Bump activerecord, rails, feedzirra, actionmailer, actionpack, activeresource, activesupport, rack, rake, builder, loofah, sax-machine and nokogiri

[dependabot]

Bumps activerecord, rails, feedzirra, actionmailer, actionpack, activeresource, activesupport, rack, rake, builder, loofah, sax-machine and nokogiri. These dependencies needed to be updated together.
Updates activerecord from 2.3.8 to 7.0.3.1

Release notes

Sourced from activerecord's releases.

7.0.3

Active Support

• No changes.

Active Model

• No changes.

Active Record

• Some internal housekeeping on reloads could break custom respond_to? methods in class objects that referenced reloadable constants. See #44125 for details.

  Xavier Noria

• Fixed MariaDB default function support.

  Defaults would be written wrong in "db/schema.rb" and not work correctly if using db:schema:load. Further more the function name would be added as string content when saving new records.

  kaspernj

• Fix remove_foreign_key with :if_exists option when foreign key actually exists.

  fatkodima

• Remove --no-comments flag in structure dumps for PostgreSQL

  This broke some apps that used custom schema comments. If you don't want comments in your structure dump, you can use:

  ActiveRecord::Tasks::DatabaseTasks.structure_dump_flags = ['--no-comments']

  Alex Ghiculescu

• Use the model name as a prefix when filtering encrypted attributes from logs.

  For example, when encrypting Person#name it will add person.name as a filter parameter, instead of just name. This prevents unintended filtering of parameters with a matching name in other models.

... (truncated)

Changelog

Sourced from activerecord's changelog.

Rails 7.0.3.1 (July 12, 2022)

• Change ActiveRecord::Coders::YAMLColumn default to safe_load

  This adds two new configuration options The configuration options are as follows:

  • config.active_storage.use_yaml_unsafe_load

  When set to true, this configuration option tells Rails to use the old "unsafe" YAML loading strategy, maintaining the existing behavior but leaving the possible escalation vulnerability in place. Setting this option to true is not recommended, but can aid in upgrading.

  • config.active_record.yaml_column_permitted_classes

  The "safe YAML" loading method does not allow all classes to be deserialized by default. This option allows you to specify classes deemed "safe" in your application. For example, if your application uses Symbol and Time in serialized data, you can add Symbol and Time to the allowed list as follows:

  config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
  

  [CVE-2022-32224]

Rails 7.0.3 (May 09, 2022)

• Some internal housekeeping on reloads could break custom respond_to? methods in class objects that referenced reloadable constants. See #44125 for details.

  Xavier Noria

• Fixed MariaDB default function support.

  Defaults would be written wrong in "db/schema.rb" and not work correctly if using db:schema:load. Further more the function name would be added as string content when saving new records.

  kaspernj

• Fix remove_foreign_key with :if_exists option when foreign key actually exists.

  fatkodima

• Remove --no-comments flag in structure dumps for PostgreSQL

... (truncated)

Commits

• 04972d9 Preparing for 7.0.3.1 release
• 0c68c1f updating version and changelog
• 9529dc8 Change ActiveRecord::Coders::YAMLColumn default to safe_load
• 3872bc0 Preparing for 7.0.3 release
• cd7700b Merge pull request #45016 from adrianna-chang-shopify/ac-fix-strict-loading-p...
• f99f422 Merge pull request #45018 from lucthev/lt/strict-false
• 3594d29 Merge pull request #44956 from sato11/document-uses_transaction
• f154d9b Merge pull request #45012 from fatkodima/fix-sql-comments-regex
• 46f84bc activerecord: log unnamed bind params
• 976a543 activerecord: add log sql with unnamed bind test
• Additional commits viewable in compare view

Updates rails from 2.3.8 to 7.0.3.1

Release notes

Sourced from rails's releases.

7.0.3

Active Support

• No changes.

Active Model

• No changes.

Active Record

• Some internal housekeeping on reloads could break custom respond_to? methods in class objects that referenced reloadable constants. See #44125 for details.

  Xavier Noria

• Fixed MariaDB default function support.

