🚨 [security] Update nokogiri: 1.6.6.2 → 1.10.4 (minor)

[depfu]

---

Welcome to Depfu 👋

This is one of the first three pull requests with dependency updates we've sent your way. We tried to start with a few easy patch-level updates. Hopefully your tests will pass and you can merge this pull request without too much risk. This should give you an idea how Depfu works in general.

After you merge your first pull request, we'll send you a few more. We'll never open more than seven PRs at the same time so you're not getting overwhelmed with updates.

Let us know if you have any questions. Thanks so much for giving Depfu a try!

---

---

🚨 Your version of nokogiri has known security vulnerabilities 🚨

Advisory: CVE-2019-5477
Disclosed: August 11, 2019
URL: https://github.com/sparklemotion/nokogiri/issues/1915

Nokogiri Command Injection Vulnerability

🚨 We recommend to merge and deploy this update as soon as possible! 🚨

---

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

↗️ nokogiri (indirect, 1.6.6.2 → 1.10.4) · Repo · Changelog

Release Notes

1.10.3

1.10.3 / 2019-04-22

Security Notes

[MRI] Pulled in upstream patch from libxslt that addresses CVE-2019-11068. Full details are available in #1892. Note that this patch is not yet (as of 2019-04-22) in an upstream release of libxslt.

1.10.2

1.10.2 / 2019-03-24

Security

• [MRI] Remove support from vendored libxml2 for future script macros. [#1871]
• [MRI] Remove support from vendored libxml2 for server-side includes within attributes. [#1877]

Bug fixes

• [JRuby] Fix node ownership in duplicated documents. [#1060]
• [JRuby] Rethrow exceptions caught by Java SAX handler. [#1847, #1872] (Thanks, @adjam!)

1.10.1

1.10.1 / 2019-01-13

Features

• [MRI] During installation, handle Xcode 10's new library pathOS. [#1801, #1851] (Thanks, @mlj and @deepj!)
• Avoid unnecessary creation of Procs in many methods. [#1776] (Thanks, @chopraanmol1!)

Bug fixes

• CSS selector :has() now correctly matches against any descendant. Previously this selector matched against only direct children). [#350] (Thanks, @Phrogz!)
• NodeSet#attr now returns nil if it's empty. Previously this raised a NoMethodError.
• [MRI] XPath errors are no longer suppressed during XSLT::Stylesheet#transform. Previously these errors were suppressed which led to silent failures and a subsequent segfault. [#1802]

1.10.0

1.10.0 / 2019-01-04

Features

• [MRI] Cross-built Windows gems now support Ruby 2.6 [#1842, #1850]

Backwards incompatibilities

This release ends support for:

• Ruby 2.2, for which official support ended on 2018-03-31 [#1841]
• JRuby 1.7, for which official support ended on 2017-11-21 [#1741]

Dependencies

• [MRI] libxml2 is updated from 2.9.8 to 2.9.9
• [MRI] libxslt is updated from 1.1.32 to 1.1.33

1.9.1

1.9.1 / 2018-12-17

Bug fixes

• Fix a bug introduced in v1.9.0 where XML::DocumentFragment#dup no longer returned an instance of the callee's class, instead always returning an XML::DocumentFragment. This notably broke any subclass of XML::DocumentFragment including HTML::DocumentFragment as well as the Loofah gem's Loofah::HTML::DocumentFragment. [#1846]

1.9.0

1.9.0 / 2018-12-17

Security Notes

• [JRuby] Upgrade Xerces dependency from 2.11.0 to 2.12.0 to address upstream vulnerability CVE-2012-0881 [#1831] (Thanks @grajagandev for reporting.)

Notable non-functional changes

• Decrease installation size by removing many unneeded files (e.g., /test) from the packaged gems. [#1719] (Thanks, @stevecrozz!)

Features

• XML::Attr#value= allows HTML node attribute values to be set to either a blank string or an empty boolean attribute. [#1800]
• Introduce XML::Node#wrap which does what XML::NodeSet#wrap has always done, but for a single node. [#1531] (Thanks, @ethirajsrinivasan!)
• [MRI] Improve installation experience on macOS High Sierra (Darwin). [#1812, #1813] (Thanks, @gpakosz and @nurse!)
• [MRI] Node#dup supports copying a node directly to a new document. See the method documentation for details.
• [MRI] DocumentFragment#dup is now more memory-efficient, avoiding making unnecessary copies. [#1063]
• [JRuby] NodeSet has been rewritten to improve performance! [#1795]

