ssa/bitmagnet
1
0
Fork 0
Code Issues Pull requests 4 Projects Releases Packages Wiki Activity Actions

Bump the bundler group across 1 directory with 3 updates #3

Open
dependabot[bot] wants to merge 1 commit from dependabot/bundler/bitmagnet.io/bundler-91ab6fc1b9 into main
pull from: dependabot/bundler/bitmagnet.io/bundler-91ab6fc1b9
merge into: ssa:main
Conversation 0 Commits 1 Files changed 1 +6 -6
dependabot[bot] commented 2026-04-08 10:32:14 +00:00 (Migrated from github.com)
Copy link

Bumps the bundler group with 3 updates in the /bitmagnet.io directory: addressable, nokogiri and rexml.

Updates addressable from 2.8.7 to 2.9.0

Changelog

Sourced from addressable's changelog.

Addressable 2.9.0

  • fixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete remediation in 2.8.10)

Addressable 2.8.10

  • fixes ReDoS vulnerability in Addressable::Template#match

Addressable 2.8.9

  • Reduce gem size by excluding test files (#569)
  • No need for bundler as development dependency (#571, 5fc1d93)
  • idna/pure: stop building the useless COMPOSITION_TABLE (removes the Addressable::IDNA::COMPOSITION_TABLE constant) (#564)

#569: sporkmonger/addressable#569 #571: sporkmonger/addressable#571 #564: sporkmonger/addressable#564

Addressable 2.8.8

  • Replace the unicode.data blob by a ruby constant (#561)
  • Allow public_suffix 7 (#558)

#561: sporkmonger/addressable#561 #558: sporkmonger/addressable#558

Commits
  • 0c3e858 Revving version and changelog
  • 91915c1 Fixing additional vulnerable paths
  • a091e39 Add many more adversarial test cases to ensure we don't have any ReDoS regres...
  • 463a819 Regenerate gemspec on newer rubygems
  • 0afcb0b Improve from O(n^2) to O(n)
  • c87f768 Fix a ReDoS vulnerability in URI template matching
  • 0d7e9b2 Fix links for 2.8.9 in CHANGELOG (#573)
  • e209120 Update version, gemspec, and CHANGELOG for 2.8.9 (#572)
  • 3875874 Reduce gem size by excluding test files (#569)
  • 3e57cc6 CI: back to windows-2022 for MRI job
  • Additional commits viewable in compare view

Updates nokogiri from 1.16.7 to 1.19.1

Release notes

Sourced from nokogiri's releases.

v1.19.1 / 2026-02-16

Security

  • [CRuby] Address unchecked return value from xmlC14NExecute which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See GHSA-wx95-c6cv-8532 for more information.
cfdb0eafd9a554a88f12ebcc688d2b9005f9fce42b00b970e3dc199587b27f32  nokogiri-1.19.1-aarch64-linux-gnu.gem
1e2150ab43c3b373aba76cd1190af7b9e92103564063e48c474f7600923620b5  nokogiri-1.19.1-aarch64-linux-musl.gem
0a39ed59abe3bf279fab9dd4c6db6fe8af01af0608f6e1f08b8ffa4e5d407fa3  nokogiri-1.19.1-arm-linux-gnu.gem
3a18e559ee499b064aac6562d98daab3d39ba6cbb4074a1542781b2f556db47d  nokogiri-1.19.1-arm-linux-musl.gem
dfe2d337e6700eac47290407c289d56bcf85805d128c1b5a6434ddb79731cb9e  nokogiri-1.19.1-arm64-darwin.gem
1e0bda88b1c6409f0edb9e0c25f1bf9ff4fa94c3958f492a10fcf50dda594365  nokogiri-1.19.1-java.gem
110d92ae57694ae7866670d298a5d04cd150fae5a6a7849957d66f171e6aec9b  nokogiri-1.19.1-x64-mingw-ucrt.gem
7093896778cc03efb74b85f915a775862730e887f2e58d6921e3fa3d981e68bf  nokogiri-1.19.1-x86_64-darwin.gem
1a4902842a186b4f901078e692d12257678e6133858d0566152fe29cdb98456a  nokogiri-1.19.1-x86_64-linux-gnu.gem
4267f38ad4fc7e52a2e7ee28ed494e8f9d8eb4f4b3320901d55981c7b995fc23  nokogiri-1.19.1-x86_64-linux-musl.gem
598b327f36df0b172abd57b68b18979a6e14219353bca87180c31a51a00d5ad3  nokogiri-1.19.1.gem

v1.19.0 / 2025-12-28

Ruby

This release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.