  Defaults would be written wrong in "db/schema.rb" and not work correctly if using db:schema:load. Further more the function name would be added as string content when saving new records.

  kaspernj

• Fix remove_foreign_key with :if_exists option when foreign key actually exists.

  fatkodima

• Remove --no-comments flag in structure dumps for PostgreSQL

  This broke some apps that used custom schema comments. If you don't want comments in your structure dump, you can use:

  ActiveRecord::Tasks::DatabaseTasks.structure_dump_flags = ['--no-comments']

  Alex Ghiculescu

• Use the model name as a prefix when filtering encrypted attributes from logs.

  For example, when encrypting Person#name it will add person.name as a filter parameter, instead of just name. This prevents unintended filtering of parameters with a matching name in other models.

... (truncated)

Commits

• 04972d9 Preparing for 7.0.3.1 release
• 0c68c1f updating version and changelog
• 9529dc8 Change ActiveRecord::Coders::YAMLColumn default to safe_load
• 3872bc0 Preparing for 7.0.3 release
• 74beedc Remove incorrect tests
• 54bd582 Merge pull request #44947 from jasonkarns/patch-3
• 082e929 Merge pull request #45027 from rails/fix-tag-helper-regression
• cd7700b Merge pull request #45016 from adrianna-chang-shopify/ac-fix-strict-loading-p...
• f99f422 Merge pull request #45018 from lucthev/lt/strict-false
• fd7dc8f Merge pull request #45013 from JohnAnon9771/fix/doc-active-record-querying
• Additional commits viewable in compare view

Updates feedzirra from 0.0.24 to 0.8.0

Changelog

Sourced from feedzirra's changelog.

Feedjira Changelog

3.2.1

• Fix time handling in ruby 3.1

• Atom feeds now have an icon field via feedjira/feedjira#452 (@​jswanner)

3.2.0

• Atom feed_url no longer falls back to url via feedjira/feedjira#451 (@​frederfred)

• Atom feeds now have an icon field via feedjira/feedjira#452 (@​jswanner)

3.1.2

• Enhancements
  • Alias managingEditor as managing_editor #443[] ([@​DominikAlberski][])
  • Add support for the a10 namespace used in RSS 2.0 feeds generated by .NET applications. Currently a10:link, a10:updated, a10:content and a10:name are supported. #440[] ([@​knu][])

#440: feedjira/feedjira#440 #443: feedjira/feedjira#443

3.1.1

• Enhancements

  • Fix warnings in Ruby 2.7 #434[] ([@​sferik][])

• General

  • Test on Ruby 2.5, 2.6 and 2.7 #435[] ([@​HParker][])

#434: feedjira/feedjira#434 #435: feedjira/feedjira#435

3.1.0

• Breaking Changes

  • title of Atom entry classes always return a plain text even in case the entry has a title of the HTML or XML type. #423[] ([@​knu][])

• Enhancements

  • raw_title and title_type are added to Atom entry classes. #423[] ([@​knu][])
  • AtomGoogleAlerts is now a supported parser #424[] ([@​knu][])

#423: feedjira/feedjira#423 #424: feedjira/feedjira#424

3.0.0

• Breaking Changes
  • Feedjira::Feed.parse has moved to Feedjira.parse

... (truncated)

Commits

• 5ca1a2c Deprecate Feedzirra, use Feedjira instead
• 18832a8 Update CHANGELOG for 0.7.1
• 35baab5 Bump version for 0.7.1
• 293b49a be a new entry if feed not have entry id and only difference is a url
• 6e075a8 Update CHANGELOG for 0.7.0
• 0f863b1 Bump version for 0.7.0
• e614278 Bugfix for parsing dates that are ISO 8601 with milliseconds
• d552496 On failure callbacks get curl and error as args
• 260a979 Move call_on_failure to private method
• 801b978 Fix tests for #194
• Additional commits viewable in compare view

Updates actionmailer from 2.3.8 to 7.0.3.1

Release notes

Sourced from actionmailer's releases.

7.0.3

Active Support

• No changes.

Active Model

• No changes.

Active Record

• Some internal housekeeping on reloads could break custom respond_to? methods in class objects that referenced reloadable constants. See #44125 for details.

  Xavier Noria

• Fixed MariaDB default function support.

  Defaults would be written wrong in "db/schema.rb" and not work correctly if using db:schema:load. Further more the function name would be added as string content when saving new records.

  kaspernj

• Fix remove_foreign_key with :if_exists option when foreign key actually exists.

  fatkodima

• Remove --no-comments flag in structure dumps for PostgreSQL

  This broke some apps that used custom schema comments. If you don't want comments in your structure dump, you can use:

  ActiveRecord::Tasks::DatabaseTasks.structure_dump_flags = ['--no-comments']

  Alex Ghiculescu

• Use the model name as a prefix when filtering encrypted attributes from logs.

