri-1.16.5-java.gem
ec2167160df8fec3137bf95d574ed80ebc1d002bb3b281546b60b4aa9002466e  nokogiri-1.16.5-x64-mingw-ucrt.gem
6984200491fac69974005ecfa2de129d61843d345eafa5d6f58e8b908d1cf107  nokogiri-1.16.5-x64-mingw32.gem
abdc389ab1ec6604492da16bd9d06ad746fdb6bd6a1bd274c400d61ffcadb3c4  nokogiri-1.16.5-x86-linux.gem
63d24981345856f2baf7f4089870a62d3042fb8d3021b280fb04fc052532e3c4  nokogiri-1.16.5-x86-mingw32.gem
71b5f54e378c433d13df67c3b71acc4716129da62402d8181f310c4216a63279  nokogiri-1.16.5-x86_64-darwin.gem
0ca238da870066bed2f7837af6f35791bb9b76c4c5638999c46aac44818a6a97  nokogiri-1.16.5-x86_64-linux.gem
ec36162c68984fa0a90a5c4ae7ab7759460639e716cc1ce75f34c3cb54158ad2  nokogiri-1.16.5.gem

v1.16.4 / 2024-04-10

Dependencies

• [CRuby] Vendored zlib in the precompiled native gems is updated to v1.3.1 from v1.3. Nokogiri is not affected by the minizip CVE patched in this version, but this update may satisfy some security scanners. Related, see this discussion about removing the compression libraries altogether in a future version of Nokogiri.

---

sha256 checksums:

bdb1dc4378ebcf3ade8f440c7df68f6d76946a1a96c4823a2b4c53c01a320cd5  nokogiri-1.16.4-aarch64-linux.gem
0c994b9996d5576eddcc3201a94ef2bff6fc3627c4ae4d2708b0ec9b9743ec6a  nokogiri-1.16.4-arm-linux.gem
8e86abb64c93c06d3c588042a0e757279e8f1dc88b5210a00be892a9a7a27196  nokogiri-1.16.4-arm64-darwin.gem
bf84fa28be4943692bd64772186e0832fb1061f80714ccb93e111e9d72b1cadc  nokogiri-1.16.4-java.gem
a46808467c1f63a2031e1ca0715cd5336bb4ec759e9c0e2f4c951c1cc30994ae  nokogiri-1.16.4-x64-mingw-ucrt.gem
4cdf64bc5e9443ec3e0b595347ecc8affe21968d9ae934c0825d26630ef96468  nokogiri-1.16.4-x64-mingw32.gem
d86d21bae47dd9f6f5223055e45d33fae08b0b89aad94cbc0ece4f4274fa7af5  nokogiri-1.16.4-x86-linux.gem
d488b872884844686780fda7cf5da44ee884d32faa713a55aeb4736d76718168  nokogiri-1.16.4-x86-mingw32.gem
a896e52a56951ffb0e6a9279afbf485d683e357a053d27f4cfcb2a73b0824628  nokogiri-1.16.4-x86_64-darwin.gem
92ff4f09910255fec84b3bc4c4b182e94cada3ed12b9f7a6ea058e0af186fb31  nokogiri-1.16.4-x86_64-linux.gem
</tr></table> 

... (truncated)

Changelog

Sourced from nokogiri's changelog.

v1.16.5

Security

• [CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See GHSA-r95h-9x8f-r3f7 for more information.

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.7 from v2.12.6. (@​flavorjones)

v1.16.4 / 2024-04-10

Dependencies

• [CRuby] Vendored zlib in the precompiled native gems is updated to v1.3.1 from v1.3. Nokogiri is not affected by the minizip CVE patched in this version, but this update may satisfy some security scanners. Related, see this discussion about removing the compression libraries altogether in a future version of Nokogiri.

v1.16.3 / 2024-03-15

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.6 from v2.12.5. (@​flavorjones)

Changed

• [CRuby] XML::Reader sets the @encoding instance variable during reading if it is not passed into the initializer. Previously, it would remain nil. The behavior of Reader#encoding has not changed. This works around changes to how libxml2 reports the encoding used in v2.12.6.

v1.16.2 / 2024-02-04

Security

• [CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See GHSA-xc9x-jj77-9p9j for more information.

