build(deps): bump the bundler group across 7 directories with 10 updates

[dependabot]

Bumps the bundler group with 1 update in the /pkgs/applications/misc/coltrane directory: activesupport.
Bumps the bundler group with 2 updates in the /pkgs/applications/misc/pt directory: addressable and excon.
Bumps the bundler group with 1 update in the /pkgs/applications/misc/taskjuggler directory: webrick.
Bumps the bundler group with 2 updates in the /pkgs/applications/office/ledger-web directory: rack and sinatra.
Bumps the bundler group with 3 updates in the /pkgs/applications/version-management/bitbucket-server-cli directory: json, addressable and git.
Bumps the bundler group with 4 updates in the /pkgs/applications/version-management/danger-gitlab directory: addressable, git, httparty and rexml.
Bumps the bundler group with 1 update in the /pkgs/applications/version-management/git-fame directory: activesupport.

Updates activesupport from 7.0.4.2 to 7.0.7.1

Release notes

Sourced from activesupport's releases.

7.0.7.1

Active Support

• Use a temporary file for storing unencrypted files while editing

  [CVE-2023-38037]

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• No changes.

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

... (truncated)

Commits

• c92caef Preparing for 7.0.7.1 release
• 936587d updating version / changelog
• a21d6ed Use a temporary file for storing unencrypted files while editing
• 522c86f Preparing for 7.0.7 release
• 5610cba Sync CHANGELOG with the changes in the repository
• 7e9ffc2 Fix to_s not using :default format with no args
• a8e88e2 Fix Cache::NullStore with local caching for repeated reads
• b18b9df Merge pull request #48800 from robinjam/fix-humanize-nil
• b12fe80 Fix Enumerable#sum for Enumerator#lazy
• e3f80f6 Add lower bound to Listen gem requirement
• Additional commits viewable in compare view

Updates addressable from 2.6.0 to 2.8.0

Changelog

Sourced from addressable's changelog.

Addressable 2.8.0

• fixes ReDoS vulnerability in Addressable::Template#match
• no longer replaces + with spaces in queries for non-http(s) schemes
• fixed encoding ipv6 literals
• the :compacted flag for normalized_query now dedupes parameters
• fix broken escape_component alias
• dropping support for Ruby 2.0 and 2.1
• adding Ruby 3.0 compatibility for development tasks
• drop support for rack-mount and remove Addressable::Template#generate
• performance improvements
• switch CI/CD to GitHub Actions

Addressable 2.7.0

• added :compacted flag to normalized_query
• heuristic_parse handles mailto: more intuitively
• dropped explicit support for JRuby 9.0.5.0
• compatibility w/ public_suffix 4.x
• performance improvements

Commits

• 6469a23 Updating gemspec again
• 2433638 Merge branch 'main' of github.com:sporkmonger/addressable into main
• e9c76b8 Merge pull request #378 from ashmaroli/flat-map
• 56c5cf7 Update the gemspec
• c1fed1c Require a non-vulnerable rake
• 0d8a312 Adding note about ReDoS vulnerability
• 89c7613 Merge branch 'template-regexp' into main
• cf8884f Note about alias fix
• bb03f71 Merge pull request #371 from charleystran/add_missing_encode_component_doc_entry
• 6d1d809 Adding note about :compacted normalization
• Additional commits viewable in compare view

Updates excon from 0.64.0 to 0.71.0

Changelog

Sourced from excon's changelog.

0.71.0 2019-12-12

fix for leftover data with interrupted persistent connections

0.70.0 2019-12-02

Update bundled certificates

0.69.1 2019-11-21

Fix mistake in proxy connection error handling

0.69.0 2019-11-21

Raise better proxy connection errors

0.68.0 2019-10-25

Updated bundled certs

0.67.0 2019-09-24

Properly redact user/pass info from proxy credentials Update bundled certs

0.66.0 2019-08-06

Add remote_ip to datum, enabling usage in middleware redirect follower now raises after following too many redirects (default 10) fixed stub clearing in tests to avoid race conditions

0.65.0 2019-07-22

fix yardoc formatting fix creating Proc without a block reduce/refine gem file contents update bundled certs readd bundled certs to gem file contents