11a97ecc3c0e7e5edcf395720b10860ef493b768f6aa80c539573530bc933767  nokogiri-1.19.0-aarch64-linux-gnu.gem
eb70507f5e01bc23dad9b8dbec2b36ad0e61d227b42d292835020ff754fb7ba9  nokogiri-1.19.0-aarch64-linux-musl.gem
572a259026b2c8b7c161fdb6469fa2d0edd2b61cd599db4bbda93289abefbfe5  nokogiri-1.19.0-arm-linux-gnu.gem
23ed90922f1a38aed555d3de4d058e90850c731c5b756d191b3dc8055948e73c  nokogiri-1.19.0-arm-linux-musl.gem
0811dfd936d5f6dd3f6d32ef790568bf29b2b7bead9ba68866847b33c9cf5810  nokogiri-1.19.0-arm64-darwin.gem
5f3a70e252be641d8a4099f7fb4cc25c81c632cb594eec9b4b8f2ca8be4374f3  nokogiri-1.19.0-java.gem
05d7ed2d95731edc9bef2811522dc396df3e476ef0d9c76793a9fca81cab056b  nokogiri-1.19.0-x64-mingw-ucrt.gem
1dad56220b603a8edb9750cd95798bffa2b8dd9dd9aa47f664009ee5b43e3067  nokogiri-1.19.0-x86_64-darwin.gem
f482b95c713d60031d48c44ce14562f8d2ce31e3a9e8dd0ccb131e9e5a68b58c  nokogiri-1.19.0-x86_64-linux-gnu.gem
1c4ca6b381622420073ce6043443af1d321e8ed93cc18b08e2666e5bd02ffae4  nokogiri-1.19.0-x86_64-linux-musl.gem
e304d21865f62518e04f2bf59f93bd3a97ca7b07e7f03952946d8e1c05f45695  nokogiri-1.19.0.gem

... (truncated)

Changelog

Sourced from nokogiri's changelog.

v1.19.1 / 2026-02-16

Security

  • [CRuby] Address unchecked return value from xmlC14NExecute which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See GHSA-wx95-c6cv-8532 for more information.

v1.19.0 / 2025-12-28

Ruby

This release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.

v1.18.10 / 2025-09-15

Dependencies

  • [CRuby] Vendored libxml2 is updated to v2.13.9. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.
  • [CRuby] [Windows and MacOS] Vendored libiconv is updated to v1.18

v1.18.9 / 2025-07-20

Security

  • [CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See GHSA-353f-x4gh-cqq8 for more information.

v1.18.8 / 2025-04-21

Security

  • [CRuby] Vendored libxml2 is updated to v2.13.8 to address CVE-2025-32414 and CVE-2025-32415. See GHSA-5w6v-399v-w3cc for more information.

v1.18.7 / 2025-03-31

Dependencies

  • [CRuby] Vendored libxml2 is updated to v2.13.7, which is a bugfix release.

v1.18.6 / 2025-03-24

Fixed

... (truncated)

Commits
  • d913045 version bump to v1.19.1
  • b81cb98 doc: update CHANGELOG for upcoming v1.19.1
  • 8e66809 C14n raise on failure (#3600)
  • 5b77f3d Raise RuntimeError when canonicalization fails
  • edc5595 Thank sponsors in the README
  • d4dc245 dep: update rdoc to v7
  • d77bfb6 version bump to v1.19.0
  • 1eb5c2c dev: convert scripts/test-gem-set to use mise
  • 88a120f dep: Add native Ruby 4 support, drop Ruby 3.1 support (v1.19.x) (#3592)
  • f8c8f74 Skip the parser compression test for Windows system libs
  • Additional commits viewable in compare view

Updates rexml from 3.3.9 to 3.4.2

Release notes

Sourced from rexml's releases.

