build(deps): bump the bundler group across 10 directories with 11 updates

[dependabot]

Bumps the bundler group with 1 update in the /pkgs/applications/misc/coltrane directory: activesupport.
Bumps the bundler group with 3 updates in the /pkgs/applications/misc/gollum directory: rack, rexml and webrick.
Bumps the bundler group with 2 updates in the /pkgs/applications/misc/pt directory: addressable and excon.
Bumps the bundler group with 1 update in the /pkgs/applications/misc/taskjuggler directory: webrick.
Bumps the bundler group with 2 updates in the /pkgs/applications/office/ledger-web directory: rack and sinatra.
Bumps the bundler group with 3 updates in the /pkgs/applications/version-management/bitbucket-server-cli directory: json, addressable and git.
Bumps the bundler group with 4 updates in the /pkgs/applications/version-management/danger-gitlab directory: rexml, addressable, git and httparty.
Bumps the bundler group with 1 update in the /pkgs/applications/version-management/git-fame directory: activesupport.
Bumps the bundler group with 1 update in the /pkgs/by-name/ba/bashly directory: rexml.
Bumps the bundler group with 4 updates in the /pkgs/by-name/pg/pghero directory: activesupport, rack, rexml and addressable.

Updates activesupport from 7.0.4.2 to 7.0.7.1

Release notes

Sourced from activesupport's releases.

7.0.7.1

Active Support

• Use a temporary file for storing unencrypted files while editing

  [CVE-2023-38037]

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• No changes.

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

... (truncated)

Commits

• c92caef Preparing for 7.0.7.1 release
• 936587d updating version / changelog
• a21d6ed Use a temporary file for storing unencrypted files while editing
• 522c86f Preparing for 7.0.7 release
• 5610cba Sync CHANGELOG with the changes in the repository
• 7e9ffc2 Fix to_s not using :default format with no args
• a8e88e2 Fix Cache::NullStore with local caching for repeated reads
• b18b9df Merge pull request #48800 from robinjam/fix-humanize-nil
• b12fe80 Fix Enumerable#sum for Enumerator#lazy
• e3f80f6 Add lower bound to Listen gem requirement
• Additional commits viewable in compare view

Updates rack from 3.1.7 to 3.1.8

Changelog

Sourced from rack's changelog.

[3.1.8] - 2024-10-14

Fixed

• Resolve deprecation warnings about uri DEFAULT_PARSER. (#2249, [@​earlopain])

Commits

• 0eabeb7 Bump patch version.
• f4f7103 Resolve deprecation warnings about uri DEFAULT_PARSER (#2242) (#2249)
• See full diff in compare view

Updates rexml from 3.3.2 to 3.3.6

Release notes

Sourced from rexml's releases.

REXML 3.3.6 - 2024-08-22

Improvements

• Removed duplicated entity expansions for performance.

  • GH-194
  • Patch by Viktor Ivarsson.

• Improved namespace conflicted attribute check performance. It was too slow for deep elements.

  • Reported by l33thaxor.

Fixes

• Fixed a bug that default entity expansions are counted for security check. Default entity expansions should not be counted because they don't have a security risk.

  • GH-198
  • GH-199
  • Patch Viktor Ivarsson

• Fixed a parser bug that parameter entity references in internal subsets are expanded. It's not allowed in the XML specification.

  • GH-191
  • Patch by NAITOH Jun.

• Fixed a stream parser bug that user-defined entity references in text aren't expanded.

  • GH-200
  • Patch by NAITOH Jun.

Thanks

• Viktor Ivarsson

• NAITOH Jun

• l33thaxor

REXML 3.3.5 - 2024-08-12

Fixes

• Fixed a bug that REXML::Security.entity_expansion_text_limit check has wrong text size calculation in SAX and pull parsers.
  • GH-193
  • GH-195
  • Reported by Viktor Ivarsson.
  • Patch by NAITOH Jun.

... (truncated)

Changelog

Sourced from rexml's changelog.

3.3.6 - 2024-08-22 {#version-3-3-6}

Improvements

• Removed duplicated entity expansions for performance.

  • GH-194
  • Patch by Viktor Ivarsson.

