🚨 [security] [ruby] Update rails 6.1.7.7 → 6.1.7.8 (patch)

[depfu]

---

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

---

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ rails (6.1.7.7 → 6.1.7.8) · Repo

Release Notes

6.1.7.8

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Include the HTTP Permissions-Policy on non-HTML Content-Types
  [CVE-2024-28103]

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• No changes.

Action Mailbox

• No changes.

Action Text

• No changes.

Railties

• No changes.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

✳️ sprockets (3.7.3 → 3.7.5) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ actioncable (indirect, 6.1.7.7 → 6.1.7.8) · Repo · Changelog

Release Notes

6.1.7.8 (from changelog)

• No changes.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ actionmailbox (indirect, 6.1.7.7 → 6.1.7.8) · Repo · Changelog

↗️ actionmailer (indirect, 6.1.7.7 → 6.1.7.8) · Repo · Changelog

Release Notes

6.1.7.8 (from changelog)

• No changes.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ actionpack (indirect, 6.1.7.7 → 6.1.7.8) · Repo · Changelog

Security Advisories 🚨

🚨 Missing security headers in Action Pack on non-HTML responses

Permissions-Policy is Only Served on HTML Content-Type

The application configurable Permissions-Policy is only served on responses
with an HTML related Content-Type.

This has been assigned the CVE identifier CVE-2024-28103.

Versions Affected: >= 6.1.0
Not affected: < 6.1.0
Fixed Versions: 6.1.7.8, 7.0.8.4, and 7.1.3.4

Impact

Responses with a non-HTML Content-Type are not serving the configured Permissions-Policy. There are certain non-HTML Content-Types that would benefit from having the Permissions-Policy enforced.

Releases

The fixed releases are available at the normal locations.

Workarounds

N/A

Patches

To aid users who aren't able to upgrade immediately we have provided patches for
the supported release series in accordance with our
maintenance policy
regarding security issues. They are in git-am format and consist of a
single changeset.

• 6-1-include-permissions-policy-header-on-non-html.patch - Patch for 6.1 series
• 7-0-include-permissions-policy-header-on-non-html.patch - Patch for 7.0 series
• 7-1-include-permissions-policy-header-on-non-html.patch - Patch for 7.1 series

Credits

Thank you shinkbr for reporting this!

Release Notes

6.1.7.8 (from changelog)

• Include the HTTP Permissions-Policy on non-HTML Content-Types [CVE-2024-28103]

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ actiontext (indirect, 6.1.7.7 → 6.1.7.8) · Repo · Changelog

Release Notes

6.1.7.8 (from changelog)

• No changes.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ actionview (indirect, 6.1.7.7 → 6.1.7.8) · Repo · Changelog

Release Notes

6.1.7.8 (from changelog)

• No changes.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ activejob (indirect, 6.1.7.7 → 6.1.7.8) · Repo · Changelog

Release Notes

6.1.7.8 (from changelog)

• No changes.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ activemodel (indirect, 6.1.7.7 → 6.1.7.8) · Repo · Changelog

Release Notes

6.1.7.8 (from changelog)

• No changes.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ activerecord (indirect, 6.1.7.7 → 6.1.7.8) · Repo · Changelog

Release Notes

6.1.7.8 (from changelog)

• No changes.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ activestorage (indirect, 6.1.7.7 → 6.1.7.8) · Repo · Changelog

Release Notes

6.1.7.8 (from changelog)

• No changes.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ activesupport (indirect, 6.1.7.7 → 6.1.7.8) · Repo · Changelog

Release Notes

6.1.7.8 (from changelog)

• No changes.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ builder (indirect, 3.2.4 → 3.3.0) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ erubi (indirect, 1.12.0 → 1.13.0) · Repo · Changelog

Release Notes

1.13.0 (from changelog)

* Define Erubi.h as a module function (jeremyevans)

Add erubi/capture_block, supporting capturing block output via standard <%= and <%== tags (jeremyevans)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ method_source (indirect, 1.0.0 → 1.1.0) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ mini_portile2 (indirect, 2.8.5 → 2.8.7) · Repo · Changelog