REXML 3.4.2 - 2025-08-26

Improvement

  • Improved performance.

  • Raise appropriate exception when failing to match start tag in DOCTYPE

  • Deprecate accepting array as an element in XPath.match, first and each

    • GH-252
    • Patch by tomoya ishida

  • Don't call needless encoding_updated

    • GH-259
    • Patch by Sutou Kouhei

  • Reuse XPath::match

  • Cache redundant calls for doctype

  • Use Safe Navigation (&.) from Ruby 2.3

  • Remove redundant return statements

  • Added XML declaration check & Source#skip_spaces method

    • GH-282
    • Patch by NAITOH Jun
    • Reported by Sofi Aberegg

Fixes

  • Fix docs typo
    • GH-248
    • Patch by James Coleman

... (truncated)

Changelog

Sourced from rexml's changelog.

3.4.2 - 2025-08-26 {#version-3-4-2}

Improvement

  • Improved performance.

  • Raise appropriate exception when failing to match start tag in DOCTYPE

  • Deprecate accepting array as an element in XPath.match, first and each

    • GH-252
    • Patch by tomoya ishida

  • Don't call needless encoding_updated

    • GH-259
    • Patch by Sutou Kouhei

  • Reuse XPath::match

  • Cache redundant calls for doctype

  • Use Safe Navigation (&.) from Ruby 2.3

  • Remove redundant return statements

  • Added XML declaration check & Source#skip_spaces method

    • GH-282
    • Patch by NAITOH Jun
    • Reported by Sofi Aberegg

Fixes

  • Fix docs typo
    • GH-248
    • Patch by James Coleman

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.
Bumps the bundler group with 3 updates in the /bitmagnet.io directory: [addressable](https://github.com/sporkmonger/addressable), [nokogiri](https://github.com/sparklemotion/nokogiri) and [rexml](https://github.com/ruby/rexml). Updates `addressable` from 2.8.7 to 2.9.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md">addressable's changelog</a>.</em></p> <blockquote> <h2>Addressable 2.9.0 <!-- raw HTML omitted --></h2> <ul> <li>fixes ReDoS vulnerability in Addressable::Template#match (fixes incomplete remediation in 2.8.10)</li> </ul> <h2>Addressable 2.8.10 <!-- raw HTML omitted --></h2> <ul> <li>fixes ReDoS vulnerability in Addressable::Template#match</li> </ul> <h2>Addressable 2.8.9 <!-- raw HTML omitted --></h2> <ul> <li>Reduce gem size by excluding test files (<a href="https://redirect.github.com/sporkmonger/addressable/issues/569">#569</a>)</li> <li>No need for bundler as development dependency (<a href="https://redirect.github.com/sporkmonger/addressable/issues/571">#571</a>, <a href="https://github.com/sporkmonger/addressable/commit/5fc1d93">5fc1d93</a>)</li> <li>idna/pure: stop building the useless <code>COMPOSITION_TABLE</code> (removes the <code>Addressable::IDNA::COMPOSITION_TABLE</code> constant) (<a href="https://redirect.github.com/sporkmonger/addressable/issues/564">#564</a>)</li> </ul> <p><a href="https://redirect.github.com/sporkmonger/addressable/issues/569">#569</a>: <a href="https://redirect.github.com/sporkmonger/addressable/pull/569">sporkmonger/addressable#569</a> <a href="https://redirect.github.com/sporkmonger/addressable/issues/571">#571</a>: <a href="https://redirect.github.com/sporkmonger/addressable/pull/571">sporkmonger/addressable#571</a> <a href="https://redirect.github.com/sporkmonger/addressable/issues/564">#564</a>: <a href="https://redirect.github.com/sporkmonger/addressable/pull/564">sporkmonger/addressable#564</a></p> <h2>Addressable 2.8.8 <!-- raw HTML omitted --></h2> <ul> <li>Replace the <code>unicode.data</code> blob by a ruby constant (<a href="https://redirect.github.com/sporkmonger/addressable/issues/561">#561</a>)</li> <li>Allow <code>public_suffix</code> 7 (<a href="https://redirect.github.com/sporkmonger/addressable/issues/558">#558</a>)</li> </ul> <p><a href="https://redirect.github.com/sporkmonger/addressable/issues/561">#561</a>: <a href="https://redirect.github.com/sporkmonger/addressable/pull/561">sporkmonger/addressable#561</a> <a href="https://redirect.github.com/sporkmonger/addressable/issues/558">#558</a>: <a href="https://redirect.github.com/sporkmonger/addressable/pull/558">sporkmonger/addressable#558</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sporkmonger/addressable/commit/0c3e8589b23d4402903a9b4e1fdeba4e43c52ca4"><code>0c3e858</code></a> Revving version and changelog</li> <li><a href="https://github.com/sporkmonger/addressable/commit/91915c1f7aafa3e2c9f42e2f4e21d948c7a861b8"><code>91915c1</code></a> Fixing additional vulnerable paths</li> <li><a href="https://github.com/sporkmonger/addressable/commit/a091e39ff02fc321b21dea3a0df585bef2ba3744"><code>a091e39</code></a> Add many more adversarial test cases to ensure we don't have any ReDoS regres...