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.5 from v2.12.4. (@​flavorjones)

v1.16.1 / 2024-02-03

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.4 from v2.12.3. (@​flavorjones)

... (truncated)

Commits

• cd70bd3 version bump to v1.16.5
• afc36de dep: update vendored libxml2 to v2.12.7 (#3191)
• 41b4f08 ci: add arm64-darwin coverage using macos-14
• 67b9e86 dep: update libxml2 to v2.12.7
• 17c0362 version bump to v1.16.4
• 1c329e9 dep: update to zlib 1.3.1 (v1.16.x) (#3175)
• edeac07 dep: update to zlib 1.3.1
• 80fb608 version bump to v1.16.3
• 710bd96 dep: update libxml 2.12.6 (branch v1.16.x) (#3151)
• 461a96e fix: Reader#read sets @​encoding if it is unset
• Additional commits viewable in compare view

Updates rack from 2.2.3 to 2.2.9

Release notes

Sourced from rack's releases.

v2.2.8.1

What's Changed

• Fixed ReDoS in Accept header parsing [CVE-2024-26146]
• Fixed ReDoS in Content Type header parsing [CVE-2024-25126]
• Reject Range headers which are too large [CVE-2024-26141]

Full Changelog: rack/rack@v2.2.8...v2.2.8.1

v2.2.8

What's Changed

• Limit file extension length of multipart tempfiles (2.2 backport) by @​dentarg in rack/rack#2075
• CHANGELOG: Add missing 2.2.7 by @​tisba in rack/rack#2081
• Update cookie.rb by @​dchandekstark in rack/rack#2092
• Prefer ubuntu-latest for testing. by @​ioquatix in rack/rack#2095
• Fix inefficient assert pattern in Rack::Lint [2-2-stable] by @​skipkayhil in rack/rack#2101
• Regenerate SPEC [2-2-stable] by @​skipkayhil in rack/rack#2102

New Contributors

• @​tisba made their first contribution in rack/rack#2081
• @​dchandekstark made their first contribution in rack/rack#2092

Full Changelog: rack/rack@v2.2.7...v2.2.8

v2.2.7

What's Changed

• Correct the year number in the changelog by @​kimulab in rack/rack#2015
• Support underscore in host names for Rack 2.2 (Fixes #2070) by @​jeremyevans in rack/rack#2071

New Contributors

• @​kimulab made their first contribution in rack/rack#2015

Full Changelog: rack/rack@v2.2.6.4...v2.2.7

v2.2.6.4

No release notes provided.

Changelog

Sourced from rack's changelog.

Changelog

All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.

Unreleased

SPEC Changes

• rack.input is now optional. (#1997, [@​ioquatix])
• Rack::Utils.escape_html is now delegated to CGI.escapeHTML. ' is escaped to [#39](https://github.com/rack/rack/issues/39); instead of #x27;. (decimal vs hexadecimal) (#2099, @​JunichiIto)

Changed

• rack.input is now optional, and if missing, will raise an error. Use this to fail on multipart parsing a request without an input body. (#2018, [@​ioquatix])
• Introduce module Rack::BadRequest which is included in multipart and query parser errors. (#2019, [@​ioquatix])
• MIME type for JavaScript files (.js) changed from application/javascript to text/javascript (1bd0f15)
• Add .mjs MIME type (#2057, [@​axilleas])
• Update MIME types associated to .ttf, .woff, .woff2 and .otf extensions to use mondern font/* types. (#2065, [@​davidstosik])
• set_cookie_header utility now supports the partitioned cookie attribute. This is required by Chrome in some embedded contexts. (#2131, [@​flavio-b])
• Remove non-standard status codes 306, 509, & 510 and update descriptions for 413, 422, & 451. (#2137, [@​wtn])
• Add fallback lookup and deprecation warning for obsolete status symbols. (#2137, [@​wtn])
• In Rack::Files, ignore the Range header if served file is 0 bytes. (#2159, [@​zarqman])

[3.0.11] - 2024-05-10

• Backport #2062 to 3-0-stable: Do not allow BodyProxy to respond to to_str, make to_ary call close . (#2062, @​jeremyevans)

[3.0.10] - 2024-03-21

• Backport #2104 to 3-0-stable: Return empty when parsing a multi-part POST with only one end delimiter. (#2164, @​JoeDupuis)

[3.0.9.1] - 2024-02-21

Security

• CVE-2024-26146 Fixed ReDoS in Accept header parsing
• CVE-2024-25126 Fixed ReDoS in Content Type header parsing
• CVE-2024-26141 Reject Range headers which are too large