  For example, when encrypting Person#name it will add person.name as a filter parameter, instead of just name. This prevents unintended filtering of parameters with a matching name in other models.

... (truncated)

Changelog

Sourced from actionmailer's changelog.

Rails 7.0.3.1 (July 12, 2022)

• No changes.

Rails 7.0.3 (May 09, 2022)

• No changes.

Rails 7.0.2.4 (April 26, 2022)

• No changes.

Rails 7.0.2.3 (March 08, 2022)

• No changes.

Rails 7.0.2.2 (February 11, 2022)

• No changes.

Rails 7.0.2.1 (February 11, 2022)

• No changes.

Rails 7.0.2 (February 08, 2022)

• No changes.

Rails 7.0.1 (January 06, 2022)

• Keep configuration of smtp_settings consistent between 6.1 and 7.0.

  André Luis Leal Cardoso Junior

Rails 7.0.0 (December 15, 2021)

• No changes.

Rails 7.0.0.rc3 (December 14, 2021)

• No changes.

... (truncated)

Commits

• 04972d9 Preparing for 7.0.3.1 release
• 0c68c1f updating version and changelog
• 3872bc0 Preparing for 7.0.3 release
• ae98f49 Merge pull request #44777 from jean-francois-labbe/main
• c204039 Merge branch '7-0-sec' into 7-0-stable
• 3520cc7 Preparing for 7.0.2.4 release
• f2f7900 updating changelog for release
• 89dd6f5 Merge pull request #44850 from kamipo/preserve_kwargs_flag
• c730f80 Merge pull request #44162 from andrehjr/only-configure-smtp-settings-when-pro...
• 2cf820d Merge pull request #44693 from ghousemohamed/fix-docs-related-gem-versions
• Additional commits viewable in compare view

Updates actionpack from 2.3.8 to 7.0.3.1

Release notes

Sourced from actionpack's releases.

7.0.3

Active Support

• No changes.

Active Model

• No changes.

Active Record

• Some internal housekeeping on reloads could break custom respond_to? methods in class objects that referenced reloadable constants. See #44125 for details.

  Xavier Noria

• Fixed MariaDB default function support.

  Defaults would be written wrong in "db/schema.rb" and not work correctly if using db:schema:load. Further more the function name would be added as string content when saving new records.

  kaspernj

• Fix remove_foreign_key with :if_exists option when foreign key actually exists.

  fatkodima

• Remove --no-comments flag in structure dumps for PostgreSQL

  This broke some apps that used custom schema comments. If you don't want comments in your structure dump, you can use:

  ActiveRecord::Tasks::DatabaseTasks.structure_dump_flags = ['--no-comments']

  Alex Ghiculescu

• Use the model name as a prefix when filtering encrypted attributes from logs.

  For example, when encrypting Person#name it will add person.name as a filter parameter, instead of just name. This prevents unintended filtering of parameters with a matching name in other models.

... (truncated)

Changelog

Sourced from actionpack's changelog.

Rails 7.0.3.1 (July 12, 2022)

• No changes.

Rails 7.0.3 (May 09, 2022)

• Allow relative redirects when raise_on_open_redirects is enabled.

  Tom Hughes

• Fix authenticate_with_http_basic to allow for missing password.

  Before Rails 7.0 it was possible to handle basic authentication with only a username.

  authenticate_with_http_basic do |token, _|
    ApiClient.authenticate(token)
  end

  This ability is restored.

  Jean Boussier

• Fix content_security_policy returning invalid directives.

  Directives such as self, unsafe-eval and few others were not single quoted when the directive was the result of calling a lambda returning an array.

  content_security_policy do |policy|
    policy.frame_ancestors lambda { [:self, "https://example.com"] }
  end

  With this fix the policy generated from above will now be valid.

  Edouard Chin

• Fix skip_forgery_protection to run without raising an error if forgery protection has not been enabled / verify_authenticity_token is not a defined callback.

  This fix prevents the Rails 7.0 Welcome Page (/) from raising an ArgumentError if default_protect_from_forgery is false.