</li> <li><a href="https://github.com/sporkmonger/addressable/commit/463a819665a3b85ce5ce894c90bd7bfa3b9d2e15"><code>463a819</code></a> Regenerate gemspec on newer rubygems</li> <li><a href="https://github.com/sporkmonger/addressable/commit/0afcb0b9672bee301e5e96ed850fec05b2fcabb0"><code>0afcb0b</code></a> Improve from O(n^2) to O(n)</li> <li><a href="https://github.com/sporkmonger/addressable/commit/c87f768f22ab00376ed2f8cb106f59c9d0652d3a"><code>c87f768</code></a> Fix a ReDoS vulnerability in URI template matching</li> <li><a href="https://github.com/sporkmonger/addressable/commit/0d7e9b259fb0940d1a85064b04f678a7984409a5"><code>0d7e9b2</code></a> Fix links for 2.8.9 in CHANGELOG (<a href="https://redirect.github.com/sporkmonger/addressable/issues/573">#573</a>)</li> <li><a href="https://github.com/sporkmonger/addressable/commit/e2091200b31553f19248eb871f071852409796f8"><code>e209120</code></a> Update version, gemspec, and CHANGELOG for 2.8.9 (<a href="https://redirect.github.com/sporkmonger/addressable/issues/572">#572</a>)</li> <li><a href="https://github.com/sporkmonger/addressable/commit/387587492b6536748ed12a11c3fdb44a48885f28"><code>3875874</code></a> Reduce gem size by excluding test files (<a href="https://redirect.github.com/sporkmonger/addressable/issues/569">#569</a>)</li> <li><a href="https://github.com/sporkmonger/addressable/commit/3e57cc6018f94231aabb47fd341acd1b40f1e71a"><code>3e57cc6</code></a> CI: back to <code>windows-2022</code> for MRI job</li> <li>Additional commits viewable in <a href="https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0">compare view</a></li> </ul> </details> <br /> Updates `nokogiri` from 1.16.7 to 1.19.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/releases">nokogiri's releases</a>.</em></p> <blockquote> <h2>v1.19.1 / 2026-02-16</h2> <h3>Security</h3> <ul> <li>[CRuby] Address unchecked return value from <code>xmlC14NExecute</code> which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532">GHSA-wx95-c6cv-8532</a> for more information.</li> </ul> <!-- raw HTML omitted --> <pre><code>cfdb0eafd9a554a88f12ebcc688d2b9005f9fce42b00b970e3dc199587b27f32 nokogiri-1.19.1-aarch64-linux-gnu.gem 1e2150ab43c3b373aba76cd1190af7b9e92103564063e48c474f7600923620b5 nokogiri-1.19.1-aarch64-linux-musl.gem 0a39ed59abe3bf279fab9dd4c6db6fe8af01af0608f6e1f08b8ffa4e5d407fa3 nokogiri-1.19.1-arm-linux-gnu.gem 3a18e559ee499b064aac6562d98daab3d39ba6cbb4074a1542781b2f556db47d nokogiri-1.19.1-arm-linux-musl.gem dfe2d337e6700eac47290407c289d56bcf85805d128c1b5a6434ddb79731cb9e nokogiri-1.19.1-arm64-darwin.gem 1e0bda88b1c6409f0edb9e0c25f1bf9ff4fa94c3958f492a10fcf50dda594365 nokogiri-1.19.1-java.gem 110d92ae57694ae7866670d298a5d04cd150fae5a6a7849957d66f171e6aec9b nokogiri-1.19.1-x64-mingw-ucrt.gem 7093896778cc03efb74b85f915a775862730e887f2e58d6921e3fa3d981e68bf nokogiri-1.19.1-x86_64-darwin.gem 1a4902842a186b4f901078e692d12257678e6133858d0566152fe29cdb98456a nokogiri-1.19.1-x86_64-linux-gnu.gem 4267f38ad4fc7e52a2e7ee28ed494e8f9d8eb4f4b3320901d55981c7b995fc23 nokogiri-1.19.1-x86_64-linux-musl.gem 598b327f36df0b172abd57b68b18979a6e14219353bca87180c31a51a00d5ad3 nokogiri-1.19.1.gem </code></pre> <!-- raw HTML omitted --> <h2>v1.19.0 / 2025-12-28</h2> <h4>Ruby</h4> <p>This release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.</p> <ul> <li>Introduce native gem support for Ruby 4.0. <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3590">#3590</a></li> <li>End support for Ruby 3.1, for which <a href="https://www.ruby-lang.org/en/downloads/branches/">upstream support ended 2025-03-26</a>.