Bump the bundler group group with 8 updates

[dependabot]

Bumps the bundler group group with 8 updates:

Package	From	To
rubocop	0.40.0	0.49.0
actionpack	4.2.6	4.2.11.3
activerecord	4.2.6	4.2.11.3
activesupport	4.2.6	4.2.11.3
nokogiri	1.6.8	1.9.1
rack	1.6.4	1.6.13
rmagick	2.15.4	2.16.0
yard	0.8.7.6	0.9.35

Updates rubocop from 0.40.0 to 0.49.0

Release notes

Sourced from rubocop's releases.

RuboCop 1.28 (a.k.a. The 10th Anniversary Edition)

New features

• #10551: Add AllowComments option to Style/RedundantInitialize is true by default. (@​koic)
• #10552: Support autocorrection for Style/RedundantInitialize. (@​koic)
• #10441: Add Security/CompoundHash Cop. (@​sambostock, @​chrisseaton)
• #10521: Add use_builtin_english_names style to Style/SpecialGlobalVars. (@​splattael)
• #10522: Add new Style/ObjectThen cop. (@​ydah)
• #10502: Add new Style/FetchEnvVar cop. (@​johnny-miyake)
• #10544: Support auto-correction for Lint/DuplicateRequire. (@​koic)
• #10481: Add command line options --display-only-correctable and --display-only-safe-correctable. (@​nobuyo)

Bug fixes

• #10528: Fix an infinite loop at autocorrect for Layout/CaseIndentation. (@​ydah)
• #10537: Fix an incorrect auto-correct for Style/MultilineTernaryOperator when returning a multiline ternary operator expression with break, next, or method call. (@​koic)
• #10529: Fix autocorrect for Style/SoleNestedConditional causes logical error when using a outer condition of method call by omitting parentheses for method arguments. (@​nobuyo)
• #10530: Fix a false positive for Style/RedundantRegexpCharacterClass when using regexp character class with a character class containing multiple unicode code-points. (@​koic)
• #10518: Fix a false positive for Style/DoubleNegation when inside returned conditional clauses with Ruby 2.7's pattern matching. (@​koic)
• #10510: Fix an error for Style/SingleArgumentDig when using multiple dig in a method chain. (@​koic)
• #10553: Fix crash with trailing tabs in heredocs for Layout/TrailingWhitespace. (@​dvandersluis)
• #10488: Fix autocorrection for Layout/MultilineMethodCallIndentation breaks indentation for nesting of method calls. (@​nobuyo)
• #10543: Fix incorrect code length calculation for few more patterns of hash folding asked. (@​nobuyo)
• #10541: Fix an incorrect autocorrect for Style/SpecialGlobalVars when global variable as Perl name is used multiple times. (@​koic)
• #10514: Fix an error for Lint/EmptyConditionalBody when missing second elsif body. (@​koic)
• #10469: Fix code length calculation when kwargs written in single line. (@​nobuyo)

Changes

• #10555: Deprecate IgnoredPatterns in favour of AllowedPatterns. (@​dvandersluis)
• #10356: Add AllowConsecutiveConditionals option to Style/GuardClause and the option is false by default. (@​ydah)
• #10524: Mark Style/RedundantInitialize as unsafe. (@​koic)
• #10280: Add AllowComments option to Style/SymbolProc and the option is false by default. (@​ydah)

Changelog

Sourced from rubocop's changelog.

0.49.0 (2017-05-24)

New features

• #117: Add --parallel option for running RuboCop in multiple processes or threads. ([@​jonas054][])
• Add auto-correct support to Style/MixinGrouping. ([@​rrosenblum][])
• #4236: Add new Rails/ApplicationJob and Rails/ApplicationRecord cops. ([@​tjwp][])
• #4078: Add new Performance/Caller cop. ([@​alpaca-tc][])
• #4314: Check slow hash accessing in Array#sort by Performance/CompareWithBlock. ([@​pocke][])
• #3438: Add new Style/FormatStringToken cop. ([@​backus][])
• #4342: Add new Lint/ScriptPermission cop. ([@​yhirano55][])
• #4145: Add new Style/YodaCondition cop. ([@​smakagon][])
• #4403: Add public API Cop.autocorrect_incompatible_with for specifying other cops that should not auto-correct together. ([@​backus][])
• #4354: Add auto-correct to Style/FormatString. ([@​hoshinotsuyoshi][])
• #4021: Add new Style/MultipleComparison cop. ([@​dabroz][])
• New Lint/RescueType cop. ([@​rrosenblum][])
• #4328: Add --ignore-parent-exclusion flag to ignore AllCops/Exclude inheritance. ([@​nelsonjr][])