• Improved namespace conflicted attribute check performance. It was too slow for deep elements.

  • Reported by l33thaxor.

Fixes

• Fixed a bug that default entity expansions are counted for security check. Default entity expansions should not be counted because they don't have a security risk.

  • GH-198
  • GH-199
  • Patch Viktor Ivarsson

• Fixed a parser bug that parameter entity references in internal subsets are expanded. It's not allowed in the XML specification.

  • GH-191
  • Patch by NAITOH Jun.

• Fixed a stream parser bug that user-defined entity references in text aren't expanded.

  • GH-200
  • Patch by NAITOH Jun.

Thanks

• Viktor Ivarsson

• NAITOH Jun

• l33thaxor

3.3.5 - 2024-08-12 {#version-3-3-5}

Fixes

• Fixed a bug that REXML::Security.entity_expansion_text_limit check has wrong text size calculation in SAX and pull parsers.
  • GH-193
  • GH-195
  • Reported by Viktor Ivarsson.
  • Patch by NAITOH Jun.

... (truncated)

Commits

• 95871f3 Add 3.3.6 entry
• 7cb5eae parser tree: improve namespace conflicted attribute check performance
• 6109e01 Fix a bug that Stream parser doesn't expand the user-defined entity reference...
• cb15858 parser: keep the current namespaces instead of stack of Set
• 2b47b16 parser: move duplicated end tag check to BaseParser
• 35e1681 test tree-parser: move common method to base class
• 6e00a14 test: fix indent
• df3a0cc test: fix indent
• fdbffe7 Use loop instead of recursive call for Element#namespace
• 6422fa3 Use loop instead of recursive call for Element#root
• Additional commits viewable in compare view

Updates webrick from 1.8.1 to 1.8.2

Release notes

Sourced from webrick's releases.

v1.8.2

What's Changed

• Drop commented-out line by @​olleolleolle in ruby/webrick#108
• Add Ruby 3.1 & 3.2 to CI matrix by @​tricknotes in ruby/webrick#109
• Fix/redos by @​ooooooo-q in ruby/webrick#114
• Raise HTTPStatus::BadRequest for requests with invalid/duplicate content-length headers by @​jeremyevans in ruby/webrick#120
• Bump actions/checkout from 3 to 4 by @​dependabot in ruby/webrick#121
• Improve CI by @​hsbt in ruby/webrick#123
• Fix WEBrick::TestFileHandler#test_short_filename test not working on mswin by @​KJTsanaktsidis in ruby/webrick#128
• Fix bug chunk extension detection by @​jeremyevans in ruby/webrick#125
• Fix CI. by @​ioquatix in ruby/webrick#131
• Merge multiple cookie headers, preserving semantic correctness. by @​ioquatix in ruby/webrick#130
• Test on macos-latest by @​byroot in ruby/webrick#132
• Require CRLF line endings in request line and headers by @​jeremyevans in ruby/webrick#138
• Prefer squigly heredocs. by @​ioquatix in ruby/webrick#143
• Only strip space and horizontal tab in headers by @​jeremyevans in ruby/webrick#141
• Treat missing CRLF separator after headers as an EOFError by @​jeremyevans in ruby/webrick#142
• Return 400 response for chunked requests with unexpected data after chunk by @​jeremyevans in ruby/webrick#136
• Fix reference to URI::REGEXP::PATTERN::HOST by @​casperisfine in ruby/webrick#144
• Prevent request smuggling by @​jeremyevans in ruby/webrick#146

New Contributors

• @​tricknotes made their first contribution in ruby/webrick#109
• @​ooooooo-q made their first contribution in ruby/webrick#114
• @​KJTsanaktsidis made their first contribution in ruby/webrick#128
• @​byroot made their first contribution in ruby/webrick#132
• @​casperisfine made their first contribution in ruby/webrick#144

Full Changelog: ruby/webrick@v1.8.1...v1.8.2

Commits

• 0fb9de6 Bump up v1.8.2
• b9a4c81 Removed trailing spaces
• f5faca9 Prevent request smuggling
• 0c600e1 Fix reference to URI::REGEXP::PATTERN::HOST
• 15a9391 Return 400 response for chunked requests with unexpected data after chunk
• 2b38d56 Treat missing CRLF separator after headers as an EOFError
• e4efb4a Remove unnecessary gsub calls in test_httprequest.rb
• 426e214 Only strip space and horizontal tab in headers
• e72cb69 Prefer squigly heredocs. (#143)
• ee60354 Require CRLF line endings in request line and headers
• Additional commits viewable in compare view

Updates addressable from 2.6.0 to 2.8.0

Changelog

Sourced from addressable's changelog.