[3.0.9] - 2024-01-31

• Fix incorrect content-length header that was emitted when Rack::Response#write was used in some situations. (#2150, @​mattbrictson)

[3.0.8] - 2023-06-14

• Fix some unused variable verbose warnings. (#2084, [@​jeremyevans], @​skipkayhil)

... (truncated)

Commits

• b1deebd Bump patch version.
• f7d40f9 Merge branch '2-2-sec' into 2-2-stable
• e830011 bump version
• d9c163a Avoid 2nd degree polynomial regexp in MediaType
• 6245768 Return an empty array when ranges are too large
• e4c1177 Fixing ReDoS in header parsing
• fdb12cb backport #2104 (#2121)
• 99057e6 Update CHANGELOG for 2.2.8 (#2107)
• 3314622 Adds missing 2.2.8 to CHANGELOG.md (#2106)
• f169ff7 Bump patch version.
• Additional commits viewable in compare view

Updates sinatra from 2.1.0 to 2.2.4

Changelog

Sourced from sinatra's changelog.

4.0.0. / 2024-01-19

• New: Add support for Rack 3 (#1857)

  • Note: you may want to read the [Rack 3 Upgrade Guide]

• Require Ruby 2.7.8 as minimum Ruby version (#1993)

• Breaking change: Drop support for Rack 2 (#1857)

  • Note: when using Sinatra to start the web server, you now need the rackup gem installed

• Breaking change: Remove the IndifferentHash initializer (#1982)

• Breaking change: Disable session_hijacking protection by default (#1984)

• Breaking change: Remove Rack::Protection::EncryptedCookie (#1989)

  • Note: cookies are still encrypted (by [Rack::Session::Cookie])

#1857: sinatra/sinatra#1857 #1993: sinatra/sinatra#1993 #1982: sinatra/sinatra#1982 #1984: sinatra/sinatra#1984 #1989: sinatra/sinatra#1989 [Rack::Session::Cookie]: https://github.com/rack/rack-session [Rack 3 Upgrade Guide]: https://github.com/rack/rack/blob/main/UPGRADE-GUIDE.md

3.2.0 / 2023-12-29

• New: Add #except method to Sinatra::IndifferentHash (#1940)

• New: Use Exception#detailed_message to show backtrace (#1952)

• New: Add Sinatra::HamlHelpers to sinatra-contrib (#1960)

• Fix: Add base64 to rack-protection runtime dependencies (#1946)

• Fix: Avoid open-ended dependencies for sinatra-contrib and rack-protection (#1949)

• Fix: Helpful message when Sinatra::Runner times out (#1975)

• Fix: Ruby 3.3 + Bundler 2.5 compatibility (#1975)

#1940: sinatra/sinatra#1940 #1946: sinatra/sinatra#1946 #1949: sinatra/sinatra#1949 #1952: sinatra/sinatra#1952 #1960: sinatra/sinatra#1960 #1975: sinatra/sinatra#1975

3.1.0 / 2023-08-07

... (truncated)

Commits

• 7c88c7c 2.2.4 release
• 4f9a883 Install libyaml-dev in CI
• 5788f46 Allow CALLERS_TO_IGNORE to be overridden
• c135ceb Remove hamlit-block to fix spec failure
• de0b6ab 2.2.3 release
• 0bdb254 2.2.3 release
• 43df742 Remove rdoc
• 580b271 fix ReDoS
• 9031a44 Pin haml to v5
• 0455c8e Pin Puma to v5
• Additional commits viewable in compare view

Updates json from 2.5.1 to 2.7.2

Release notes

Sourced from json's releases.

v2.7.2

What's Changed

• Use rb_sym2str instead of SYM2ID by @​jhawthorn in flori/json#561
• Fix memory leak when exception is raised during JSON generation by @​peterzhu2118 in flori/json#574
• Remove references to "19" methods in JRuby by @​headius in flori/json#576
• Make OpenStruct support as optional by @​hsbt in flori/json#565
• Autoload JSON::GenericObject to avoid require ostruct warning in Ruby 3.4 by @​tompng in flori/json#577
• Warn to install ostruct if json couldn't load it by @​hsbt in flori/json#578

