Bump the bundler group across 1 directory with 5 updates

[dependabot]

Bumps the bundler group with 4 updates in the / directory: rack, jquery-rails, httparty and nokogiri.

Updates rack from 1.4.1 to 1.4.7

Changelog

Sourced from rack's changelog.

Changelog

All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.

Unreleased

SPEC Changes

• rack.input is now optional. (#1997, [@​ioquatix])
• Rack::Utils.escape_html is now delegated to CGI.escapeHTML. ' is escaped to [#39](https://github.com/rack/rack/issues/39); instead of #x27;. (decimal vs hexadecimal) (#2099, @​JunichiIto)

Changed

• rack.input is now optional, and if missing, will raise an error. Use this to fail on multipart parsing a request without an input body. (#2018, [@​ioquatix])
• Introduce module Rack::BadRequest which is included in multipart and query parser errors. (#2019, [@​ioquatix])
• MIME type for JavaScript files (.js) changed from application/javascript to text/javascript (1bd0f15)
• Add .mjs MIME type (#2057, [@​axilleas])
• Update MIME types associated to .ttf, .woff, .woff2 and .otf extensions to use mondern font/* types. (#2065, [@​davidstosik])
• set_cookie_header utility now supports the partitioned cookie attribute. This is required by Chrome in some embedded contexts. (#2131, [@​flavio-b])
• Remove non-standard status codes 306, 509, & 510 and update descriptions for 413, 422, & 451. (#2137, [@​wtn])
• Add fallback lookup and deprecation warning for obsolete status symbols. (#2137, [@​wtn])
• In Rack::Files, ignore the Range header if served file is 0 bytes. (#2159, [@​zarqman])

[3.0.9] - 2024-01-31

• Fix incorrect content-length header that was emitted when Rack::Response#write was used in some situations. (#2150, [@​mattbrictson])

[3.0.8] - 2023-06-14

• Fix some unused variable verbose warnings. (#2084, [@​jeremyevans], @​skipkayhil)

[3.0.7] - 2023-03-16

• Make query parameters without = have nil values. (#2059, [@​jeremyevans])

[3.0.6.1] - 2023-03-13

• [CVE-2023-27539] Avoid ReDoS in header parsing

[3.0.6] - 2023-03-13

• Add QueryParser#missing_value for handling missing values + tests. (#2052, [@​ioquatix])

[3.0.5] - 2023-03-13

• Split form/query parsing into two steps. (#2038, @​matthewd)

[3.0.4.2] - 2023-03-02

• [CVE-2023-27530] Introduce multipart_total_part_limit to limit total parts

... (truncated)

Commits

• f5c0968 bumping version
• bf5bd20 Merge pull request #814 from johnnaegle/only_increment_open_file_count_for_fi...
• e4f4df5 Explicitly fail when hitting the multipart limit
• 1ae52c1 bumping the release
• 88b067e raise an exception if the parameters are too deep
• 688516a Prevent signals from being sent to pid 0
• 9939d40 Bump version number
• 56374f2 Update README for todays releases
• 5c9b0de Prevent symlink path traversals
• 6c39dfc Use secure_compare for hmac comparison
• Additional commits viewable in compare view

Updates jquery-rails from 2.0.1 to 3.1.5

Changelog

Sourced from jquery-rails's changelog.

3.1.5 (18 Apr 2018)

• Updated jQuery 1.12.4

3.1.3 (16 June 2015)

• Fix CSP bypass vulnerability. CVE-2015-1840

3.1.2 (1 September 2014)

• Updated to jquery-ujs 1.0.1

3.1.1 (23 June 2014)

• Updated to jQuery 1.11.1
• Updated to jquery-ujs 1.0.0

3.1.0 (29 January 2014)

• Updated to jQuery 1.11.0
• Updated to latest jquery-ujs
• Added development rake task for updating jQuery

3.0.4 (10 July 2013)

• Fixed jQuery source map

3.0.3 (10 July 2013)

• Updated to jQuery 1.10.2

3.0.2 (04 July 2013)

• Updated to latest jquery-ujs

3.0.1 (07 June 2013)

• Updated to jQuery 1.10.1
• Removed jQuery UI from generator

3.0.0 (29 May 2013)

• Removed jQuery UI

2.3.0 (29 May 2013)

• Updated to jQuery 1.10.0
• Updated to jQuery UI 1.10.3

2.2.2 (29 May 2013)

... (truncated)

Commits

• fa176d4 Upgrade jQuery to 1.12.4
• c211b82 Fix jQuery version download task
• d42f68d Release 3.1.4
• ecf65f0 Fix IE7 bug on isCrossDomain check
• d0be832 Merge branch '3-1-2-sec' into 3-1-stable
• ee1ed3c Release 3.1.3
• 92f2a9d Upgrade jquery-ujs to do proper checks for cross domain requests
• 135ba0f Release 3.1.2
• 1eabddd Update to latest jquery-ujs.
• d3bc214 Merge branch 'master' into 3-1-stable
• Additional commits viewable in compare view

Updates httparty from 0.8.1 to 0.21.0

Changelog

Sourced from httparty's changelog.