</li> <li>End support for JRuby 9.4 (which targets Ruby 3.1 compatibility).</li> </ul> <!-- raw HTML omitted --> <pre><code>11a97ecc3c0e7e5edcf395720b10860ef493b768f6aa80c539573530bc933767 nokogiri-1.19.0-aarch64-linux-gnu.gem eb70507f5e01bc23dad9b8dbec2b36ad0e61d227b42d292835020ff754fb7ba9 nokogiri-1.19.0-aarch64-linux-musl.gem 572a259026b2c8b7c161fdb6469fa2d0edd2b61cd599db4bbda93289abefbfe5 nokogiri-1.19.0-arm-linux-gnu.gem 23ed90922f1a38aed555d3de4d058e90850c731c5b756d191b3dc8055948e73c nokogiri-1.19.0-arm-linux-musl.gem 0811dfd936d5f6dd3f6d32ef790568bf29b2b7bead9ba68866847b33c9cf5810 nokogiri-1.19.0-arm64-darwin.gem 5f3a70e252be641d8a4099f7fb4cc25c81c632cb594eec9b4b8f2ca8be4374f3 nokogiri-1.19.0-java.gem 05d7ed2d95731edc9bef2811522dc396df3e476ef0d9c76793a9fca81cab056b nokogiri-1.19.0-x64-mingw-ucrt.gem 1dad56220b603a8edb9750cd95798bffa2b8dd9dd9aa47f664009ee5b43e3067 nokogiri-1.19.0-x86_64-darwin.gem f482b95c713d60031d48c44ce14562f8d2ce31e3a9e8dd0ccb131e9e5a68b58c nokogiri-1.19.0-x86_64-linux-gnu.gem 1c4ca6b381622420073ce6043443af1d321e8ed93cc18b08e2666e5bd02ffae4 nokogiri-1.19.0-x86_64-linux-musl.gem e304d21865f62518e04f2bf59f93bd3a97ca7b07e7f03952946d8e1c05f45695 nokogiri-1.19.0.gem </code></pre> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md">nokogiri's changelog</a>.</em></p> <blockquote> <h2>v1.19.1 / 2026-02-16</h2> <h3>Security</h3> <ul> <li>[CRuby] Address unchecked return value from <code>xmlC14NExecute</code> which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532">GHSA-wx95-c6cv-8532</a> for more information.</li> </ul> <h2>v1.19.0 / 2025-12-28</h2> <h4>Ruby</h4> <p>This release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.</p> <ul> <li>Introduce native gem support for Ruby 4.0. <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3590">#3590</a></li> <li>End support for Ruby 3.1, for which <a href="https://www.ruby-lang.org/en/downloads/branches/">upstream support ended 2025-03-26</a>.</li> <li>End support for JRuby 9.4 (which targets Ruby 3.1 compatibility).</li> </ul> <h2>v1.18.10 / 2025-09-15</h2> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9">v2.13.9</a>. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.</li> <li>[CRuby] [Windows and MacOS] Vendored libiconv is updated to <a href="https://savannah.gnu.org/news/?id=10703">v1.18</a></li> </ul> <h2>v1.18.9 / 2025-07-20</h2> <h3>Security</h3> <ul> <li>[CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8">GHSA-353f-x4gh-cqq8</a> for more information.</li> </ul> <h2>v1.18.8 / 2025-04-21</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8">v2.13.8</a> to address CVE-2025-32414 and CVE-2025-32415. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc">GHSA-5w6v-399v-w3cc</a> for more information.</li> </ul> <h2>v1.18.7 / 2025-03-31</h2> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.7">v2.13.7</a>, which is a bugfix release.</li> </ul> <h2>v1.18.6 / 2025-03-24</h2> <h3>Fixed</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sparklemotion/nokogiri/commit/d9130457369de8a6efcb764e6da2cb80d5d3b6dd"><code>d913045</code></a> version bump to v1.19.1</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/b81cb9869e8ed7d1785da3363ef490f455da96eb"><code>b81cb98</code></a> doc: update CHANGELOG for upcoming v1.19.1</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/8e668095c6147def4a3ec044df5f2a478c8161c3"><code>8e66809</code></a> C14n raise on failure (<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3600">#3600</a>)</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/5b77f3d1c48cc09c92d10046c448a0866380eb4a"><code>5b77f3d</code></a> Raise RuntimeError when canonicalization fails</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/edc559565819459d92f6db609f068f50491a57f9"><code>edc5595</code></a> Thank sponsors in the README</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/d4dc245dfafd7ba42538051b0979306c8e5dc6f2"><code>d4dc245</code></a> dep: update rdoc to