Changes

• #4262: Add new MinSize configuration to Style/SymbolArray, consistent with the same configuration in Style/WordArray. ([@​scottmatthewman][])
• #3400: Remove auto-correct support from Lint/Debugger. ([@​ilansh][])
• #4278: Move all cops dealing with whitespace into a new department called Layout. ([@​jonas054][])
• #4320: Update Rails/OutputSafety to disallow wrapping raw or html_safe with safe_join. ([@​klesse413][])
• #4336: Store rubocop_cache in safer directories. ([@​jonas054][])
• #4361: Use relative path for offense message in Lint/DuplicateMethods. ([@​pocke][])
• #4385: Include .jb file by default. ([@​pocke][])

Bug fixes

• #4265: Require a space before first argument of a method call in Style/SpaceBeforeFirstArg cop. ([@​cjlarose][])
• #4237: Fix false positive in Lint/AmbiguousBlockAssociation cop for lambdas. ([@​smakagon][])
• #4242: Add Capfile to the list of known Ruby filenames. ([@​bbatsov][])
• #4240: Handle ||= in Rails/RelativeDateConstant. ([@​bbatsov][])
• #4241: Prevent Rails/Blank and Rails/Present from breaking when there is no explicit receiver. ([@​rrosenblum][])
• #4249: Handle multiple assignment in Rails/RelativeDateConstant. ([@​bbatsov][])
• #4250: Improve a bit the Ruby code detection config. ([@​bbatsov][])
• #4283: Fix Style/EmptyCaseCondition auto-correct bug - when first when branch includes comma-delimited alternatives. ([@​ilansh][])
• #4268: Handle end-of-line comments when auto-correcting Style/EmptyLinesAroundAccessModifier. ([@​vergenzt][])
• #4275: Prevent Style/MethodCallWithArgsParentheses from blowing up on yield. ([@​drenmi][])
• #3969: Handle multiline method call alignment for arguments to methods. ([@​jonas054][])
• #4304: Allow enabling whole departments when DisabledByDefault is true. ([@​jonas054][])
• #4264: Prevent Rails/SaveBang from blowing up when using the assigned variable in a hash. ([@​drenmi][])
• #4310: Treat paths containing invalid byte sequences as non-matches. ([@​mclark][])
• #4063: Fix Rails/ReversibleMigration misdetection. ([@​gprado][])
• #4339: Fix false positive in Security/Eval cop for multiline string literal. ([@​pocke][])
• #4339: Fix false negative in Security/Eval cop for Binding#eval. ([@​pocke][])
• #4327: Prevent Layout/SpaceInsidePercentLiteralDelimiters from registering offenses on execute-strings. ([@​drenmi][])
• #4371: Prevent Style/MethodName from complaining about unary operator definitions. ([@​drenmi][])
• #4366: Prevent Performance/RedundantMerge from blowing up on double splat arguments. ([@​drenmi][])

... (truncated)

Commits

• 66b305f Release 0.49.0
• fd0a681 Bump the RSpec dep to 3.6
• f109b61 [Fix #4393] Prevent InverseMethods from registering an offense when double ne...
• fc85af0 Fix a couple of changelog entries
• e46cc2e [Fix #4260] Do not register an offense for FileUtils.touch (#4410)
• fdc6786 Add new cop Lint/RescueType (#4358)
• e929147 Freeze constant in Style/YodaCondition cop
• 9fea6d3 Add new Style/MultipleComparison cop (#4021)
• 90e4899 Clean-up and improve a bit Style/YodaCondition
• f3ef983 [Fix #4145] Add a new cop checking for Yoda conditions (#4174)
• Additional commits viewable in compare view

Updates actionpack from 4.2.6 to 4.2.11.3

Release notes

Sourced from actionpack's releases.