0.21.0

• escape filename in the multipart/form-data Content-Disposition header
• Fix request marshaling
• Replace mime-types with mini_mime

0.20.0

Breaking changes

• Require Ruby >= 2.3.0

Fixes

• Marshal.dump fails on response objects when request option :logger is set or :parser is a proc
• Switch :pem option to to OpenSSL::PKey.read to support other algorithms

0.19.1

• Remove use of unary + method for creating non-frozen string to increase compatibility with older versions of ruby

0.19.0

• Multipart/Form-Data: rewind files after read
• add frozen_string_literal pragma to all files
• [Better handling of Accept-Encoding / Content-Encoding decompression (fixes #562)](jnunemaker/httparty#729)

0.18.1

• Rename cop Lint/HandleExceptions to Lint/SuppressedException.
• Encode keys in query params.
• Fixed SSL doc example.
• Add a build status badge.

0.18.0

• Support gzip/deflate transfer encoding when explicit headers are set.
• Support edge case cookie format with a blank attribute.

0.17.3

0.17.2 is broken jnunemaker/httparty#681

0.17.2

• Add Response#nil? deprecetion warning

0.17.1

... (truncated)

Commits

• e731057 Update version
• a2038f2 Add security notice in changelog
• 455c222 Ignore asdf tool-versions
• cdb45a6 Merge pull request from GHSA-5pq7-52mg-hr42
• 243a215 Merge pull request #769 from carlosantoniodasilva/ca-mini-mime
• a577aca Merge pull request #773 from petergoldstein/feature/add_ruby_3_2_to_ci
• 7bb1f94 Adds Ruby 3.2 to the CI matrix. Updates checkout action version.
• 31d3d9d Merge pull request #771 from mishina2228/update-ci-status-badge
• 7737a77 Update CI status badge
• 051c181 escape filename in the multipart/form-data Content-Disposition header
• Additional commits viewable in compare view

Updates nokogiri from 1.5.2 to 1.16.3

Release notes

Sourced from nokogiri's releases.

v1.16.3 / 2024-03-15

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.6 from v2.12.5. (@​flavorjones)

Changed

• [CRuby] XML::Reader sets the @encoding instance variable during reading if it is not passed into the initializer. Previously, it would remain nil. The behavior of Reader#encoding has not changed. This works around changes to how libxml2 reports the encoding used in v2.12.6.

---

sha256 checksums:

3d806263a0548e5163ff256655d78a87998fa83a5ae256b83c14a1a97731e824  nokogiri-1.16.3-aarch64-linux.gem
cfb923c02bde065005e2521f0a6883c63cf305cb899a9dd4c74897731bb2af1d  nokogiri-1.16.3-arm-linux.gem
5d3268558c002fa493e33076798cfda1df8effbd5363060dc41595cfebb1cf90  nokogiri-1.16.3-arm64-darwin.gem
6bf0918233959c7d5e703061ada0f436544612397475a866aa314071f02bfabb  nokogiri-1.16.3-java.gem
656f163dd287671c3a28157a2e853ee1a36afeb3f4185a78af863f3980efc58d  nokogiri-1.16.3-x64-mingw-ucrt.gem
7330f65cf2f8fa442327112b6515b4988f396d23010d33571714fd2ac0648fb9  nokogiri-1.16.3-x64-mingw32.gem
08d8a369940fa2309379cd8af1e7b3cc702b0115d3ddd197cfa7b33daedfd541  nokogiri-1.16.3-x86-linux.gem
cd26e99fa6388cd73c8892bb99ac98af162fe83c8f71c6473dfeba7aac76bcb9  nokogiri-1.16.3-x86-mingw32.gem
bc22786f4db4c32a5587e3b77a106408148d3bb1602dd0b52c0f5c968c42d17d  nokogiri-1.16.3-x86_64-darwin.gem
47a3330e41b49a100225b6fab490b2dc43410931e01e791886e0c2998412e8cb  nokogiri-1.16.3-x86_64-linux.gem
498aa253ccd5b89a0fa5c4c82b346d22176fc865f4a12ef8da642064d1d3e248  nokogiri-1.16.3.gem

v1.16.2 / 2024-02-04

Security

• [CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See GHSA-xc9x-jj77-9p9j for more information.