Commits

• 1149d44 v0.71.0
• ccb57d7 fix for leftover data with interrupted persistent connections
• f8de8cf v0.70.0
• 93f4a21 v0.69.1
• e89bbb7 Merge pull request #709 from jasquat/fix_response_status_check
• 5647437 fixed response status check when making a request with a valid proxy is set
• f769176 v0.69.0
• 20c0748 define ProxyConnectionError
• f44106a raise on failed proxy connect
• d7ed5fe be thorough in unsubscribing to notifications in instrumentation tests
• Additional commits viewable in compare view

Updates webrick from 1.8.1 to 1.8.2

Release notes

Sourced from webrick's releases.

v1.8.2

What's Changed

• Drop commented-out line by @​olleolleolle in ruby/webrick#108
• Add Ruby 3.1 & 3.2 to CI matrix by @​tricknotes in ruby/webrick#109
• Fix/redos by @​ooooooo-q in ruby/webrick#114
• Raise HTTPStatus::BadRequest for requests with invalid/duplicate content-length headers by @​jeremyevans in ruby/webrick#120
• Bump actions/checkout from 3 to 4 by @​dependabot in ruby/webrick#121
• Improve CI by @​hsbt in ruby/webrick#123
• Fix WEBrick::TestFileHandler#test_short_filename test not working on mswin by @​KJTsanaktsidis in ruby/webrick#128
• Fix bug chunk extension detection by @​jeremyevans in ruby/webrick#125
• Fix CI. by @​ioquatix in ruby/webrick#131
• Merge multiple cookie headers, preserving semantic correctness. by @​ioquatix in ruby/webrick#130
• Test on macos-latest by @​byroot in ruby/webrick#132
• Require CRLF line endings in request line and headers by @​jeremyevans in ruby/webrick#138
• Prefer squigly heredocs. by @​ioquatix in ruby/webrick#143
• Only strip space and horizontal tab in headers by @​jeremyevans in ruby/webrick#141
• Treat missing CRLF separator after headers as an EOFError by @​jeremyevans in ruby/webrick#142
• Return 400 response for chunked requests with unexpected data after chunk by @​jeremyevans in ruby/webrick#136
• Fix reference to URI::REGEXP::PATTERN::HOST by @​casperisfine in ruby/webrick#144
• Prevent request smuggling by @​jeremyevans in ruby/webrick#146

New Contributors

• @​tricknotes made their first contribution in ruby/webrick#109
• @​ooooooo-q made their first contribution in ruby/webrick#114
• @​KJTsanaktsidis made their first contribution in ruby/webrick#128
• @​byroot made their first contribution in ruby/webrick#132
• @​casperisfine made their first contribution in ruby/webrick#144

Full Changelog: ruby/webrick@v1.8.1...v1.8.2

Commits

• 0fb9de6 Bump up v1.8.2
• b9a4c81 Removed trailing spaces
• f5faca9 Prevent request smuggling
• 0c600e1 Fix reference to URI::REGEXP::PATTERN::HOST
• 15a9391 Return 400 response for chunked requests with unexpected data after chunk
• 2b38d56 Treat missing CRLF separator after headers as an EOFError
• e4efb4a Remove unnecessary gsub calls in test_httprequest.rb
• 426e214 Only strip space and horizontal tab in headers
• e72cb69 Prefer squigly heredocs. (#143)
• ee60354 Require CRLF line endings in request line and headers
• Additional commits viewable in compare view

Updates rack from 2.0.7 to 2.2.8.1

Release notes

Sourced from rack's releases.

v2.2.8.1

What's Changed

• Fixed ReDoS in Accept header parsing [CVE-2024-26146]
• Fixed ReDoS in Content Type header parsing [CVE-2024-25126]
• Reject Range headers which are too large [CVE-2024-26141]