4.2.11.3

Action Mailer

• No changes.

Action Pack

• No changes.

Action View

• Backport a missing commit for [CVE-2020-8163]

Active Job

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Active Support

• No changes.

Railties

• No changes.

4.2.11.2

Action Mailer

... (truncated)

Commits

• 3231120 prepping for release
• b9e5577 Preparing for 4.2.11.2 release
• 9855d05 Bumping version for release
• e06a1e0 Prep release
• 58ed245 Only accept formats from registered mime types
• 474b739 Preparing for 4.2.11 release
• 3acf0de assert that nil parameters round trip
• 6b9a1ac Update changelog headers for Rails 4.2.10
• b62714d Preparing for 4.2.10 release
• 84e0a23 Update CHANGELOGS for Rails 4.2.10.rc1
• Additional commits viewable in compare view

Updates activerecord from 4.2.6 to 4.2.11.3

Release notes

Sourced from activerecord's releases.

4.2.11.3

Action Mailer

• No changes.

Action Pack

• No changes.

Action View

• Backport a missing commit for [CVE-2020-8163]

Active Job

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Active Support

• No changes.

Railties

• No changes.

4.2.11.2

Action Mailer

... (truncated)

Commits

• 3231120 prepping for release
• b9e5577 Preparing for 4.2.11.2 release
• 9855d05 Bumping version for release
• e06a1e0 Prep release
• 474b739 Preparing for 4.2.11 release
• 6f94f4b Support mysql2 0.4.x and 0.5.x
• 6b9a1ac Update changelog headers for Rails 4.2.10
• b62714d Preparing for 4.2.10 release
• 84e0a23 Update CHANGELOGS for Rails 4.2.10.rc1
• bd6ccff Preparing for 4.2.10.rc1 release
• Additional commits viewable in compare view

Updates activesupport from 4.2.6 to 4.2.11.3

Release notes

Sourced from activesupport's releases.

4.2.11.3

Action Mailer

• No changes.

Action Pack

• No changes.

Action View

• Backport a missing commit for [CVE-2020-8163]

Active Job

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Active Support

• No changes.

Railties

• No changes.

4.2.11.2

Action Mailer

... (truncated)

Commits

• 3231120 prepping for release
• 1f3db0a Merge pull request #39302 from dustym/add-delegation_reserved_method_names
• b9e5577 Preparing for 4.2.11.2 release
• 9855d05 Bumping version for release
• e06a1e0 Prep release
• 474b739 Preparing for 4.2.11 release
• 759d41d Backport fix for Dir::Tmpname.create from #32386
• 7fe69ea Add missing require for remove_possible_method
• 6b9a1ac Update changelog headers for Rails 4.2.10
• b62714d Preparing for 4.2.10 release
• Additional commits viewable in compare view

Updates nokogiri from 1.6.8 to 1.9.1

Release notes

Sourced from nokogiri's releases.

1.9.1 / 2018-12-17

Bug fixes

• Fix a bug introduced in v1.9.0 where XML::DocumentFragment#dup no longer returned an instance of the callee's class, instead always returning an XML::DocumentFragment. This notably broke any subclass of XML::DocumentFragment including HTML::DocumentFragment as well as the Loofah gem's Loofah::HTML::DocumentFragment. #1846

1.9.0 / 2018-12-17

Security Notes

• [JRuby] Upgrade Xerces dependency from 2.11.0 to 2.12.0 to address upstream vulnerability CVE-2012-0881 #1831 (Thanks @​grajagandev for reporting.)

Notable non-functional changes

• Decrease installation size by removing many unneeded files (e.g., /test) from the packaged gems. #1719 (Thanks, @​stevecrozz!)