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.5 from v2.12.4. (@​flavorjones)

---

sha256 checksums:

69ba15d2a2498324489ed63850997f0b8f684260114ea81116d3082f16551d2d  nokogiri-1.16.2-aarch64-linux.gem
6a05ce42e3587a40cf8936ece0beaa5d32922254215d2e8cf9ad40588bb42e57  nokogiri-1.16.2-arm-linux.gem
c957226c8e36b31be6a3afb8602e2128282bf8b40ea51016c4cd21aa2608d3f8  nokogiri-1.16.2-arm64-darwin.gem
122652bfc338cd8a54a692ac035e245e41fd3b8283299202ca26e7a7d50db310  nokogiri-1.16.2-java.gem
</tr></table> 

... (truncated)

Changelog

Sourced from nokogiri's changelog.

v1.16.3 / 2024-03-15

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.6 from v2.12.5. (@​flavorjones)

Changed

• [CRuby] XML::Reader sets the @encoding instance variable during reading if it is not passed into the initializer. Previously, it would remain nil. The behavior of Reader#encoding has not changed. This works around changes to how libxml2 reports the encoding used in v2.12.6.

v1.16.2 / 2024-02-04

Security

• [CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See GHSA-xc9x-jj77-9p9j for more information.

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.5 from v2.12.4. (@​flavorjones)

v1.16.1 / 2024-02-03

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.4 from v2.12.3. (@​flavorjones)

Fixed

• [CRuby] XML::Reader defaults the encoding to UTF-8 if it's not specified in either the document or as a method parameter. Previously non-ASCII characters were serialized as NCRs in this case. #2891 (@​flavorjones)
• [CRuby] Restored support for compilation by GCC versions earlier than 4.6, which was broken in v1.15.0 (540e9aee). #3090 (@​adfoster-r7)
• [CRuby] Patched upstream libxml2 to allow parsing HTML5 in the context of a namespaced node (e.g., foreign content like MathML). [#3112, #3116] (@​flavorjones)
• [CRuby] Fixed a small memory leak in libgumbo (HTML5 parser) when the maximum tree depth limit is hit. [#3098, #3100] (@​stevecheckoway)

v1.16.0 / 2023-12-27

Notable Changes

Ruby

This release introduces native gem support for Ruby 3.3.

This release ends support for Ruby 2.7, for which upstream support ended 2023-03-31.

... (truncated)

Commits

• 80fb608 version bump to v1.16.3
• 710bd96 dep: update libxml 2.12.6 (branch v1.16.x) (#3151)
• 461a96e fix: Reader#read sets @​encoding if it is unset
• 801f978 dep: update libxml2 to v2.12.6
• 673756f version bump to v1.16.2
• 74ffd67 dep: update libxml to 2.12.5 (branch v1.16.x) (#3122)
• 0d4018d dep: update libxml2 to v2.12.5
• f33a25f dep: remove patch from #3112 which has been released upstream
• e994168 version bump to v1.16.1
• 77ea2f2 dev: add files to manifest ignore list
• Additional commits viewable in compare view

Updates rdoc from 3.12 to 3.12.2

Release notes

Sourced from rdoc's releases.

v3.12.2

Full Changelog: ruby/rdoc@v3.12.1...v3.12.2

v3.12.1

Full Changelog: ruby/rdoc@v3.12...v3.12.1

Changelog

Sourced from rdoc's changelog.

=== 3.12.2 / 2013-02-24

• Bug fixes
  • Fixed bug in syntax-highlighting that would corrupt regular expressions. Ruby Bug #6488 by Benny Lyne Amorsen.
  • Fixed lexing of character syntax (?x). Reported by Xavier Noria.
  • Fixed tokenization of % when it is not followed by a $-string type
  • Fixed display of END in documentation examples in HTML output
  • Fixed tokenization of reserved words used as new-style hash keys
  • Fixed HEREDOC output for the limited case of a heredoc followed by a line end. When a HEREDOC is not followed by a line end RDoc is not currently smart enough to restore the source correctly. Bug #162 by Zachary Scott.

=== 3.12.1 / 2013-02-05

• Bug fixes
  • Fixed an XSS exploit in darkfish.js. This could lead to cookie disclosure to third parties. See CVE-2013-0256[rdoc-ref:CVE-2013-0256.rdoc] for full details including a patch you can apply to generated RDoc documentation.
  • Ensured that rd parser files are generated before checking the manifest.

Commits

• e210ead Fix test in a cross-ruby way
• 13f339a Added 3.12.2 release date to history
• 751f7ac Fixed .travis.yml by using hoe-travis
• 92c591c Set version to 3.12.2
• 96c3d72 Fixed tests broken by incompetent cherry-picking
• a5fc3d6 Added limited HEREDOC tokenization
• 78ef23e Parse unicode characters above \uFFFF
• 5544853 Tokenize out-of-place reserved words as identifiers
• 24efb01 Gave TkEND_OF_SCRIPT#text a value
• 976d31f Fixed tokenization of "a%1"
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #6.