Addressable 2.8.0

• fixes ReDoS vulnerability in Addressable::Template#match
• no longer replaces + with spaces in queries for non-http(s) schemes
• fixed encoding ipv6 literals
• the :compacted flag for normalized_query now dedupes parameters
• fix broken escape_component alias
• dropping support for Ruby 2.0 and 2.1
• adding Ruby 3.0 compatibility for development tasks
• drop support for rack-mount and remove Addressable::Template#generate
• performance improvements
• switch CI/CD to GitHub Actions

Addressable 2.7.0

• added :compacted flag to normalized_query
• heuristic_parse handles mailto: more intuitively
• dropped explicit support for JRuby 9.0.5.0
• compatibility w/ public_suffix 4.x
• performance improvements

Commits

• 6469a23 Updating gemspec again
• 2433638 Merge branch 'main' of github.com:sporkmonger/addressable into main
• e9c76b8 Merge pull request #378 from ashmaroli/flat-map
• 56c5cf7 Update the gemspec
• c1fed1c Require a non-vulnerable rake
• 0d8a312 Adding note about ReDoS vulnerability
• 89c7613 Merge branch 'template-regexp' into main
• cf8884f Note about alias fix
• bb03f71 Merge pull request #371 from charleystran/add_missing_encode_component_doc_entry
• 6d1d809 Adding note about :compacted normalization
• Additional commits viewable in compare view

Updates excon from 0.64.0 to 0.71.0

Changelog

Sourced from excon's changelog.

0.71.0 2019-12-12

fix for leftover data with interrupted persistent connections

0.70.0 2019-12-02

Update bundled certificates

0.69.1 2019-11-21

Fix mistake in proxy connection error handling

0.69.0 2019-11-21

Raise better proxy connection errors

0.68.0 2019-10-25

Updated bundled certs

0.67.0 2019-09-24

Properly redact user/pass info from proxy credentials Update bundled certs

0.66.0 2019-08-06

Add remote_ip to datum, enabling usage in middleware redirect follower now raises after following too many redirects (default 10) fixed stub clearing in tests to avoid race conditions

0.65.0 2019-07-22

fix yardoc formatting fix creating Proc without a block reduce/refine gem file contents update bundled certs readd bundled certs to gem file contents

Commits

• 1149d44 v0.71.0
• ccb57d7 fix for leftover data with interrupted persistent connections
• f8de8cf v0.70.0
• 93f4a21 v0.69.1
• e89bbb7 Merge pull request #709 from jasquat/fix_response_status_check
• 5647437 fixed response status check when making a request with a valid proxy is set
• f769176 v0.69.0
• 20c0748 define ProxyConnectionError
• f44106a raise on failed proxy connect
• d7ed5fe be thorough in unsubscribing to notifications in instrumentation tests
• Additional commits viewable in compare view

Updates webrick from 1.8.1 to 1.8.2

Release notes

Sourced from webrick's releases.