New Contributors

• @​mperham made their first contribution in flori/json#571
• @​peterzhu2118 made their first contribution in flori/json#574

Full Changelog: ruby/json@v2.7.1...v2.7.2

v2.7.1

What's Changed

Improved

• [DOC] RDoc for additions by @​BurdetteLamar in flori/json#557

Fixed

• JSON.dump: handle unenclosed hashes regression by @​casperisfine in flori/json#554
• Overload kwargs in JSON.dump by @​k0kubun in flori/json#556
• Fix JSON.dump overload combination by @​tompng in flori/json#558

Misc

• Remove needless encodings by @​hsbt in flori/json#559
• Unify versions by @​hsbt in flori/json#560

New Contributors

• @​k0kubun made their first contribution in flori/json#556
• @​tompng made their first contribution in flori/json#558

Full Changelog: ruby/json@v2.7.0...v2.7.1

v2.7.0

What's Changed

Improved

• Perf. improvements to Hash#to_json in pure implementation generator. by @​vipulnsward in flori/json#203
• Remove unnecessary initialization of create_id in JSON.parse() by @​Watson1978 in flori/json#454

Added

• Call super in included hook by @​paracycle in flori/json#486
• Rename escape_slash in script_safe and also escape E+2028 and E+2029 by @​casperisfine in flori/json#525
• Add a strict option to Generator by @​casperisfine in flori/json#519

... (truncated)

Changelog

Sourced from json's changelog.

2024-04-04 (2.7.2)

• Use rb_sym2str instead of SYM2ID #561
• Fix memory leak when exception is raised during JSON generation #574
• Remove references to "19" methods in JRuby #576
• Make OpenStruct support as optional by @​hsbt in #565
• Autoload JSON::GenericObject to avoid require ostruct warning in Ruby 3.4 #577
• Warn to install ostruct if json couldn't load it by @​hsbt #578

2023-12-05 (2.7.1)

• JSON.dump: handle unenclosed hashes regression #554
• Overload kwargs in JSON.dump #556
• [DOC] RDoc for additions #557
• Fix JSON.dump overload combination #558

2023-12-01 (2.7.0)

• Add a strict option to Generator #519
• escape_slash option was renamed as script_safe and now also escape U+2028 and U+2029. escape_slash is now an alias of script_safe #525
• Remove unnecessary initialization of create_id in JSON.parse() #454
• Improvements to Hash#to_json in pure implementation generator #203
• Use ruby_xfree to free buffers #518
• Fix "unexpected token" offset for Infinity #507
• Avoid using deprecated BigDecimal.new on JRuby #546
• Removed code for Ruby 1.8 #540
• Rename JSON::ParseError to JSON:ParserError #530
• Call super in included hook #486
• JRuby requires a minimum of Java 8 #516
• Always indent even if empty #517

2022-11-30 (2.6.3)

• bugfix json/pure mixing escaped with literal unicode raises Encoding::CompatibilityError #483
• Stop including the parser source LINE in exceptions #470

2022-11-17 (2.6.2)

• Remove unknown keyword arg from DateTime.parse #488
• Ignore java artifacts by @​hsbt #489
• Fix parser bug for empty string allocation #496

2021-10-24 (2.6.1)

• Restore version.rb with 2.6.1

2021-10-14 (2.6.0)

• Use rb_enc_interned_str if available to reduce allocations in freeze: true mode. #451.
• Bump required_ruby_version to 2.3.

... (truncated)

Commits

• 036944a Bump up 2.7.2
• 5a1659d Merge pull request #578 from flori/warn-bundled-gems
• fff2859 Warn to install ostruct if json couldn't load it
• cdbcbd0 Merge pull request #577 from tompng/autoload_generic_object
• 84b7517 Merge pull request #576 from headius/no_19_jruby_methods
• b507f9e Autoload GenericObject to avoid require ostruct warning in Ruby 3.4
• a480682 Remove references to "19" methods in JRuby
• 35d435e Merge pull request #575 from flori/refine-ci
• 817d7b0 Exclude 2.3-2.5 on macos-14 iamge
• df33e8e Added JRuby 9.4
• Additional commits viewable in compare view

Updates nokogiri from 1.11.1 to 1.16.5

Release notes

Sourced from nokogiri's releases.

v1.16.5 / 2024-05-13

Security

• [CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See GHSA-r95h-9x8f-r3f7 for more information.