  Brad Trick

... (truncated)

Commits

• 04972d9 Preparing for 7.0.3.1 release
• 0c68c1f updating version and changelog
• 3872bc0 Preparing for 7.0.3 release
• 0e805db Merge pull request #44295 from guillaumecabanel/main
• f7c77b2 Add missing require of action_controller/metal/exceptions to `action_contro...
• 5107a6d Fix style and misspell in action dispatch executor test
• d82885d Merge pull request #44934 from soartec-lab/add-api-doc-for-samesite-of-cookie
• c204039 Merge branch '7-0-sec' into 7-0-stable
• 3520cc7 Preparing for 7.0.2.4 release
• f2f7900 updating changelog for release
• Additional commits viewable in compare view

Updates activeresource from 2.3.8 to 6.0.0

Release notes

Sourced from activeresource's releases.

6.0.0

Breaking changes

• Drop support to Ruby < 2.6 and Rails < 6.0

What's Changed

• Create PreconditionFailed (412) exception by @​bbraschi in rails/activeresource#302
• Adds TooManyRequests (429) exception by @​bradleypriest in rails/activeresource#304
• Fix active job serializer railtie by @​gmcgibbon in rails/activeresource#310
• Fix Rails 6.1 compatibility by @​casperisfine in rails/activeresource#335
• Set frozen_string_literal: true in the generated code by @​casperisfine in rails/activeresource#336
• Stop using the deprecated URI.parser by @​casperisfine in rails/activeresource#338
• Fix the missed URI.parser references by @​casperisfine in rails/activeresource#339
• Fix find_every instantiating records from symbol and string without prefix_options by @​ivan05almeida in rails/activeresource#348
• Add support to set bearer token connection through Base class by @​ivan05almeida in rails/activeresource#345
• Fixed multi-threading race condition issue by @​marisveide in rails/activeresource#349
• Fixed ActiveResource::ConnectionError#to_s to return a message which … by @​faultier92 in rails/activeresource#353
• Stop requiring the useless and deprecated core_ext/uri by @​casperisfine in rails/activeresource#366
• Changing headers on base class doesn't change them in subclasses by @​adrien-k in rails/activeresource#359

New Contributors

• @​bbraschi made their first contribution in rails/activeresource#302
• @​maurcarvalho made their first contribution in rails/activeresource#307
• @​bradleypriest made their first contribution in rails/activeresource#304
• @​pilaf made their first contribution in rails/activeresource#315
• @​eitoball made their first contribution in rails/activeresource#306
• @​okuramasafumi made their first contribution in rails/activeresource#320
• @​larouxn made their first contribution in rails/activeresource#321
• @​maria-kravtsova made their first contribution in rails/activeresource#323
• @​casperisfine made their first contribution in rails/activeresource#335
• @​ivan05almeida made their first contribution in rails/activeresource#348
• @​marisveide made their first contribution in rails/activeresource#349
• @​faultier92 made their first contribution in rails/activeresource#353
• @​luk4s made their first contribution in rails/activeresource#356
• @​jbampton made their first contribution in rails/activeresource#357
• @​filabreu made their first contribution in rails/activeresource#364
• @​aclemons made their first contribution in rails/activeresource#367
• @​obahareth made their first contribution in rails/activeresource#373
• @​adrien-k made their first contribution in rails/activeresource#359

Full Changelog: rails/activeresource@v5.1.1...v6.0.0

5.1.0

• Improve support of Active Resource objects inside fibers.

• Add support to Active Model Serializers.

• Fix error when trying to parse nil as a JSON response.

... (truncated)

Commits

• See full diff in compare view

Updates activesupport from 2.3.8 to 7.0.3.1

Release notes

Sourced from activesupport's releases.

7.0.3

Active Support

• No changes.

Active Model

• No changes.

Active Record

• Some internal housekeeping on reloads could break custom respond_to? methods in class objects that referenced reloadable constants. See #44125 for details.

  Xavier Noria

• Fixed MariaDB default function support.

  Defaults would be written wrong in "db/schema.rb" and not work correctly if using db:schema:load. Further more the function name would be added as string content when saving new records.

  kaspernj

• Fix remove_foreign_key with :if_exists option when foreign key actually exists.

  fatkodima

• Remove --no-comments flag in structure dumps for PostgreSQL

  This broke some apps that used custom schema comments. If you don't want comments in your structure dump, you can use:

  ActiveRecord::Tasks::DatabaseTasks.structure_dump_flags = ['--no-comments']

  Alex Ghiculescu

• Use the model name as a prefix when filtering encrypted attributes from logs.