v1.8.2

What's Changed

• Drop commented-out line by @​olleolleolle in ruby/webrick#108
• Add Ruby 3.1 & 3.2 to CI matrix by @​tricknotes in ruby/webrick#109
• Fix/redos by @​ooooooo-q in ruby/webrick#114
• Raise HTTPStatus::BadRequest for requests with invalid/duplicate content-length headers by @​jeremyevans in ruby/webrick#120
• Bump actions/checkout from 3 to 4 by @​dependabot in ruby/webrick#121
• Improve CI by @​hsbt in ruby/webrick#123
• Fix WEBrick::TestFileHandler#test_short_filename test not working on mswin by @​KJTsanaktsidis in ruby/webrick#128
• Fix bug chunk extension detection by @​jeremyevans in ruby/webrick#125
• Fix CI. by @​ioquatix in ruby/webrick#131
• Merge multiple cookie headers, preserving semantic correctness. by @​ioquatix in ruby/webrick#130
• Test on macos-latest by @​byroot in ruby/webrick#132
• Require CRLF line endings in request line and headers by @​jeremyevans in ruby/webrick#138
• Prefer squigly heredocs. by @​ioquatix in ruby/webrick#143
• Only strip space and horizontal tab in headers by @​jeremyevans in ruby/webrick#141
• Treat missing CRLF separator after headers as an EOFError by @​jeremyevans in ruby/webrick#142
• Return 400 response for chunked requests with unexpected data after chunk by @​jeremyevans in ruby/webrick#136
• Fix reference to URI::REGEXP::PATTERN::HOST by @​casperisfine in ruby/webrick#144
• Prevent request smuggling by @​jeremyevans in ruby/webrick#146

New Contributors

• @​tricknotes made their first contribution in ruby/webrick#109
• @​ooooooo-q made their first contribution in ruby/webrick#114
• @​KJTsanaktsidis made their first contribution in ruby/webrick#128
• @​byroot made their first contribution in ruby/webrick#132
• @​casperisfine made their first contribution in ruby/webrick#144

Full Changelog: ruby/webrick@v1.8.1...v1.8.2

Commits

• 0fb9de6 Bump up v1.8.2
• b9a4c81 Removed trailing spaces
• f5faca9 Prevent request smuggling
• 0c600e1 Fix reference to URI::REGEXP::PATTERN::HOST
• 15a9391 Return 400 response for chunked requests with unexpected data after chunk
• 2b38d56 Treat missing CRLF separator after headers as an EOFError
• e4efb4a Remove unnecessary gsub calls in test_httprequest.rb
• 426e214 Only strip space and horizontal tab in headers
• e72cb69 Prefer squigly heredocs. (#143)
• ee60354 Require CRLF line endings in request line and headers
• Additional commits viewable in compare view

Updates rack from 2.0.7 to 2.2.8.1

Changelog

Sourced from rack's changelog.

[3.1.8] - 2024-10-14

Fixed

• Resolve deprecation warnings about uri DEFAULT_PARSER. (#2249, [@​earlopain])

Commits

• 0eabeb7 Bump patch version.
• f4f7103 Resolve deprecation warnings about uri DEFAULT_PARSER (#2242) (#2249)
• See full diff in compare view

Updates sinatra from 2.0.5 to 2.2.3

Changelog

Sourced from sinatra's changelog.

2.2.3 / 2022-11-25

• Fix: Escape filename in the Content-Disposition header. #1841 by Kunpei Sakai

• Fix: fixed ReDoS for Rack::Protection::IPSpoofing. #1823 by @​ooooooo-q

2.2.2 / 2022-07-23

• Update mustermann dependency to version 2.

2.2.1 / 2022-07-15

• Fix JRuby regression by using ruby2_keywords for delegation. #1750 by Patrik Ragnarsson

• Add JRuby to CI. #1755 by Karol Bucek

2.2.0 / 2022-02-15

• Breaking change: Add #select, #reject and #compact methods to Sinatra::IndifferentHash. If hash keys need to be converted to symbols, call #to_h to get a Hash instance first. #1711 by Olivier Bellone

• Handle EOFError raised by Rack and return Bad Request 400 status. #1743 by tamazon

• Minor refactors in base.rb. #1640 by ceclinux

• Add escaping to the static 404 page. #1645 by Chris Gavin

• Remove detect_rack_handler method. #1652 by ceclinux

• Respect content type set in superclass before filter. Fixes #1647 #1649 by Jordan Owens

• Revert "Use prepend instead of include for helpers. #1662 by namusyaka

• Fix usage of inherited Sinatra::Base classes keyword arguments. Fixes #1669 #1670 by Cadu Ribeiro

• Reduce RDoc generation time by not including every README. Fixes #1578 #1671 by Eloy Pérez

• Add support for per form csrf tokens. Fixes #1616 #1653 by Jordan Owens

• Update MAINTENANCE.md with the stable branch status. #1681 by Fredrik Rubensson