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.7 from v2.12.6. (@​flavorjones)

---

sha256 checksums:

af0f44fa3e664dfb2aa10de8b551447d720c1e8d1f0aa3f35783dcc43e40a874  nokogiri-1.16.5-aarch64-linux.gem
23dc2357b26409a5c33b7e32a82902f0e9995305420f16d1a03ab3ea1a482fec  nokogiri-1.16.5-arm-linux.gem
950d037530edb49f75ad35de0b8038b970a7dda57e2b6326895b0e49fadf6214  nokogiri-1.16.5-arm64-darwin.gem
b7aefc94370c62476b8528e8d8abb6160203abd84a1f4eceda8f1aa8974d9989  nokogiri-1.16.5-java.gem
ec2167160df8fec3137bf95d574ed80ebc1d002bb3b281546b60b4aa9002466e  nokogiri-1.16.5-x64-mingw-ucrt.gem
6984200491fac69974005ecfa2de129d61843d345eafa5d6f58e8b908d1cf107  nokogiri-1.16.5-x64-mingw32.gem
abdc389ab1ec6604492da16bd9d06ad746fdb6bd6a1bd274c400d61ffcadb3c4  nokogiri-1.16.5-x86-linux.gem
63d24981345856f2baf7f4089870a62d3042fb8d3021b280fb04fc052532e3c4  nokogiri-1.16.5-x86-mingw32.gem
71b5f54e378c433d13df67c3b71acc4716129da62402d8181f310c4216a63279  nokogiri-1.16.5-x86_64-darwin.gem
0ca238da870066bed2f7837af6f35791bb9b76c4c5638999c46aac44818a6a97  nokogiri-1.16.5-x86_64-linux.gem
ec36162c68984fa0a90a5c4ae7ab7759460639e716cc1ce75f34c3cb54158ad2  nokogiri-1.16.5.gem

v1.16.4 / 2024-04-10

Dependencies

• [CRuby] Vendored zlib in the precompiled native gems is updated to v1.3.1 from v1.3. Nokogiri is not affected by the minizip CVE patched in this version, but this update may satisfy some security scanners. Related, see this discussion about removing the compression libraries altogether in a future version of Nokogiri.

---

sha256 checksums:

bdb1dc4378ebcf3ade8f440c7df68f6d76946a1a96c4823a2b4c53c01a320cd5  nokogiri-1.16.4-aarch64-linux.gem
0c994b9996d5576eddcc3201a94ef2bff6fc3627c4ae4d2708b0ec9b9743ec6a  nokogiri-1.16.4-arm-linux.gem
8e86abb64c93c06d3c588042a0e757279e8f1dc88b5210a00be892a9a7a27196  nokogiri-1.16.4-arm64-darwin.gem
bf84fa28be4943692bd64772186e0832fb1061f80714ccb93e111e9d72b1cadc  nokogiri-1.16.4-java.gem
a46808467c1f63a2031e1ca0715cd5336bb4ec759e9c0e2f4c951c1cc30994ae  nokogiri-1.16.4-x64-mingw-ucrt.gem
4cdf64bc5e9443ec3e0b595347ecc8affe21968d9ae934c0825d26630ef96468  nokogiri-1.16.4-x64-mingw32.gem
d86d21bae47dd9f6f5223055e45d33fae08b0b89aad94cbc0ece4f4274fa7af5  nokogiri-1.16.4-x86-linux.gem
d488b872884844686780fda7cf5da44ee884d32faa713a55aeb4736d76718168  nokogiri-1.16.4-x86-mingw32.gem
a896e52a56951ffb0e6a9279afbf485d683e357a053d27f4cfcb2a73b0824628  nokogiri-1.16.4-x86_64-darwin.gem
92ff4f09910255fec84b3bc4c4b182e94cada3ed12b9f7a6ea058e0af186fb31  nokogiri-1.16.4-x86_64-linux.gem
</tr></table> 

... (truncated)

Changelog

Sourced from nokogiri's changelog.

v1.16.5

Security

• [CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See GHSA-r95h-9x8f-r3f7 for more information.