Release Notes

2.8.7

2.8.7 / 2024-05-31

Added

• When setting the C compiler through the MiniPortile constructor, the preferred keyword argument is now :cc_command. The original :gcc_command is still supported. (#144 by @flavorjones)
• Add support for extracting xz-compressed tarballs on OpenBSD. (#141 by @postmodern)
• Add OpenBSD support to the experimental method MakeMakefile#mkmf_config. (#141 by @flavorjones)

Changed

• MiniPortileCMake now detects the C and C++ compiler the same way MiniPortile does: by examining environment variables, then using kwargs, then looking in RbConfig (in that order). (#144 by @flavorjones)
• GPG file verification error messages are captured in the raised exception. Previously these errors went to stderr. (#145 by @flavorjones)

2.8.6

2.8.6 / 2024-04-14

Added

• When using CMake on FreeBSD, default to clang's "cc" and "c++" compilers. (#139 by @mudge)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ net-imap (indirect, 0.4.10 → 0.5.0) · Repo

Release Notes

0.5.0

What's Changed

Breaking Changes

• 💥 Drop ruby 2.7 and 3.0 support, and require ruby 3.1 by @nevans in #276
• 💥⚡ Simplify header-fld-name parser (backward incompatible) by @nevans in #216
  For example, HEADER.FIELDS(Content-Type) or HEADER.FIELDS("Content-Type") are semantically identical, and a server may choose to return the quoted version.
  • Before this change, the FetchData attr header name would be quoted if the server sent the field name quoted.
  • After this change, the header field names will always be unquoted by the parser, so the result will always available via fetch_data.header_fields("Content-Type") or fetch_data.attr_upcase["HEADER.FIELDS(CONTENT-TYPE)"].
• 💥 Replace MessageSet with SequenceSet by @nevans in #282
  Most of the changes are bugfixes or allow something new to work that didn't work before. See the PR for more details.
  This affects #search, #uid_search, #sort, #uid_sort, #fetch, #uid_fetch, #store, #uid_store, #copy, #uid_copy, #move, #uid_move, and #uid_expunge.
• 💥 SequenceSet input validation for Set, Array, and enumerables by @nevans in #319
  • Array inputs can still be deeply nested.
  • Set inputs can only contain integers and "*" or :*, to be consistent with SequenceSet#to_set.
  • Other Enumerables will only be converted if they implement #to_sequence_set.
• 🔥 Remove deprecated #client_thread attr_reader by @nevans in #321
  #client_thread was deprecated by v0.4.0.
• 🔥 Drop deprecated BodyType structs by @nevans in #323
  These structs were deprecated by v0.4.0.

Added

• ✨ Add #extract_responses method by @nevans in #330 Also backported to v0.4.17.
• ✨ New config option to return frozen dup from #responses by @nevans in #334 Also backported to v0.4.17.
• 🥅 Improve SequenceSet frozen errors by @nevans in #331 Also backported to v0.4.17.
• 📚 SequenceSet API is considered stable now by @nevans in #318
• 🔒 Enforce LOGINDISABLED requirement by @nevans in #307
  To workaround buggy servers, config.enforce_logindisabled can be set to :when_capabilities_cached or false.
• 🔒 SASL DIGEST-MD5: realm, host, service_name, etc by @nevans in #284
  Please note that the DIGEST-MD5 SASL mechanism is insecure and deprecated.

Deprecations

• 🔊 Warn about deprecated #responses usage by @nevans in #97
  To silence these warnings:
  • pass a block to #responses (supported since v0.4.0),
  • pass a response type to #responses for a frozen copied array (since v0.4.17),
  • set config.responses_without_block to :silence_deprecation_warning (since v0.4.13),
  • set config.responses_without_block to :frozen_dup for a frozen copy (since v0.4.17),
  • use #clear_responses instead (since v0.4.0),
  • use #extract_responses instead (since v0.4.17).
• 🗑️ Deprecate MessageSet by @nevans in #282
  MessageSet was only intended for internal use, and all internal usage has been replaced.

Fixed

• 🐛 Fix #send_data to send DateTime as time by @taku0 in #313
  Also backported to v0.4.15.
• 🐛 Fix #header_fld_name to handle quoted strings correctly by @taku0 in #315
  Also backported to v0.4.16.
• 🐛 Fix SequenceSet[input] when input is a SequenceSet by @nevans in #326
  Also backported to v0.4.17.
• 🐛 Fix Set inputs for SequenceSet by @nevans in #332
  This bug was introduced by #319, which had not been previously released.