Full Changelog: rack/rack@v2.2.8...v2.2.8.1

v2.2.8

What's Changed

• Limit file extension length of multipart tempfiles (2.2 backport) by @​dentarg in rack/rack#2075
• CHANGELOG: Add missing 2.2.7 by @​tisba in rack/rack#2081
• Update cookie.rb by @​dchandekstark in rack/rack#2092
• Prefer ubuntu-latest for testing. by @​ioquatix in rack/rack#2095
• Fix inefficient assert pattern in Rack::Lint [2-2-stable] by @​skipkayhil in rack/rack#2101
• Regenerate SPEC [2-2-stable] by @​skipkayhil in rack/rack#2102

New Contributors

• @​tisba made their first contribution in rack/rack#2081
• @​dchandekstark made their first contribution in rack/rack#2092

Full Changelog: rack/rack@v2.2.7...v2.2.8

v2.2.7

What's Changed

• Correct the year number in the changelog by @​kimulab in rack/rack#2015
• Support underscore in host names for Rack 2.2 (Fixes #2070) by @​jeremyevans in rack/rack#2071

New Contributors

• @​kimulab made their first contribution in rack/rack#2015

Full Changelog: rack/rack@v2.2.6.4...v2.2.7

v2.2.6.4

No release notes provided.

v2.1.4.4

What's Changed

• Fixed ReDoS in Accept header parsing [CVE-2024-26146]

Full Changelog: rack/rack@v2.1.4.3...v2.1.4.4

v2.0.9.4

What's Changed

• Fixed ReDoS in Accept header parsing [CVE-2024-26146]

Full Changelog: rack/rack@v2.0.9.3...v2.0.9.4

Changelog

Sourced from rack's changelog.

Changelog

All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.

Unreleased

Added

• Introduce Rack::VERSION constant. (#2199, [@​ioquatix])

Changed

• Invalid cookie keys will now raise an error. (#2193, [@​ioquatix])
• Rack::MediaType#params now handles empty strings. (#2229, [@​jeremyevans])

Deprecated

• Rack::Auth::AbstractRequest#request is deprecated without replacement. (#2229, [@​jeremyevans])
• Rack::Request#parse_multipart (private method designed to be overridden in subclasses) is deprecated without replacement. (#2229, [@​jeremyevans])

Removed

• Rack::Request#values_at is removed. (#2200, [@​ioquatix])
• Rack::Logger is removed with no replacement. (#2196, [@​ioquatix])
• Automatic cache invalidation in Rack::Request#{GET,POST} has been removed. (#2230, [@​jeremyevans])

Fixed

• Rack::RewindableInput::Middleware no longer wraps a nil input. (#2259, @​tt)

[3.1.8] - 2024-10-14

Fixed

• Resolve deprecation warnings about uri DEFAULT_PARSER. (#2249, [@​earlopain])

[3.1.7] - 2024-07-11

Fixed

• Do not remove escaped opening/closing quotes for content-disposition filenames. (#2229, [@​jeremyevans])
• Fix encoding setting for non-binary IO-like objects in MockRequest#env_for. (#2227, [@​jeremyevans])
• Rack::Response should not generate invalid content-length header. (#2219, [@​ioquatix])
• Allow empty PATH_INFO. (#2214, [@​ioquatix])

[3.1.6] - 2024-07-03

Fixed

• Fix several edge cases in Rack::Request#parse_http_accept_header's implementation. (#2226, [@​ioquatix])

... (truncated)

Commits

• e830011 bump version
• d9c163a Avoid 2nd degree polynomial regexp in MediaType
• 6245768 Return an empty array when ranges are too large
• e4c1177 Fixing ReDoS in header parsing
• f169ff7 Bump patch version.
• 0a46487 Regenerate SPEC (#2102)
• cee73b3 Fix inefficient assert pattern in Rack::Lint (#2101)
• 1fdcf1f Prefer ubuntu-latest for testing. (#2095)
• 287fe43 Update cookie.rb (#2092)
• e7f4869 adds missing 2.2.7 to CHANGELOG.md (#2081)
• Additional commits viewable in compare view

Updates sinatra from 2.0.5 to 4.1.0

Changelog

Sourced from sinatra's changelog.