• Validate expanded path matches public_dir when serving static files. #1683 by cji-stripe

• Fix Delegator to pass keyword arguments for Ruby 3.0. #1684 by andrewtblake

• Fix use with keyword arguments for Ruby 3.0. #1701 by Robin Wallin

• Fix memory leaks for proc template. Fixes #1704 #1719 by Slevin

• Remove unnecessary test_files from the gemspec. #1712 by Masataka Pocke Kuwabara

... (truncated)

Commits

• 0bdb254 2.2.3 release
• 43df742 Remove rdoc
• 580b271 fix ReDoS
• 9031a44 Pin haml to v5
• 0455c8e Pin Puma to v5
• 1808bcd escape filename in the Content-Disposition header
• ee12b18 Note potential breaking change in 2.2.0 release
• 9c1ed08 Update CHANGELOG.md
• a2b8243 2.2.2 release
• 6534799 Update mustermann to ~> 2.0
• Additional commits viewable in compare view

Updates json from 2.0.2 to 2.3.0

Release notes

Sourced from json's releases.

v2.3.0

What's Changed

• README: Docs at rubydoc.info, not on rubyforge by @​olleolleolle in flori/json#376
• Remove RubyForge homepage reference by @​olleolleolle in flori/json#378
• Add ascii_only option to JSON::Ext::Generator::State.new. by @​sho-h in flori/json#367
• Gemspec: Drop EOL'd property rubyforge_project by @​olleolleolle in flori/json#381
• Backport ruby core changes by @​hsbt in flori/json#388
• Minor cleanup for ruby 2.7 warnings and failures. by @​zenspider in flori/json#389
• relax test-unit version for old ruby by @​hsbt in flori/json#390
• Bump versions for 2.3.0. by @​headius in flori/json#391

New Contributors

• @​zenspider made their first contribution in flori/json#389

Full Changelog: ruby/json@v2.2.0...v2.3.0

v2.2.0

What's Changed

• Fixed json_create example to use create_additions = true by @​perlun in flori/json#331
• README: Fixed code examples to start in the left-most column by @​perlun in flori/json#330
• Added missing bigdecimal for its test by @​hsbt in flori/json#335
• README: Added note about json/add/exception by @​perlun in flori/json#332
• fix link in travis widget by @​lostapathy in flori/json#340
• [CI] Test against Ruby 2.5 by @​nicolasleger in flori/json#352
• Removed control characters from gemspec. by @​hsbt in flori/json#360
• Fix typos in README.md by @​yui-knk in flori/json#363
• Backport from Ruby core repository by @​hsbt in flori/json#359
• Fix for bigdecimal updates by @​mrkn in flori/json#362
• Fix a typo. by @​sho-h in flori/json#369
• fix JSON::Generator::State#ascii_only? document same as lib/json/pure/generator.rb. by @​sho-h in flori/json#366

New Contributors

• @​lostapathy made their first contribution in flori/json#340
• @​nicolasleger made their first contribution in flori/json#352
• @​yui-knk made their first contribution in flori/json#363

Full Changelog: ruby/json@v2.1.0...v2.2.0

v2.1.0

What's Changed

• README.md typo fix by @​kaworu in flori/json#300
• Correct documentation of OpenStruct.json_create by @​kyanagi in flori/json#301
• No Bignum by @​nobu in flori/json#302
• CHANGES.md: Fixed typo by @​perlun in flori/json#306
• Actually test BigDecimal parsing. by @​xb in flori/json#321
• Back-out change of directory of json-java.gemspec. by @​xb in flori/json#323

New Contributors

• @​kaworu made their first contribution in flori/json#300
• @​kyanagi made their first contribution in flori/json#301

... (truncated)

Changelog

Sourced from json's changelog.

2019-12-11 (2.3.0)

• Fix default of create_additions to always be false for JSON(user_input) and JSON.parse(user_input, nil). Note that JSON.load remains with default true and is meant for internal serialization of trusted data. [CVE-2020-10663]
• Fix passing args all #to_json in json/add/*.
• Fix encoding issues
• Fix issues of keyword vs positional parameter
• Fix JSON::Parser against bigdecimal updates
• Bug fixes to JRuby port

2019-02-21 (2.2.0)

• Adds support for 2.6 BigDecimal and ruby standard library Set datetype.