  For example, when encrypting Person#name it will add person.name as a filter parameter, instead of just name. This prevents unintended filtering of parameters with a matching name in other models.

... (truncated)

Changelog

Sourced from activesupport's changelog.

Rails 7.0.3.1 (July 12, 2022)

• No changes.

Rails 7.0.3 (May 09, 2022)

• No changes.

Rails 7.0.2.4 (April 26, 2022)

• Fix and add protections for XSS in ActionView::Helpers and ERB::Util.

  Add the method ERB::Util.xml_name_escape to escape dangerous characters in names of tags and names of attributes, following the specification of XML.

  Álvaro Martín Fraguas

Rails 7.0.2.3 (March 08, 2022)

• No changes.

Rails 7.0.2.2 (February 11, 2022)

• Fix Reloader method signature to work with the new Executor signature

Rails 7.0.2.1 (February 11, 2022)

• No changes.

Rails 7.0.2 (February 08, 2022)

• Fix ActiveSupport::EncryptedConfiguration to be compatible with Psych 4

  Stephen Sugden

• Improve File.atomic_write error handling.

  Daniel Pepper

Rails 7.0.1 (January 06, 2022)

• Fix Class#descendants and DescendantsTracker#descendants compatibility with Ruby 3.1.

  The native Class#descendants was reverted prior to Ruby 3.1 release,

... (truncated)

Commits

• 04972d9 Preparing for 7.0.3.1 release
• 0c68c1f updating version and changelog
• 3872bc0 Preparing for 7.0.3 release
• 082e929 Merge pull request #45027 from rails/fix-tag-helper-regression
• 2722895 Emphasize cacheable objects in guide and API docs [ci-skip]
• a1fbc46 Allow setting some active support settings via initializers
• c204039 Merge branch '7-0-sec' into 7-0-stable
• 3520cc7 Preparing for 7.0.2.4 release
• f2f7900 updating changelog for release
• 2266802 Merge pull request #44893 from ghousemohamed/add-docs-for-run-load-hooks
• Additional commits viewable in compare view

Updates rack from 1.1.0 to 2.2.4

Changelog

Sourced from rack's changelog.

[2.2.4] - 2022-06-30

• Better support for lower case headers in Rack::ETag middleware. (#1919, @​ioquatix)
• Use custom exception on params too deep error. (#1838, @​simi)

[2.2.3.1] - 2022-05-27

• [CVE-2022-30123] Fix shell escaping issue in Common Logger
• [CVE-2022-30122] Restrict parsing of broken MIME attachments

[2.2.3] - 2020-06-15

Security

• [CVE-2020-8184] Do not allow percent-encoded cookie name to override existing cookie names. BREAKING CHANGE: Accessing cookie names that require URL encoding with decoded name no longer works. (@​fletchto99)

[2.2.2] - 2020-02-11

Fixed

• Fix incorrect Rack::Request#host value. (#1591, [@​ioquatix])
• Revert Rack::Handler::Thin implementation. (#1583, [@​jeremyevans])
• Double assignment is still needed to prevent an "unused variable" warning. (#1589, @​kamipo)
• Fix to handle same_site option for session pool. (#1587, @​kamipo)

[2.2.1] - 2020-02-09

Fixed

• Rework Rack::Request#ip to handle empty forwarded_for. (#1577, [@​ioquatix])

[2.2.0] - 2020-02-08

SPEC Changes

• rack.session request environment entry must respond to to_hash and return unfrozen Hash. ([@​jeremyevans])
• Request environment cannot be frozen. ([@​jeremyevans])
• CGI values in the request environment with non-ASCII characters must use ASCII-8BIT encoding. ([@​jeremyevans])
• Improve SPEC/lint relating to SERVER_NAME, SERVER_PORT and HTTP_HOST. (#1561, [@​ioquatix])