4.1.0 / 2024-11-18

• New: Add host_authorization setting (#2053)
  • Defaults to .localhost, .test and any IP address in development mode.
  • Security: addresses CVE-2024-21510.
• Fix: Return an instance of Sinatra::IndifferentHash when calling #except (#2044)
• Fix: Address warning from URI for Ruby 3.4 (#2060)
• Fix: rackup no longer depends on WEBrick, recommend Puma instead (4a558503)
• Fix: Zeitwerk 2.7.0+ compatibility (#2050)
• Fix: Address warning about Hash construction for Ruby 3.4 (#2028)
• Fix: Declare missing dependencies for Ruby 3.5 (#2032)
• Fix: Compatibility with --enable-frozen-string-literal (#2033)
• Fix: Rack 3.1 compatibility (#2035)
  • Don't depend on Rack::Logger
  • Don't delete content-length header when Rack::Files is used

4.0.0. / 2024-01-19

• New: Add support for Rack 3 (#1857)

  • Note: you may want to read the [Rack 3 Upgrade Guide]

• Require Ruby 2.7.8 as minimum Ruby version (#1993)

• Breaking change: Drop support for Rack 2 (#1857)

  • Note: when using Sinatra to start the web server, you now need the rackup gem installed

• Breaking change: Remove the IndifferentHash initializer (#1982)

• Breaking change: Disable session_hijacking protection by default (#1984)

• Breaking change: Remove Rack::Protection::EncryptedCookie (#1989)

  • Note: cookies are still encrypted (by [Rack::Session::Cookie])

#1857: sinatra/sinatra#1857 #1993: sinatra/sinatra#1993 #1982: sinatra/sinatra#1982 #1984: sinatra/sinatra#1984 #1989: sinatra/sinatra#1989 [Rack::Session::Cookie]: https://github.com/rack/rack-session [Rack 3 Upgrade Guide]: https://github.com/rack/rack/blob/main/UPGRADE-GUIDE.md

3.2.0 / 2023-12-29

• New: Add #except method to Sinatra::IndifferentHash (#1940)

• New: Use Exception#detailed_message to show backtrace (#1952)

• New: Add Sinatra::HamlHelpers to sinatra-contrib (#1960)

• Fix: Add base64 to rack-protection runtime dependencies (#1946)

... (truncated)

Commits

• 73f3291 4.1.0 release (#2063)
• cd3e00d Add HostAuthorization rack-protection middleware (#2053)
• 8c4cd0b Return an instance of Sinatra::IndifferentHash when calling #except (#2044)
• 3c888f7 Address URI depreciation (#2060)
• 0d33ef8 CI: don't test falcon on Ruby 2.7
• 4a55850 Remove WEBrick
• 955682e CI: unset RUBYOPT for JRuby jobs
• 2d0b347 Support Zeitwerk 2.7.0+ (#2050)
• 6569ff8 Revert "CI: document the console gem issue"
• 77df658 CI: document the console gem issue
• Additional commits viewable in compare view

Updates json from 2.0.2 to 2.3.0

Release notes

Sourced from json's releases.

v2.3.0

What's Changed

• README: Docs at rubydoc.info, not on rubyforge by @​olleolleolle in flori/json#376
• Remove RubyForge homepage reference by @​olleolleolle in flori/json#378
• Add ascii_only option to JSON::Ext::Generator::State.new. by @​sho-h in flori/json#367
• Gemspec: Drop EOL'd property rubyforge_project by @​olleolleolle in flori/json#381
• Backport ruby core changes by @​hsbt in flori/json#388
• Minor cleanup for ruby 2.7 warnings and failures. by @​zenspider in flori/json#389
• relax test-unit version for old ruby by @​hsbt in flori/json#390
• Bump versions for 2.3.0. by @​headius in flori/json#391