2017-04-18 (2.1.0)

• Allow passing of decimal_class option to specify a class as which to parse JSON float numbers.

2017-03-23 (2.0.4)

• Raise exception for incomplete unicode surrogates/character escape sequences. This problem was reported by Daniel Gollahon (dgollahon).
• Fix arbitrary heap exposure problem. This problem was reported by Ahmad Sherif (ahmadsherif).

2017-01-12 (2.0.3)

• Set required_ruby_version to 1.9
• Some small fixes

Commits

• 92cf5c4 v2.3.0
• 579ae85 Add some more recent jruby
• acabfeb Make tests green on jruby
• c194360 Update travis config
• 49317c1 Ignore log files
• d84439f Merge pull request #391 from headius/prep_2.3.0
• 38f68d1 Bump versions for 2.3.0.
• 40524a9 Merge pull request #390 from flori/relax-test-unit
• 87379e6 relax test-unit version for old ruby
• 05de02f Merge branch 'zenspider-zenspider/ruby-2.7'
• Additional commits viewable in compare view

Updates addressable from 2.5.0 to 2.8.0

Changelog

Sourced from addressable's changelog.

Addressable 2.8.0

• fixes ReDoS vulnerability in Addressable::Template#match
• no longer replaces + with spaces in queries for non-http(s) schemes
• fixed encoding ipv6 literals
• the :compacted flag for normalized_query now dedupes parameters
• fix broken escape_component alias
• dropping support for Ruby 2.0 and 2.1
• adding Ruby 3.0 compatibility for development tasks
• drop support for rack-mount and remove Addressable::Template#generate
• performance improvements
• switch CI/CD to GitHub Actions

Addressable 2.7.0

• added :compacted flag to normalized_query
• heuristic_parse handles mailto: more intuitively
• dropped explicit support for JRuby 9.0.5.0
• compatibility w/ public_suffix 4.x
• performance improvements

Commits

• 6469a23 Updating gemspec again
• 2433638 Merge branch 'main' of github.com:sporkmonger/addressable into main
• e9c76b8 Merge pull request #378 from ashmaroli/flat-map
• 56c5cf7 Update the gemspec
• c1fed1c Require a non-vulnerable rake
• 0d8a312 Adding note about ReDoS vulnerability
• 89c7613 Merge branch 'template-regexp' into main
• cf8884f Note about alias fix
• bb03f71 Merge pull request #371 from charleystran/add_missing_encode_component_doc_entry
• 6d1d809 Adding note about :compacted normalization
• Additional commits viewable in compare view

Updates git from 1.3.0 to 1.13.0

Release notes

Sourced from git's releases.

v1.13.0

Full Changelog

• ca8ff35 Release v1.13.0 (#603)
• 8349224 Update list of maintainers (#598)
• 4fe8738 In ls-files do not unescape file paths with eval (#602)
• 74b8e11 Add start_point option for checkout command (#597)
• ff6dcf4 Do not assume the default branch is 'master' in tests
• 8279298 Fix exception when Git is autoloaded (#594)

Release v1.12.0

Full Changelog

• ea79dad Release v1.12.0
• e58cd29 Support the commit --no-gpg-sign flag (#589)
• 323383b Use yard gem version 0.9.8 or later instead of HEAD from GitHub (#592)
• 609ab8b Allow the CI build to be run manually using the GitHub interface (#590)
• 4a96679 Fix windows build (#591)
• 6f2b3fd Support the --all option for git fetch (#583)
• 1b13ec1 Workaround to get JRuby build working (#582)
• 5f0adec Update README.md (#580)
• 45b467c Make the directory param to Git.clone optional (#578)
• b92130c Make Git::URL.clone_to handle cloning to bare and mirror repos (#577)
• 13471d7 Add Git::URL #parse and #clone_to methods (#575)
• 0a43d8b Use the head version of yard (#573)