Added

• rackup supports multiple -r options and will require all arguments. ([@​jeremyevans])
• Server supports an array of paths to require for the :require option. (@​khotta)
• Files supports multipart range requests. (@​fatkodima)
• Multipart::UploadedFile supports an IO-like object instead of using the filesystem, using :filename and :io options. ([@​jeremyevans])
• Multipart::UploadedFile supports keyword arguments :path, :content_type, and :binary in addition to positional arguments. ([@​jeremyevans])
• Static supports a :cascade option for calling the app if there is no matching file. ([@​jeremyevans])
• Session::Abstract::SessionHash#dig. ([@​jeremyevans])
• Response.[] and MockResponse.[] for creating instances using status, headers, and body. ([@​ioquatix])

... (truncated)

Commits

• abca7d5 fixup changelog
• 0ae9ff2 bump version
• 0077900 Better handling of case-insensitive headers for Rack::Etag middleware. (#1919)
• d62c290 Add 'custom exception on params too deep error' change to CHANGELOG. (#1914)
• e7c5b94 Expect additional optional version segment in version test. (#1913)
• f705eac Merge branch '2-2-sec' into 2-2-stable
• 925a4a6 update changelog
• 70c0a24 bump version
• 434413f Escape untrusted text when logging
• a872bcc Restrict broken mime parsing
• Additional commits viewable in compare view

Updates rake from 0.8.7 to 13.0.6

Changelog

Sourced from rake's changelog.

=== 13.0.6

• Additional fix for #389 Pull request #390 by hsbt

=== 13.0.5

• Fixed the regression of #388 Pull request #389 by hsbt

=== 13.0.4

• Fix rake test loader swallowing useful error information. Pull request #367 by deivid-rodriguez
• Add -C/--directory option the same as GNU make. Pull request #376 by nobu

=== 13.0.3

• Fix breaking change of execution order on TestTask. Pull request #368 by ysakasin

=== 13.0.2

==== Enhancements

• Fix tests to work with current FileUtils Pull Request #358 by jeremyevans
• Simplify default rake test loader Pull Request #357 by deivid-rodriguez
• Update rdoc Pull Request #366 by bahasalien
• Update broken links to rake articles from Avdi in README Pull Request #360 by svl7

=== 13.0.1

==== Bug fixes

• Fixed bug: Reenabled task raises previous exception on second invokation Pull Request #271 by thorsteneckel
• Fix an incorrectly resolved arg pattern Pull Request #327 by mjbellantoni

=== 13.0.0

==== Enhancements

• Follows recent changes on keyword arguments in ruby 2.7. Pull Request #326 by nobu

... (truncated)

Commits

• 5c60da8 Bump up Rake-13.0.6
• 73d4099 Merge pull request #390 from ruby/fix-388-again
• 63aacb6 Added Rake namespace explicitly
• 29a3949 Bump version to v13.0.5
• 3a95f4c Merge pull request #389 from ruby/fix-388
• 85c55b4 Fixed the regression of #388
• 72ac796 History for rake-13.0.4
• b20de78 Bump version to 13.0.4
• a07e637 Merge pull request #386 from ruby/cleanup
• 0acc575 Use require_relative to specify release version
• Additional commits viewable in compare view

Updates builder from 2.1.2 to 3.2.4

Changelog

Sourced from builder's changelog.

= Change Log

== Version 3.2.0

• Ruby 2.0 compatibility changes.

• Allow single quoted attributes.

== Version 3.1.0

• Included the to_xs arity patch needed for weird Rails compatibility issue.

• Escaping newlines in attributes now.

• Allow method caching

== Version 3.0.0

• Ruby 1.9 compatiblity issues.

== Version 2.2.0

• Applied patch from Thijs van der Vossen to allow UTF-8 encoded output when the encoding is UTF-8 and $KCODE is UTF8.

Commits

• See full diff in compare view

Updates loofah from 0.4.7 to 2.18.0

Release notes

Sourced from loofah's releases.

2.18.0 / 2022-05-11

Features

• Allow CSS property aspect-ratio. [#236] (Thanks, @​louim!)

2.17.0 / 2022-04-28

Features

• Allow ARIA attributes. [#232, #233] (Thanks, @​nick-desteffen!)

2.16.0 / 2022-04-01

Features

• Allow MathML elements menclose and ms, and MathML attributes dir, href, lquote, mathsize, notation, and rquote. [#231] (Thanks, @​nick-desteffen!)

2.15.0 / 2022-03-14

Features

• Expand set of allowed protocols to include sms:. [#228] (Thanks, @​brendon!)