New Contributors

• @​zenspider made their first contribution in flori/json#389

Full Changelog: ruby/json@v2.2.0...v2.3.0

v2.2.0

What's Changed

• Fixed json_create example to use create_additions = true by @​perlun in flori/json#331
• README: Fixed code examples to start in the left-most column by @​perlun in flori/json#330
• Added missing bigdecimal for its test by @​hsbt in flori/json#335
• README: Added note about json/add/exception by @​perlun in flori/json#332
• fix link in travis widget by @​lostapathy in flori/json#340
• [CI] Test against Ruby 2.5 by @​nicolasleger in flori/json#352
• Removed control characters from gemspec. by @​hsbt in flori/json#360
• Fix typos in README.md by @​yui-knk in flori/json#363
• Backport from Ruby core repository by @​hsbt in flori/json#359
• Fix for bigdecimal updates by @​mrkn in flori/json#362
• Fix a typo. by @​sho-h in flori/json#369
• fix JSON::Generator::State#ascii_only? document same as lib/json/pure/generator.rb. by @​sho-h in flori/json#366

New Contributors

• @​lostapathy made their first contribution in flori/json#340
• @​nicolasleger made their first contribution in flori/json#352
• @​yui-knk made their first contribution in flori/json#363

Full Changelog: ruby/json@v2.1.0...v2.2.0

v2.1.0

What's Changed

• README.md typo fix by @​kaworu in flori/json#300
• Correct documentation of OpenStruct.json_create by @​kyanagi in flori/json#301
• No Bignum by @​nobu in flori/json#302
• CHANGES.md: Fixed typo by @​perlun in flori/json#306
• Actually test BigDecimal parsing. by @​xb in flori/json#321
• Back-out change of directory of json-java.gemspec. by @​xb in flori/json#323

New Contributors

• @​kaworu made their first contribution in flori/json#300
• @​kyanagi made their first contribution in flori/json#301

... (truncated)

Changelog

Sourced from json's changelog.

2019-12-11 (2.3.0)

• Fix default of create_additions to always be false for JSON(user_input) and JSON.parse(user_input, nil). Note that JSON.load remains with default true and is meant for internal serialization of trusted data. [CVE-2020-10663]
• Fix passing args all #to_json in json/add/*.
• Fix encoding issues
• Fix issues of keyword vs positional parameter
• Fix JSON::Parser against bigdecimal updates
• Bug fixes to JRuby port

2019-02-21 (2.2.0)

• Adds support for 2.6 BigDecimal and ruby standard library Set datetype.

2017-04-18 (2.1.0)

• Allow passing of decimal_class option to specify a class as which to parse JSON float numbers.

2017-03-23 (2.0.4)

• Raise exception for incomplete unicode surrogates/character escape sequences. This problem was reported by Daniel Gollahon (dgollahon).
• Fix arbitrary heap exposure problem. This problem was reported by Ahmad Sherif (ahmadsherif).

2017-01-12 (2.0.3)

• Set required_ruby_version to 1.9
• Some small fixes

Commits

• 92cf5c4 v2.3.0
• 579ae85 Add some more recent jruby
• acabfeb Make tests green on jruby
• c194360 Update travis config
• 49317c1 Ignore log files
• d84439f Merge pull request #391 from headius/prep_2.3.0
• 38f68d1 Bump versions for 2.3.0.
• 40524a9 Merge pull request #390 from flori/relax-test-unit
• 87379e6 relax test-unit version for old ruby
• 05de02f Merge branch 'zenspider-zenspider/ruby-2.7'
• Additional commits viewable in compare view

Updates addressable from 2.5.0 to 2.8.0

Changelog

Sourced from addressable's changelog.

Addressable 2.8.0

• fixes ReDoS vulnerability in Addressable::Template#match
• no longer replaces + with spaces in queries for non-http(s) schemes
• fixed encoding ipv6 literals
• the :compacted flag for normalized_query now dedupes parameters
• fix broken escape_component alias
• dropping support for Ruby 2.0 and 2.1
• adding Ruby 3.0 compatibility for development tasks
• drop support for rack-mount and remove Addressable::Template#generate
• performance improvements
• switch CI/CD to GitHub Actions

Addressable 2.7.0

• added :compacted flag to normalized_query
• heuristic_parse handles mailto: more intuitively
• dropped explicit support for JRuby 9.0.5.0
• compatibility w/ public_suffix 4.x
• performance improvements