Other Changes

• 🔧 Update default config for v0.5 by @nevans in #305
• ♻️ Use Integer.try_convert (new in ruby 3.1+) by @nevans in #316
• 🗑️ Add category: :deprecated to calls to warn by @nevans in #322
• ♻️ Extract SASL::Authenticators#normalize_name by @nevans in #309
• 🔒 📚 Improvements and docs for SASL::ClientAdapter by @nevans in #320
• ♻️ Use SASL::ClientAdapter by @nevans in #194

Documentation

• 📚 Update Config rdoc for v0.5 by @nevans in #306
• 📚 Update SASL documentation by @nevans in #308
• 📚 SequenceSet API is considered stable now by @nevans in #318
• 🔒 📚 Improvements and docs for SASL::ClientAdapter by @nevans in #320

Miscellaneous

• ✅ Add a Mutex to FakeServer (for tests only) by @nevans in #317
  Also backported to v0.4.17.
• ⬆️ Bump step-security/harden-runner from 2.8.1 to 2.9.0 by @dependabot in #311
• ⬆️ Bump step-security/harden-runner from 2.9.0 to 2.9.1 by @dependabot in #312
• Bump step-security/harden-runner from 2.9.1 to 2.10.1 by @dependabot in #325
• 🔨📚 Fix rdoc => ghpages workflow by @nevans in #335
• ✅ Fix GH action for rubygems Trusted Publishing by @nevans in #340
  Also backported to v0.4.17.
• ✅ Setup simplecov by @nevans in #328

New Contributors

• @taku0 made their first contribution in #313

Full Changelog: v0.4.14...v0.5.0
(Note that v0.4.x releases since v0.4.14 have used the v0.4-stable branch.)

0.4.17

What's Changed

Added features

• ✨ Add #extract_responses method by @nevans in #337 (backports #330)
• ✨ New config option to return frozen dup from #responses by @nevans in #339 (backports #334)
  This will become the default in v0.6.0.

Bug fixes

• 🐛 Fix SequenceSet[input] when input is a SequenceSet by @nevans in #327 (backports #326)

Other Changes

• 🥅 Improve SequenceSet frozen errors by @nevans in #338 (backports #331)

Miscellaneous

• ✅ Add a Mutex to FakeServer (for tests only) by @nevans in #336 (backports #317)
• ✅ Fix GH action for Rubygems Trusted Publishing by @nevans in #341 (backports #340)

Full Changelog: v0.4.16...v0.4.17

0.4.16

What's Changed

Fixed

• 🐛 Fix #header_fld_name to handle quoted strings correctly by @taku0 in #315

Full Changelog: v0.4.15...v0.4.16

0.4.15

What's Changed

Fixed

• 🐛 Fix #send_data to send DateTime as time by @taku0 in #313

New Contributors

• @taku0 made their first contribution in #313

Full Changelog: v0.4.14...v0.4.15

0.4.14

What's Changed

Added

• ✨ Add Config methods: #to_h, #update, and #with by @nevans in #300
• 🔧 Add versioned defaults by @nevans in #302
• 🔧 Add Config#load_defaults by @nevans in #301

Fixed

• 🐛 Fix Config#clone to clone internal data struct by @nevans in #303
• 🔇 Fix ruby 2.7 warnings by @nevans in #304

Full Changelog: v0.4.13...v0.4.14

0.4.13

What's Changed

✨ Added features

• 🔧 Add Config class for debug, open_timeout, and idle_response_timeout by @nevans in #291
  • Net::IMAP.config for global configuration. This enables global defaults for previously client-local configuration:
    • open_timeout
    • idle_response_timeout
  • config keyword parameters for Net::IMAP.new
  • Net::IMAP#config for client configuration. This enables client-local overrides of previously global configuration:
    • debug
  • ♻️ Minor Config class tidy up by @nevans in #295
• 🔧 Add config option for sasl_ir by @nevans in #294
• 🔊 Add config option for responses_without_block by @nevans in #293

📖 Documentation

• 📖 Improve #idle and #idle_done rdoc by @nevans in #290
• 📚 Update rdoc for Config and related updates by @nevans in #297
• 📚 Improve rdoc for Net::IMAP.new ssl: params by @nevans in #298
• 📚 Improve Config class rdoc by @nevans in #296