2.14.0 / 2022-02-11

Features

• The #to_text method on Loofah::HTML::{Document,DocumentFragment} replaces <br> line break elements with a newline. [#225]

2.13.0 / 2021-12-10

Bug fixes

• Loofah::HTML::DocumentFragment#text no longer serializes top-level comment children. [#221]

2.12.0 / 2021-08-11

Features

• Support empty HTML5 data attributes. [#215]

2.11.0 / 2021-07-31

... (truncated)

Changelog

Sourced from loofah's changelog.

2.18.0 / 2022-05-11

Features

• Allow CSS property aspect-ratio. [#236] (Thanks, @​louim!)

2.17.0 / 2022-04-28

Features

• Allow ARIA attributes. [#232, #233] (Thanks, @​nick-desteffen!)

2.16.0 / 2022-04-01

Features

• Allow MathML elements menclose and ms, and MathML attributes dir, href, lquote, mathsize, notation, and rquote. [#231] (Thanks, @​nick-desteffen!)

2.15.0 / 2022-03-14

Features

• Expand set of allowed protocols to include sms:. [#228] (Thanks, @​brendon!)

2.14.0 / 2022-02-11

Features

• The #to_text method on Loofah::HTML::{Document,DocumentFragment} replaces <br> line break elements with a newline. [#225]

2.13.0 / 2021-12-10

Bug fixes

• Loofah::HTML::DocumentFragment#text no longer serializes top-level comment children. [#221]

2.12.0 / 2021-08-11

Features

• Support empty HTML5 data attributes. [#215]

2.11.0 / 2021-07-31

... (truncated)

Commits

• a0caaf0 version bump to v2.18.0
• bd5bc7c Merge pull request #237 from flavorjones/flavorjones-fix-2.5-ci
• 0c08ea5 ci: do not fail fast
• 4963914 Merge pull request #236 from louim/patch-1
• 8a4d85d Add aspect-ratio to the list of css properties
• d3e82c1 update README to remove pledgie link
• c8ae0a4 Merge pull request #235 from flavorjones/flavorjones-update-tests-for-libxml_...
• 303ff07 test: ensure we pass with libxml 2.9.14
• 22fcdda version bump to 2.17.0
• 2fc3bfb Merge pull request #233 from flavorjones/flavorjones-aria-attributes
• Additional commits viewable in compare view

Updates sax-machine from 0.0.15 to 1.3.2

Changelog

Sourced from sax-machine's changelog.

1.3.2

• Compatibility with Oga 0.3

1.3.1

• Allow default value to be false [#66]
• Support adding class to an attribute [#68]
• Adjust Ox handler to skip empty text/cdata values

1.3.0

• Improve block modifiers to support all config options
• Make block modifiers run in instance context
• Make all handlers support IO as a input

1.2.0

• Add support for blocks as value modifiers [#61]

1.1.1

• Fix Nokogiri autoloading [#60]

1.1.0

• Option to use Oga as a SAX handler

1.0.3

• Remove missed nokogiri reference [#54]
• Add support for Symbol data type conversion [#57]
• Add specs for multiple elements with the same alias [#53]
• Various code and documentation enhancements

1.0.2

• Make sure SAXConfig getters do not modify internal vars. Prevent race conditions

1.0.1

• Improve normalize_name performance

1.0.0

• Make nokogiri dependency optional
• Add :default argument for elements [#51]

0.3.0

... (truncated)

Commits

• See full diff in compare view

Updates nokogiri from 1.4.3.1 to 1.13.7

Release notes

Sourced from nokogiri's releases.

1.13.7 / 2022-07-12

Fixed

XML::Node objects, when compacted, update their internal struct's reference to the Ruby object wrapper. Previously, with GC compaction enabled, a segmentation fault was possible after compaction was triggered. [#2578] (Thanks, @​eightbitraptor!)

---

sha256 checksums:

16facd06367325b75bba1575ee87ee4c695e017ab7d447106ed2c00d6211db43  nokogiri-1.13.7-aarch64-linux.gem
69a1705a1f2be838bd0a778c1ff04ea58f847a41c3b5159de012617abba53f86  nokogiri-1.13.7-arm64-darwin.gem
6f26c7ed388406541ddc10cf7ea670cebe8f08a37e69be60503687374f835e1a  nokogiri-1.13.7-j...
Description has been truncated

[dependabot]

Superseded by #14.