Commits

• 6469a23 Updating gemspec again
• 2433638 Merge branch 'main' of github.com:sporkmonger/addressable into main
• e9c76b8 Merge pull request #378 from ashmaroli/flat-map
• 56c5cf7 Update the gemspec
• c1fed1c Require a non-vulnerable rake
• 0d8a312 Adding note about ReDoS vulnerability
• 89c7613 Merge branch 'template-regexp' into main
• cf8884f Note about alias fix
• bb03f71 Merge pull request #371 from charleystran/add_missing_encode_component_doc_entry
• 6d1d809 Adding note about :compacted normalization
• Additional commits viewable in compare view

Updates git from 1.3.0 to 1.13.0

Release notes

Sourced from git's releases.

v1.13.0

Full Changelog

• ca8ff35 Release v1.13.0 (#603)
• 8349224 Update list of maintainers (#598)
• 4fe8738 In ls-files do not unescape file paths with eval (#602)
• 74b8e11 Add start_point option for checkout command (#597)
• ff6dcf4 Do not assume the default branch is 'master' in tests
• 8279298 Fix exception when Git is autoloaded (#594)

Release v1.12.0

Full Changelog

• ea79dad Release v1.12.0
• e58cd29 Support the commit --no-gpg-sign flag (#589)
• 323383b Use yard gem version 0.9.8 or later instead of HEAD from GitHub (#592)
• 609ab8b Allow the CI build to be run manually using the GitHub interface (#590)
• 4a96679 Fix windows build (#591)
• 6f2b3fd Support the --all option for git fetch (#583)
• 1b13ec1 Workaround to get JRuby build working (#582)
• 5f0adec Update README.md (#580)
• 45b467c Make the directory param to Git.clone optional (#578)
• b92130c Make Git::URL.clone_to handle cloning to bare and mirror repos (#577)
• 13471d7 Add Git::URL #parse and #clone_to methods (#575)
• 0a43d8b Use the head version of yard (#573)

Release v1.11.0

Full Changelog

• 292087e Supress unneeded test output (#570)
• 19dfe5e Add support for fetch options "--force/-f" and "--prune-tags/-P". (#563)
• 018d919 Fix bug when grepping lines that contain numbers surrounded by colons (#566)
• c04d16e remove from maintainer (#567)
• 291ca09 Address command line injection in Git::Lib#fetch
• 521b8e7 Release v1.10.2 (#561)

Release v1.10.2

Full Changelog

• 57f941c Release v1.10.2
• c987a74 Add create-release, setup, and console dev scripts (#560)
• 12e3d03 Store tempfile objects to prevent deletion during tests (#555)

Release v1.10.1

Full Changelog

• c7b12af Release v1.10.1
• ea28118 Properly escape double quotes in shell commands on Windows (#552)
• db060fc Properly unescape diff paths (#504)
• ea47044 Add Ruby 3.0 to CI build (#547)

... (truncated)

Changelog

Sourced from git's changelog.

v1.13.0 (2022-12-10)

Full Changelog

• 8349224 Update list of maintainers (#598)
• 4fe8738 In ls-files do not unescape file paths with eval (#602)
• 74b8e11 Add start_point option for checkout command (#597)
• ff6dcf4 Do not assume the default branch is 'master' in tests
• 8279298 Fix exception when Git is autoloaded (#594)

v1.12.0

See https://github.com/ruby-git/ruby-git/releases/tag/v1.12.0

v1.11.0

• 292087e Supress unneeded test output (#570)
• 19dfe5e Add support for fetch options "--force/-f" and "--prune-tags/-P". (#563)
• 018d919 Fix bug when grepping lines that contain numbers surrounded by colons (#566)
• c04d16e remove from maintainer (#567)
• 291ca09 Address command line injection in Git::Lib#fetch
• 521b8e7 Release v1.10.2 (#561)

See https://github.com/ruby-git/ruby-git/releases/tag/v1.11.0

v1.10.2

See https://github.com/ruby-git/ruby-git/releases/tag/v1.10.2

1.10.1

See https://github.com/ruby-git/ruby-git/releases/tag/v1.10.1

1.10.0

See https://github.com/ruby-git/ruby-git/releases/tag/v1.10.0

1.9.1

See https://github.com/ruby-git/ruby-git/releases/tag/v1.9.1

1.9.0

See https://github.com/ruby-git/ruby-git/releases/tag/v1.9.0

1.8.1

See https://github.com/ruby-git/ruby-git/releases/tag/v1.8.1

1.8.0

... (truncated)