v7</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/d77bfb66302532b90c0f340ed6b4ae74f275dde8"><code>d77bfb6</code></a> version bump to v1.19.0</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/1eb5c2c035b360fd1195de0b274e901b6e0c12dd"><code>1eb5c2c</code></a> dev: convert scripts/test-gem-set to use mise</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/88a120fd8198cd49b7cbe6388c92cd92d776407d"><code>88a120f</code></a> dep: Add native Ruby 4 support, drop Ruby 3.1 support (v1.19.x) (<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3592">#3592</a>)</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/f8c8f74e846ea49d2cb221710cc08618842ba21e"><code>f8c8f74</code></a> Skip the parser compression test for Windows system libs</li> <li>Additional commits viewable in <a href="https://github.com/sparklemotion/nokogiri/compare/v1.16.7...v1.19.1">compare view</a></li> </ul> </details> <br /> Updates `rexml` from 3.3.9 to 3.4.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ruby/rexml/releases">rexml's releases</a>.</em></p> <blockquote> <h2>REXML 3.4.2 - 2025-08-26</h2> <h3>Improvement</h3> <ul> <li> <p>Improved performance.</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/244">GH-244</a></li> <li><a href="https://redirect.github.com/ruby/rexml/issues/245">GH-245</a></li> <li><a href="https://redirect.github.com/ruby/rexml/issues/246">GH-246</a></li> <li><a href="https://redirect.github.com/ruby/rexml/issues/249">GH-249</a></li> <li><a href="https://redirect.github.com/ruby/rexml/issues/256">GH-256</a></li> <li>Patch by NAITOH Jun</li> </ul> </li> <li> <p>Raise appropriate exception when failing to match start tag in DOCTYPE</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/247">GH-247</a></li> <li>Patch by NAITOH Jun</li> </ul> </li> <li> <p>Deprecate accepting array as an element in XPath.match, first and each</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/252">GH-252</a></li> <li>Patch by tomoya ishida</li> </ul> </li> <li> <p>Don't call needless encoding_updated</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/259">GH-259</a></li> <li>Patch by Sutou Kouhei</li> </ul> </li> <li> <p>Reuse XPath::match</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/263">GH-263</a></li> <li>Patch by pboling</li> </ul> </li> <li> <p>Cache redundant calls for doctype</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/264">GH-264</a></li> <li>Patch by pboling</li> </ul> </li> <li> <p>Use Safe Navigation (&amp;.) from Ruby 2.3</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/265">GH-265</a></li> <li>Patch by pboling</li> </ul> </li> <li> <p>Remove redundant return statements</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/266">GH-266</a></li> <li>Patch by pboling</li> </ul> </li> <li> <p>Added XML declaration check &amp; Source#skip_spaces method</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/282">GH-282</a></li> <li>Patch by NAITOH Jun</li> <li>Reported by Sofi Aberegg</li> </ul> </li> </ul> <h3>Fixes</h3> <ul> <li>Fix docs typo <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/248">GH-248</a></li> <li>Patch by James Coleman</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ruby/rexml/blob/master/NEWS.md">rexml's changelog</a>.</em></p> <blockquote> <h2>3.4.2 - 2025-08-26 {#version-3-4-2}</h2> <h3>Improvement</h3> <ul> <li> <p>Improved performance.</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/244">GH-244</a></li> <li><a href="https://redirect.github.com/ruby/rexml/issues/245">GH-245</a></li> <li><a href="https://redirect.github.com/ruby/rexml/issues/246">GH-246</a></li> <li><a href="https://redirect.github.com/ruby/rexml/issues/249">GH-249</a></li> <li><a href="https://redirect.github.com/ruby/rexml/issues/256">GH-256</a></li> <li>Patch by NAITOH Jun</li> </ul> </li> <li> <p>Raise appropriate exception when failing to match start tag in DOCTYPE</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/247">GH-247</a></li> <li>Patch by NAITOH Jun</li> </ul> </li> <li> <p>Deprecate accepting array as an element in XPath.match, first and each</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/252">GH-252</a></li> <li>Patch