🛠️ Other changes

• 📦 Don't keep .github, .gitignore, .mailmap in gem by @nevans in #299
• ⬆️ Bump step-security/harden-runner from 2.8.0 to 2.8.1 by @dependabot in #292

Full Changelog: v0.4.12...v0.4.13

0.4.12

What's Changed

• 📚 Fix many rdoc spelling mistakes by @nevans in #279
• 📦 Update workflow with configure_trusted_publisher by @nevans in #280
• 🔍 Simplify handling of ResponseParser test failures by @nevans in #281
• ⬆️ Bump step-security/harden-runner from 2.7.1 to 2.8.0 by @dependabot in #289
• Clarify the license of net-imap by @shugo in #275

Full Changelog: v0.4.11...v0.4.12

0.4.11

What's Changed

Server workarounds

• Consider extra empty space in BODYSTRUCTURE by @gaynetdinov in #271

Miscellaneous

• 🐛 Fix parser benchmarks generation by @nevans in #266
• ✅ Add basic test for SEARCH / UID SEARCH command by @nevans in #267
• 📧 Update gem email address and git mailmap by @nevans in #264
• ✅ Update Github test workflow name by @nevans in #268
• ⬆️ Bump actions/configure-pages from 4 to 5 by @dependabot in #270
• 🔧🔒 Configure RubyGems Trusted Publishing by @nevans in #265

New Contributors

• @gaynetdinov made their first contribution in #271

Full Changelog: v0.4.10...v0.4.11

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ nokogiri (indirect, 1.16.3 → 1.16.7) · Repo · Changelog

Security Advisories 🚨

🚨 Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459

Summary

Nokogiri v1.16.5 upgrades its dependency libxml2 to 2.12.7 from 2.12.6.

libxml2 v2.12.7 addresses CVE-2024-34459:

• described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
• patched by https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53

Impact

There is no impact to Nokogiri users because the issue is present only in libxml2's xmllint tool which Nokogiri does not provide or expose.

Timeline

• 2024-05-13 05:57 EDT, libxml2 2.12.7 release is announced
• 2024-05-13 08:30 EDT, nokogiri maintainers begin triage
• 2024-05-13 10:05 EDT, nokogiri v1.16.5 is released and this GHSA made public

Release Notes

1.16.7

v1.16.7 / 2024-07-27

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.9, which the upstream release notes state is a security release to address CVE-2024-40896. Nokogiri's maintainers believe this vulnerability does not affect users of Nokogiri, but we advise upgrading at your earliest convenience anyway.

---

sha256 checksums:

78778d35f165b59513be31c0fe232c63a82cf97626ffba695b5f822e5da1d74b  nokogiri-1.16.7-aarch64-linux.gem
c84cdb9e3aa44c35bbb981b20175838c4b2066c26c5cb118f31f177168a42fc3  nokogiri-1.16.7-arm-linux.gem
276dcea1b988a5b22b5acc1ba901d24b8e908c40b71dccd5d54a2ae279480dad  nokogiri-1.16.7-arm64-darwin.gem
044c45ca46abc2b6135a85ab39a546ff2f0434d43142bc59b83e5b1068876a42  nokogiri-1.16.7-java.gem
01ed785392f9cbdfd45e0e5ef6ad6d2c80a6128672589448f18952168bd68e56  nokogiri-1.16.7-x64-mingw-ucrt.gem
d8fd5c675743b85354c9098117bfa9e703c7cacab8c33e5190104ea8218ad1ec  nokogiri-1.16.7-x64-mingw32.gem
dddbf1c1ef99ce9fab98302b14f8bacb703e6f16e89b99f05ecee8a1fca23664  nokogiri-1.16.7-x86-linux.gem
b6517d995b024739cbb81251a26866d40e1ccb151936b5bb0977e7487f4e617c  nokogiri-1.16.7-x86-mingw32.gem
630732b80fc572690eab50c73a1f18988f3ac401ed0b67ca9956ba2b1e2c3faa  nokogiri-1.16.7-x86_64-darwin.gem
9e1e428641d5942af877c60b418c71163560e9feb4a5c4015f3230a8b86a40f6  nokogiri-1.16.7-x86_64-linux.gem
f819cbfdfb0a7b19c9c52c6f2ca63df0e58a6125f4f139707b586b9511d7fe95  nokogiri-1.16.7.gem

1.16.6

v1.16.6 / 2024-06-13

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.8, which the release notes state is a bugfix release.