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.7 from v2.12.6. (@​flavorjones)

v1.16.4 / 2024-04-10

Dependencies

• [CRuby] Vendored zlib in the precompiled native gems is updated to v1.3.1 from v1.3. Nokogiri is not affected by the minizip CVE patched in this version, but this update may satisfy some security scanners. Related, see this discussion about removing the compression libraries altogether in a future version of Nokogiri.

v1.16.3 / 2024-03-15

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.6 from v2.12.5. (@​flavorjones)

Changed

• [CRuby] XML::Reader sets the @encoding instance variable during reading if it is not passed into the initializer. Previously, it would remain nil. The behavior of Reader#encoding has not changed. This works around changes to how libxml2 reports the encoding used in v2.12.6.

v1.16.2 / 2024-02-04

Security

• [CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See GHSA-xc9x-jj77-9p9j for more information.

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.5 from v2.12.4. (@​flavorjones)

v1.16.1 / 2024-02-03

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.4 from v2.12.3. (@​flavorjones)

... (truncated)

Commits

• cd70bd3 version bump to v1.16.5
• afc36de dep: update vendored libxml2 to v2.12.7 (#3191)
• 41b4f08 ci: add arm64-darwin coverage using macos-14
• 67b9e86 dep: update libxml2 to v2.12.7
• 17c0362 version bump to v1.16.4
• 1c329e9 dep: update to zlib 1.3.1 (v1.16.x) (#3175)
• edeac07 dep: update to zlib 1.3.1
• 80fb608 version bump to v1.16.3
• 710bd96 dep: update libxml 2.12.6 (branch v1.16.x) (#3151)
• 461a96e fix: Reader#read sets @​encoding if it is unset
• Additional commits viewable in compare view

Updates rack from 2.2.3 to 2.2.9

Release notes

Sourced from rack's releases.

v2.2.8.1

What's Changed

• Fixed ReDoS in Accept header parsing [CVE-2024-26146]
• Fixed ReDoS in Content Type header parsing [CVE-2024-25126]
• Reject Range headers which are too large [CVE-2024-26141]

Full Changelog: rack/rack@v2.2.8...v2.2.8.1

v2.2.8

What's Changed

• Limit file extension length of multipart tempfiles (2.2 backport) by @​dentarg in rack/rack#2075
• CHANGELOG: Add missing 2.2.7 by @​tisba in rack/rack#2081
• Update cookie.rb by @​dchandekstark in rack/rack#2092
• Prefer ubuntu-latest for testing. by @​ioquatix in rack/rack#2095
• Fix inefficient assert pattern in Rack::Lint [2-2-stable] by @​skipkayhil in rack/rack#2101
• Regenerate SPEC [2-2-stable] by @​skipkayhil in rack/rack#2102

New Contributors

• @​tisba made their first contribution in rack/rack#2081
• @​dchandekstark made their first contribution in rack/rack#2092

Full Changelog: rack/rack@v2.2.7...v2.2.8

v2.2.7

What's Changed

• Correct the year number in the changelog by @​kimulab in rack/rack#2015
• Support underscore in host names for Rack 2.2 (Fixes #2070) by @​jeremyevans in rack/rack#2071

New Contributors

• @​kimulab made their first contribution in rack/rack#2015

Full Changelog: rack/rack@v2.2.6.4...v2.2.7

v2.2.6.4

No release notes provided.

Changelog

Sourced from rack's changelog.

Changelog

All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.

Unreleased

SPEC Changes

• rack.input is now optional. (#1997, [@​ioquatix])
• Rack::Utils.escape_html is now delegated to CGI.escapeHTML. ' is escaped to [#39](https://github.com/rack/rack/issues/39); instead of #x27;. (decimal vs hexadecimal) (#2099, @​JunichiIto)

Changed

• rack.input is now optional, and if missing, will raise an error. Use this to fail on multipart parsing a request without an input body. (#2018, [@​ioquatix])
• Introduce module Rack::BadRequest which is included in multipart and query parser errors. (#2019, [@​ioquatix])
• MIME type for JavaScript files (.js) changed from application/javascript to text/javascript (1bd0f15)
• Add .mjs MIME type (#2057, [@​axilleas])
• Update MIME types associated to .ttf, .woff, .woff2 and .otf extensions to use mondern font/* types. (#2065, [@​davidstosik])
• set_cookie_header utility now supports the partitioned cookie attribute. This is required by Chrome in some embedded contexts. (#2131, [@​flavio-b])
• Remove non-standard status codes 306, 509, & 510 and update descriptions for 413, 422, & 451. (#2137, [@​wtn])
• Add fallback lookup...

  Description has been truncated