by tomoya ishida</li> </ul> </li> <li> <p>Don't call needless encoding_updated</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/259">GH-259</a></li> <li>Patch by Sutou Kouhei</li> </ul> </li> <li> <p>Reuse XPath::match</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/263">GH-263</a></li> <li>Patch by pboling</li> </ul> </li> <li> <p>Cache redundant calls for doctype</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/264">GH-264</a></li> <li>Patch by pboling</li> </ul> </li> <li> <p>Use Safe Navigation (&amp;.) from Ruby 2.3</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/265">GH-265</a></li> <li>Patch by pboling</li> </ul> </li> <li> <p>Remove redundant return statements</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/266">GH-266</a></li> <li>Patch by pboling</li> </ul> </li> <li> <p>Added XML declaration check &amp; Source#skip_spaces method</p> <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/282">GH-282</a></li> <li>Patch by NAITOH Jun</li> <li>Reported by Sofi Aberegg</li> </ul> </li> </ul> <h3>Fixes</h3> <ul> <li>Fix docs typo <ul> <li><a href="https://redirect.github.com/ruby/rexml/issues/248">GH-248</a></li> <li>Patch by James Coleman</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ruby/rexml/commit/f36916fe1c66b8cdc1fe482263115625e084d8fe"><code>f36916f</code></a> Add 3.4.2 entry (<a href="https://redirect.github.com/ruby/rexml/issues/284">#284</a>)</li> <li><a href="https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23"><code>5859bde</code></a> Added XML declaration check &amp; <code>Source#skip_spaces</code> method (<a href="https://redirect.github.com/ruby/rexml/issues/282">#282</a>)</li> <li><a href="https://github.com/ruby/rexml/commit/1d876e3bf658b7b4ec7c3372867521695e8eb023"><code>1d876e3</code></a> Bump actions/checkout from 4 to 5 (<a href="https://redirect.github.com/ruby/rexml/issues/283">#283</a>)</li> <li><a href="https://github.com/ruby/rexml/commit/c87bda8bb8773da7e5a0faf9f16ff165eb052a35"><code>c87bda8</code></a> Remove ostruct from dev deps (<a href="https://redirect.github.com/ruby/rexml/issues/281">#281</a>)</li> <li><a href="https://github.com/ruby/rexml/commit/c60ae027a3c20f359fdf76fa41ae64d22313f482"><code>c60ae02</code></a> Remove bundler from dev deps (<a href="https://redirect.github.com/ruby/rexml/issues/277">#277</a>)</li> <li><a href="https://github.com/ruby/rexml/commit/9b084d78708638cedff54743edc0907c4bd6574a"><code>9b084d7</code></a> Fix &amp; Deprecate REXML::Text#text_indent (<a href="https://redirect.github.com/ruby/rexml/issues/275">#275</a>)</li> <li><a href="https://github.com/ruby/rexml/commit/04a589a61bf4e366abee8764ee74b03f4aecc4aa"><code>04a589a</code></a> Fix a bug that XPath can't be used for no document element (<a href="https://redirect.github.com/ruby/rexml/issues/268">#268</a>)</li> <li><a href="https://github.com/ruby/rexml/commit/66232eaf680d0937ae59bea285cdb8e4d3d88a93"><code>66232ea</code></a> Remove redundant return statements (<a href="https://redirect.github.com/ruby/rexml/issues/266">#266</a>)</li> <li><a href="https://github.com/ruby/rexml/commit/63f3e9772595a64b036953f0ab026d2ea5560a3b"><code>63f3e97</code></a> Use Safe Navigation (&amp;.) from Ruby 2.3 (<a href="https://redirect.github.com/ruby/rexml/issues/265">#265</a>)</li> <li><a href="https://github.com/ruby/rexml/commit/d427fc5914fcc17d7247c5ff9099ee38639d6702"><code>d427fc5</code></a> Avoid redundant calls for doctype (<a href="https://redirect.github.com/ruby/rexml/issues/264">#264</a>)</li> <li>Additional commits viewable in <a href="https://github.com/ruby/rexml/compare/v3.3.9...v3.4.2">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/shafiqalibhai/bitmagnet/network/alerts). </details>
This pull request can be merged automatically.
This branch is out-of-date with the base branch
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin dependabot/bundler/bitmagnet.io/bundler-91ab6fc1b9:dependabot/bundler/bitmagnet.io/bundler-91ab6fc1b9
git switch dependabot/bundler/bitmagnet.io/bundler-91ab6fc1b9