---

sha256 checksums:

7f4c37ee2dd9c97fdfb6278cf3d9dd2078651f241eed320e26902135dbf78183  nokogiri-1.16.6-aarch64-linux.gem
73d7a7ca569308f181a234269e6607c9acb26ecc93ccbb05998d24a9546c0a94  nokogiri-1.16.6-arm-linux.gem
43e8a783697c65413408a4923b5c2ed6bea6632cfdab4da220446b601733fa4b  nokogiri-1.16.6-arm64-darwin.gem
993ec13a1f0fb2261913e62e1f7a662c77108b1a59c903033eac432f74437275  nokogiri-1.16.6-java.gem
285687f16c330a9b61793d9d45913becf7a9aa82b0ce15c48fc1e0d6c6c9972f  nokogiri-1.16.6-x64-mingw-ucrt.gem
dbbefbfabe363daaa90e7c0b15854769e17ee5b8ae243014e0e55c01047eb5cd  nokogiri-1.16.6-x64-mingw32.gem
dedac3ee38b4deed1141747f04dd5ac512ef9165259cec66ec934edaa8a2a848  nokogiri-1.16.6-x86-linux.gem
5080e9512e3ba320aef074c16a23aef737301ac0e3b7a173a299dcaaa40b6a20  nokogiri-1.16.6-x86-mingw32.gem
92fa413d866baf9b609f17558ecfbcf950d5373213babcf4ce11d7eaed4b21cf  nokogiri-1.16.6-x86_64-darwin.gem
769bd2c14ad76dd5a7e14c867741cf2e3b8c25626a34f40aee7b0b998b8de820  nokogiri-1.16.6-x86_64-linux.gem
935fe4dd67d4377f4a05002acb1ffbadbcae265ea8e7869fc40e3a8121f3e1ef  nokogiri-1.16.6.gem

1.16.5

v1.16.5 / 2024-05-13

Security

• [CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See GHSA-r95h-9x8f-r3f7 for more information.

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.7 from v2.12.6. (@flavorjones)

---

sha256 checksums:

af0f44fa3e664dfb2aa10de8b551447d720c1e8d1f0aa3f35783dcc43e40a874  nokogiri-1.16.5-aarch64-linux.gem
23dc2357b26409a5c33b7e32a82902f0e9995305420f16d1a03ab3ea1a482fec  nokogiri-1.16.5-arm-linux.gem
950d037530edb49f75ad35de0b8038b970a7dda57e2b6326895b0e49fadf6214  nokogiri-1.16.5-arm64-darwin.gem
b7aefc94370c62476b8528e8d8abb6160203abd84a1f4eceda8f1aa8974d9989  nokogiri-1.16.5-java.gem
ec2167160df8fec3137bf95d574ed80ebc1d002bb3b281546b60b4aa9002466e  nokogiri-1.16.5-x64-mingw-ucrt.gem
6984200491fac69974005ecfa2de129d61843d345eafa5d6f58e8b908d1cf107  nokogiri-1.16.5-x64-mingw32.gem
abdc389ab1ec6604492da16bd9d06ad746fdb6bd6a1bd274c400d61ffcadb3c4  nokogiri-1.16.5-x86-linux.gem
63d24981345856f2baf7f4089870a62d3042fb8d3021b280fb04fc052532e3c4  nokogiri-1.16.5-x86-mingw32.gem
71b5f54e378c433d13df67c3b71acc4716129da62402d8181f310c4216a63279  nokogiri-1.16.5-x86_64-darwin.gem
0ca238da870066bed2f7837af6f35791bb9b76c4c5638999c46aac44818a6a97  nokogiri-1.16.5-x86_64-linux.gem
ec36162c68984fa0a90a5c4ae7ab7759460639e716cc1ce75f34c3cb54158ad2  nokogiri-1.16.5.gem

1.16.4

v1.16.4 / 2024-04-10

Dependencies

• [CRuby] Vendored zlib in the precompiled native gems is updated to v1.3.1 from v1.3. Nokogiri is not affected by the minizip CVE patched in this version, but this update may satisfy some security scanners. Related, see this discussion about removing the compression libraries altogether in a future version of Nokogiri.