Commits

• ca8ff35 Release v1.13.0
• 8349224 Update list of maintainers (#598)
• 4fe8738 In ls-files do not unescape file paths with eval (#602)
• 74b8e11 Add start_point option for checkout command (#597)
• ff6dcf4 Do not assume the default branch is 'master' in tests
• 8279298 Fix exception when Git is autoloaded (#594)
• ea79dad Release v1.12.0
• e58cd29 Support the commit --no-gpg-sign flag (#589)
• 323383b Use yard gem version 0.9.8 or later instead of HEAD from GitHub (#592)
• 609ab8b Allow the CI build to be run manually using the GitHub interface (#590)
• Additional commits viewable in compare view

Updates addressable from 2.8.0 to 2.8.7

Changelog

Sourced from addressable's changelog.

Addressable 2.8.0

• fixes ReDoS vulnerability in Addressable::Template#match
• no longer replaces + with spaces in queries for non-http(s) schemes
• fixed encoding ipv6 literals
• the :compacted flag for normalized_query now dedupes parameters
• fix broken escape_component alias
• dropping support for Ruby 2.0 and 2.1
• adding Ruby 3.0 compatibility for development tasks
• drop support for rack-mount and remove Addressable::Template#generate
• performance improvements
• switch CI/CD to GitHub Actions

Addressable 2.7.0

• added :compacted flag to normalized_query
• heuristic_parse handles mailto: more intuitively
• dropped explicit support for JRuby 9.0.5.0
• compatibility w/ public_suffix 4.x
• performance improvements

Commits

• 6469a23 Updating gemspec again
• 2433638 Merge branch 'main' of github.com:sporkmonger/addressable into main
• e9c76b8 Merge pull request #378 from ashmaroli/flat-map
• 56c5cf7 Update the gemspec
• c1fed1c Require a non-vulnerable rake
• 0d8a312 Adding note about ReDoS vulnerability
• 89c7613 Merge branch 'template-regexp' into main
• cf8884f Note about alias fix
• bb03f71 Merge pull request #371 from charleystran/add_missing_encode_component_doc_entry
• 6d1d809 Adding note about :compacted normalization
• Additional commits viewable in compare view

Updates git from 1.9.1 to 1.13.0

Release notes

Sourced from git's releases.

v1.13.0

Full Changelog

• ca8ff35 Release v1.13.0 (#603)
• 8349224 Update list of maintainers (#598)
• 4fe8738 In ls-files do not unescape file paths with eval (#602)
• 74b8e11 Add start_point option for checkout command (#597)
• ff6dcf4 Do not assume the default branch is 'master' in tests
• 8279298 Fix exception when Git is autoloaded (#594)

Release v1.12.0

Full Changelog

• ea79dad Release v1.12.0
• e58cd29 Support the commit --no-gpg-sign flag (#589)
• 323383b Use yard gem version 0.9.8 or later instead of HEAD from GitHub (#592)
• 609ab8b Allow the CI build to be run manually using the GitHub interface (#590)
• 4a96679 Fix windows build (#591)
• 6f2b3fd Support the --all option for git fetch (#583)
• 1b13ec1 Workaround to get JRuby build working (#582)
• 5f0adec Update README.md (#580)
• 45b467c Make the directory param to Git.clone optional (#578)
• b92130c Make Git::URL.clone_to handle cloning to bare and mirror repos (#577)
• 13471d7 Add Git::URL #parse and #clone_to methods (#575)
• 0a43d8b Use the head version of yard (#573)

Release v1.11.0

Full Changelog

• 292087e Supress unneeded test output (#570)
• 19dfe5e Add s...

  Description has been truncated

[dependabot]

Dependabot couldn't find any dependency files in the directory. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot couldn't find any dependency files in the directory. Because of this, Dependabot cannot update this pull request.