Features

• XML::Attr#value= allows HTML node attribute values to be set to either a blank string or an empty boolean attribute. #1800
• Introduce XML::Node#wrap which does what XML::NodeSet#wrap has always done, but for a single node. #1531 (Thanks, @​ethirajsrinivasan!)
• [MRI] Improve installation experience on macOS High Sierra (Darwin). [#1812, #1813] (Thanks, @​gpakosz and @​nurse!)
• [MRI] Node#dup supports copying a node directly to a new document. See the method documentation for details.
• [MRI] DocumentFragment#dup is now more memory-efficient, avoiding making unnecessary copies. #1063
• [JRuby] NodeSet has been rewritten to improve performance! #1795

Bug fixes

• NodeSet#each now returns self instead of zero. #1822 (Thanks, @​olehif!)
• [MRI] Address a memory leak when using XML::Builder to create nodes with namespaces. #1810
• [MRI] Address a memory leak when unparenting a DTD. #1784 (Thanks, @​stevecheckoway!)
• [MRI] Use RbConfig::CONFIG instead of ::MAKEFILE_CONFIG to fix installations that use Makefile macros. #1820 (Thanks, @​nobu!)
• [JRuby] Decrease large memory usage when making nested XPath queries. #1749
• [JRuby] Fix failing tests on JRuby 9.2.x
• [JRuby] Fix default namespaces in nodes reparented into a different document #1774
• [JRuby] Fix support for Java 9. #1759 (Thanks, @​Taywee!)

Dependencies

• [MRI] Upgrade mini_portile2 dependency from ~> 2.3.0 to ~> 2.4.0

1.9.0.rc1 / 2018-12-10

... (truncated)

Changelog

Sourced from nokogiri's changelog.

1.9.1 / 2018-12-17

Fixed

• Fix a bug introduced in v1.9.0 where XML::DocumentFragment#dup no longer returned an instance of the callee's class, instead always returning an XML::DocumentFragment. This notably broke any subclass of XML::DocumentFragment including HTML::DocumentFragment as well as the Loofah gem's Loofah::HTML::DocumentFragment. #1846

1.9.0 / 2018-12-17

Security

• [JRuby] Upgrade Xerces dependency from 2.11.0 to 2.12.0 to address upstream vulnerability CVE-2012-0881 #1831 (Thanks @​grajagandev for reporting.)

Improved

• Decrease installation size by removing many unneeded files (e.g., /test) from the packaged gems. #1719 (@​stevecrozz)

Added

• XML::Attr#value= allows HTML node attribute values to be set to either a blank string or an empty boolean attribute. #1800
• Introduce XML::Node#wrap which does what XML::NodeSet#wrap has always done, but for a single node. #1531 (@​ethirajsrinivasan)
• [MRI] Improve installation experience on macOS High Sierra (Darwin). [#1812, #1813] (@​gpakosz and @​nurse)
• [MRI] Node#dup supports copying a node directly to a new document. See the method documentation for details.
• [MRI] DocumentFragment#dup is now more memory-efficient, avoiding making unnecessary copies. #1063
• [JRuby] NodeSet has been rewritten to improve performance! #1795

Fixed

• NodeSet#each now returns self instead of zero. #1822 (@​olehif)
• [MRI] Address a memory leak when using XML::Builder to create nodes with namespaces. #1810
• [MRI] Address a memory leak when unparenting a DTD. #1784 (@​stevecheckoway)
• [MRI] Use RbConfig::CONFIG instead of ::MAKEFILE_CONFIG to fix installations that use Makefile macros. #1820 (@​nobu)
• [JRuby] Decrease large memory usage when making nested XPath queries. #1749
• [JRuby] Fix failing tests on JRuby 9.2.x
• [JRuby] Fix default namespaces in nodes reparented into a different document #1774
• [JRuby] Fix support for Java 9. #1759 (@​Taywee)

Dependencies

• [MRI] Upgrade mini_portile2 dependency from ~> 2.3.0 to ~> 2.4.0

1.8.5 / 2018-10-04

Security

... (truncated)

Commits

• db26a04 limit test of libxml-specific DocumentFragment#dup behavior
• 2e15c88 version bump to v1.9.1
• e9ac292 Fix XML::DocumentFragment to return an instance of callee's class
• ab40787 correct CHANGELOG
• fff550c version bump to v1.9.0
• 8d9a65b Merge branch '1719-stevecrozz-decrease-gem-size'
• dd19ddd update CHANGELOG
• 985b9fc add .hoerc containing excludes
• b61b34c Make builds minimal
• 9bb0226 remove hacks preventing jruby from using racc and rexical
• Additional commits viewable in compare view