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch main
git merge --no-ff dependabot/bundler/bitmagnet.io/bundler-91ab6fc1b9
git switch dependabot/bundler/bitmagnet.io/bundler-91ab6fc1b9
git rebase main
git switch main
git merge --ff-only dependabot/bundler/bitmagnet.io/bundler-91ab6fc1b9
git switch dependabot/bundler/bitmagnet.io/bundler-91ab6fc1b9
git rebase main
git switch main
git merge --no-ff dependabot/bundler/bitmagnet.io/bundler-91ab6fc1b9
git switch main
git merge --squash dependabot/bundler/bitmagnet.io/bundler-91ab6fc1b9
git switch main
git merge --ff-only dependabot/bundler/bitmagnet.io/bundler-91ab6fc1b9
git switch main
git merge dependabot/bundler/bitmagnet.io/bundler-91ab6fc1b9
git push origin main
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug
Something isn't working

  
dependencies
Pull requests that update a dependency file

  
documentation
Improvements or additions to documentation

  
duplicate
This issue or pull request already exists

  
enhancement
New feature or request

  
go
Pull requests that update go code

  
good first issue
Good for newcomers

  
help wanted
Extra attention is needed

  
invalid
This doesn't seem right

  
javascript
Pull requests that update javascript code

  
question
Further information is requested

  
ruby
Pull requests that update ruby code

  
wontfix
This will not be worked on

No labels
bug
dependencies
documentation
duplicate
enhancement
go
good first issue
help wanted
invalid
javascript
question
ruby
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
ssa/bitmagnet!3
No description provided.