---

sha256 checksums:

bdb1dc4378ebcf3ade8f440c7df68f6d76946a1a96c4823a2b4c53c01a320cd5  nokogiri-1.16.4-aarch64-linux.gem
0c994b9996d5576eddcc3201a94ef2bff6fc3627c4ae4d2708b0ec9b9743ec6a  nokogiri-1.16.4-arm-linux.gem
8e86abb64c93c06d3c588042a0e757279e8f1dc88b5210a00be892a9a7a27196  nokogiri-1.16.4-arm64-darwin.gem
bf84fa28be4943692bd64772186e0832fb1061f80714ccb93e111e9d72b1cadc  nokogiri-1.16.4-java.gem
a46808467c1f63a2031e1ca0715cd5336bb4ec759e9c0e2f4c951c1cc30994ae  nokogiri-1.16.4-x64-mingw-ucrt.gem
4cdf64bc5e9443ec3e0b595347ecc8affe21968d9ae934c0825d26630ef96468  nokogiri-1.16.4-x64-mingw32.gem
d86d21bae47dd9f6f5223055e45d33fae08b0b89aad94cbc0ece4f4274fa7af5  nokogiri-1.16.4-x86-linux.gem
d488b872884844686780fda7cf5da44ee884d32faa713a55aeb4736d76718168  nokogiri-1.16.4-x86-mingw32.gem
a896e52a56951ffb0e6a9279afbf485d683e357a053d27f4cfcb2a73b0824628  nokogiri-1.16.4-x86_64-darwin.gem
92ff4f09910255fec84b3bc4c4b182e94cada3ed12b9f7a6ea058e0af186fb31  nokogiri-1.16.4-x86_64-linux.gem
62c116c3a14b4ed4e1faec786da266c4bd4c717a0bd04a9916164a7046040f45  nokogiri-1.16.4.gem

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rack (indirect, 2.2.9 → 2.2.10) · Repo · Changelog

Release Notes

2.2.10 (from changelog)

• Fix compatibility issues with Ruby v3.4.0. (#2248, @byroot)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ railties (indirect, 6.1.7.7 → 6.1.7.8) · Repo · Changelog

Release Notes

6.1.7.8 (from changelog)

• No changes.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ sprockets-rails (indirect, 3.4.2 → 3.5.2) · Repo · Changelog

Release Notes

3.5.2

What's Changed

• Fix deprecations with Rails 8.0 by @rafaelfranca in #535

New Contributors

• @fynsta made their first contribution in #530

Full Changelog: v3.5.1...v3.5.2

3.5.1

What's Changed

• Handle the gem being loaded via sprockets/railtie rather than the expected sprockets/rails entrypoint. by @mamhoff in #525

New Contributors

• @mamhoff made their first contribution in #525

Full Changelog: v3.5.0...v3.5.1

3.5.0

What's Changed

• Add useful message for logger silence error by @rossta in #381
• Use a dedicated ActiveSupport::Deprecation for Rails 7.2 compatibility by @etiennebarrie in #517
• Dropped support for Rails versions older than 6.1

New Contributors

• @markrmullan made their first contribution in #502
• @rossta made their first contribution in #381
• @yahonda made their first contribution in #509
• @skipkayhil made their first contribution in #510
• @etiennebarrie made their first contribution in #517
• @byroot made their first contribution in #523

Full Changelog: v3.4.2...v3.5.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ thor (indirect, 1.3.1 → 1.3.2) · Repo · Changelog

Release Notes

1.3.2

What's Changed

• Fix a few typos in README by @duffuniverse in #880
• Correctly identify hyphenated and alias command names by @takmar in #878

New Contributors

• @duffuniverse made their first contribution in #880

Full Changelog: v1.3.1...v1.3.2

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ zeitwerk (indirect, 2.7.0 → 2.7.1) · Repo · Changelog

Release Notes

2.7.1 (from changelog)

• Micro-optimization in a hot path.

• Raises Zeitwerk::Error if an autoloaded constant expected to represent a namespace does not store a class or module object.

• Adds truffleruby-head to CI, except for autoloading thread-safety (see why in oracle/truffleruby#2431).

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu cancel merge

Cancels automatic merging of this PR

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)