Updates rack from 1.6.4 to 1.6.13

Commits

• 47a1fd7 bump version
• b8dc520 Handle case where session id key is requested but it is missing
• 698a060 Merge pull request #1462 from jeremyevans/sessionid-to_s
• de902e4 Merge branch '1-6-sec' into 1-6-stable
• b7d6546 Bump version
• d3e2f88 making diff smaller
• 99a8a87 fix memcache tests on 1.6
• f2cb48e fix tests on 1.6
• 7ff635c Introduce a new base class to avoid breaking when upgrading
• 3232f93 Add a version prefix to the private id to make easier to migrate old values
• Additional commits viewable in compare view

Updates rmagick from 2.15.4 to 2.16.0

Changelog

Sourced from rmagick's changelog.

RMagick 2.16.0

• Support ImageMagick 6.9+ - @​ZipoKing

Commits

• See full diff in compare view

Updates yard from 0.8.7.6 to 0.9.35

Release notes

Sourced from yard's releases.

Release v0.9.35

• Fix possible XSS on generated YARD frameset pages (thanks to @​RedYetiDev for finding and patching) (2069e2b).
• Fix errors when using @option on non-method objects (#1508)
• Support Ruby 3.3 changes in Ripper parser (#1510)

Release v0.9.34

• Add changelog to yard.gemspec
• Fix fork behavior in yard server --fork

Release v0.9.33

• Ensure .yardopts is present in gem package (internal YARD documentation change)

Release v0.9.32

• Fix issue with custom Rack::Request attributes in yard server

Release v0.9.31

• Remove dependency on webrick in YARD::Server::Commands::StaticFileHelpers

Release v0.9.30

• Hot release fix to correct issue with gem packaging missing templates (#1490)

Release v0.9.29

• Enable table support for CommonMarker (#1443)
• Parser performance improvements (#1452, #1453, #1454, #1455)
• Fix autoload of RipperParser (#1460)
• Remove dependency on webrick for better Ruby 3.1+ support
• Improvements for mixin resolution (#1467, #1468)

Release v0.9.28

• Safe load config YAML files (#1385)
• Handle empty string constants (#1415)
• Pre-emptively support removal of Object#taint in Ruby 3.2 (#1419)
• Fix Ruby 3.1 forward args Ripper change (#1431)

... (truncated)

Changelog

Sourced from yard's changelog.

0.9.35 - February 28th, 2024

• Fix possible XSS on generated YARD frameset pages (thanks to @​RedYetiDev for finding and patching) (2069e2b).
• Fix errors when using @option on non-method objects (#1508)
• Support Ruby 3.3 changes in Ripper parser (#1510)

0.9.34 - April 12nd, 2023

• Add changelog to yard.gemspec
• Fix fork behavior in yard server --fork

0.9.33 - April 11st, 2023

• Ensure .yardopts is present in gem package (internal YARD documentation change)

0.9.32 - April 9th, 2023

• Fix issue with custom Rack::Request attributes in yard server

0.9.31 - April 9th, 2023

• Remove dependency on webrick in YARD::Server::Commands::StaticFileHelpers

0.9.30 - April 9th, 2023

• Hot release fix to correct issue with gem packaging missing templates (#1490)

0.9.29 - April 8th, 2023

• Enable table support for CommonMarker (#1443)
• Parser performance improvements (#1452, #1453, #1454, #1455)
• Fix autoload of RipperParser (#1460)
• Remove dependency on webrick for better Ruby 3.1+ support
• Improvements for mixin resolution (#1467, #1468)

[0.9.28] - June 1st, 2022

... (truncated)

Commits

• ebf5005 Tag release v0.9.35
• 62e18b4 Prepare changelog
• 78836c4 Update changelog
• 2069e2b Merge pull request from GHSA-8mq4-9jjh-9xrc
• d78fc39 Update frames.erb
• 2d197a3 Merge pull request #1508 from ksss/non-method-option
• 3a64f88 Fix error when @option with non-method
• abcba4b Merge pull request #1510 from MSP-Greg/00-ruby3.3-bom
• a3b9c37 Merge pull request #1511 from lsegal/dependabot/github_actions/actions/checko...
• bd1d8c6 Bump actions/checkout from 3 to 4
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #6.