Release v1.11.0

Full Changelog

• 292087e Supress unneeded test output (#570)
• 19dfe5e Add support for fetch options "--force/-f" and "--prune-tags/-P". (#563)
• 018d919 Fix bug when grepping lines that contain numbers surrounded by colons (#566)
• c04d16e remove from maintainer (#567)
• 291ca09 Address command line injection in Git::Lib#fetch
• 521b8e7 Release v1.10.2 (#561)

Release v1.10.2

Full Changelog

• 57f941c Release v1.10.2
• c987a74 Add create-release, setup, and console dev scripts (#560)
• 12e3d03 Store tempfile objects to prevent deletion during tests (#555)

Release v1.10.1

Full Changelog

• c7b12af Release v1.10.1
• ea28118 Properly escape double quotes in shell commands on Windows (#552)
• db060fc Properly unescape diff paths (#504)
• ea47044 Add Ruby 3.0 to CI build (#547)

... (truncated)

Changelog

Sourced from git's changelog.

v1.13.0 (2022-12-10)

Full Changelog

• 8349224 Update list of maintainers (#598)
• 4fe8738 In ls-files do not unescape file paths with eval (#602)
• 74b8e11 Add start_point option for checkout command (#597)
• ff6dcf4 Do not assume the default branch is 'master' in tests
• 8279298 Fix exception when Git is autoloaded (#594)

v1.12.0

See https://github.com/ruby-git/ruby-git/releases/tag/v1.12.0

v1.11.0

• 292087e Supress unneeded test output (#570)
• 19dfe5e Add support for fetch options "--force/-f" and "--prune-tags/-P". (#563)
• 018d919 Fix bug when grepping lines that contain numbers surrounded by colons (#566)
• c04d16e remove from maintainer (#567)
• 291ca09 Address command line injection in Git::Lib#fetch
• 521b8e7 Release v1.10.2 (#561)

See https://github.com/ruby-git/ruby-git/releases/tag/v1.11.0

v1.10.2

See https://github.com/ruby-git/ruby-git/releases/tag/v1.10.2

1.10.1

See https://github.com/ruby-git/ruby-git/releases/tag/v1.10.1

1.10.0

See https://github.com/ruby-git/ruby-git/releases/tag/v1.10.0

1.9.1

See https://github.com/ruby-git/ruby-git/releases/tag/v1.9.1

1.9.0

See https://github.com/ruby-git/ruby-git/releases/tag/v1.9.0

1.8.1

See https://github.com/ruby-git/ruby-git/releases/tag/v1.8.1

1.8.0

... (truncated)

Commits

• ca8ff35 Release v1.13.0
• 8349224 Update list of maintainers (#598)
• 4fe8738 In ls-files do not unescape file paths with eval (#602)
• 74b8e11 Add start_point option for checkout command (#597)
• ff6dcf4 Do not assume the default branch is 'master' in tests
• 8279298 Fix exception when Git is autoloaded (#594)
• ea79dad Release v1.12.0
• e58cd29 Support the commit --no-gpg-sign flag (#589)
• 323383b Use yard gem version 0.9.8 or later instead of HEAD from GitHub (#592)
• 609ab8b Allow the CI build to be run manually using the GitHub interface (#590)
• Additional commits viewable in compare view

Updates rexml from 3.2.5 to 3.3.6

Release notes

Sourced from rexml's releases.

REXML 3.3.6 - 2024-08-22

Improvements

• Removed duplicated entity expansions for performance.

  • GH-194
  • Patch by Viktor Ivarsson.

• Improved namespace conflicted attribute check performance. It was too slow for deep elements.

  • Reported by l33thaxor.

Fixes

• Fixed a bug that default entity expansions are counted for security check. Default entity expansions should not be counted because they don't have a security risk.

  • GH-198
  • GH-199
  • Patch Viktor Ivarsson

• Fixed a parser bug that parameter entity references in internal subsets are expanded. It's not allowed in the XML specification.

  • GH-191
  • Patch by NAITOH Jun.

• Fixed a stream parser bug that user-defined entity references in text aren't expanded.

  • GH-200
  • Patch by NAITOH Jun.

Thanks

• Viktor Ivarsson

• NAITOH Jun

• l33thaxor

REXML 3.3.5 - 2024-08-12

Fixes

• Fixed a bug that REXML::Security.e...

  Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.