Bug fixes

• NodeSet#each now returns self instead of zero. [#1822] (Thanks, @olehif!)
• [MRI] Address a memory leak when using XML::Builder to create nodes with namespaces. [#1810]
• [MRI] Address a memory leak when unparenting a DTD. [#1784] (Thanks, @stevecheckoway!)
• [MRI] Use RbConfig::CONFIG instead of ::MAKEFILE_CONFIG to fix installations that use Makefile macros. [#1820] (Thanks, @nobu!)
• [JRuby] Decrease large memory usage when making nested XPath queries. [#1749]
• [JRuby] Fix failing tests on JRuby 9.2.x
• [JRuby] Fix default namespaces in nodes reparented into a different document [#1774]
• [JRuby] Fix support for Java 9. [#1759] (Thanks, @Taywee!)

Dependencies

• [MRI] Upgrade mini_portile2 dependency from ~> 2.3.0 to ~> 2.4.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

✳️ jquery-rails (4.0.4 → 4.0.5) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 11 commits:

• Release 4.0.5
• Upgrade jquery-ujs to 1.1.0
• Merge pull request #194 from nicolasleger/patch-1
• Merge pull request #195 from nicolasleger/patch-2
• Merge pull request #199 from benpickles/3-1-3-changelog
• Include details of 3.1.3 release.
• Merge pull request #198 from takiy33/patch-1
• Remove rubyforge_project option
• Merge pull request #196 from attritionorg/patch-1
• update copyright
• Merge branch '4-0-3-sec'

↗️ arel (indirect, 6.0.2 → 6.0.4) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 11 commits:

• Release 6.0.4
• Merge pull request #439 from koic/backport-integer
• Support for unified Integer class in Ruby 2.4+
• Merge pull request #381 from carsonreinke/function_order
• Use bundled gems
• Run with Ruby 2.2
• Improve travis configuration
• Fix tests
• Release 6.0.3
• Merge pull request #361 from evgenim/master
• Merge pull request #377 from Eric-Guo/master

↗️ builder (indirect, 3.2.2 → 3.2.3) · Repo · Changelog

↗️ globalid (indirect, 0.3.5 → 0.4.2) · Repo · Changelog

Release Notes

0.4.2

• Allow configuration in initialisers 3c8f909

• Clear to_global_id memoization on dup #109

• Adds hash equality #108

Commits: v0.4.1...v0.4.2

0.4.1

• Fix occasional error while trying to deserialize arguments: "uninitialized constant GlobalID::Locator"

  Yuji Yaginuma (#102)

0.4.0

• Generate URL-safe SGIDs by default.

  Goerge Claghorn (#98)

• Bump Rails support to 4.2 and above.

  #98 required the ActiveSupport::MessageVerifier from Active Support 4.2 to work.

  Kasper Timm Hansen

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ i18n (indirect, 0.7.0 → 0.9.5) · Repo · Changelog

Release Notes

0.9.5

• #404 reported a regression in 0.9.3, which wasn't fixed by 0.9.4. #408 fixes this issue.

Thanks @wjordan!

0.9.4

• Fixed a regression with chained backends introduced in v0.9.3 (#402) - #405 - bug report / #407 - PR to fix
• Optimize Backend::Simple#available_locales - reports are that this is now 4x faster than previously - #406

0.9.3

(For those wondering where v0.9.2 went: I got busy after I pushed the commit for the release, so there was no gem release that day. I am not busy today, so here is v0.9.3 in its stead. This changelog contains changes from v0.9.1 -> v0.9.3)

• I18n no longer stores translations for unavailable locales. #391.
• Added the ability to interpolate with arrays #395.
• Documentation for lambda has been corrected. #396
• I18n will use oj -- a faster JSON library -- but only if it is available. #398
• Fixed an issue with translate and default: [false] as an option. #399
• Fixed an issue with translate with nil and empty keys. #400
• Fix issue with disabled subtrees and pluralization for KeyValue backend #402

Thank you to @stereobooster, @fatkodima and @lulalala for the patches that went towards this release. We appreciate your efforts!

0.9.1

• Reverted Hash#slice behaviour introduced with #250 - See #390.
• Fixed a regression caused by #387, where translations may have returned a not-helpful error message - See #389

0.9.0

• Made Backend::Memoize threadsafe. See #51 and #352.
• Added a middleware I18n::Middleware that should be used to ensure that i18n config is reset correctly between requests. See #381 and #382.

0.8.6

Fixed a small regression introduced in v0.8.5 when using fallbacks - See #378

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ json (indirect, 1.8.3 → 1.8.6) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 31 commits:

• Try to be compatible with ruby 1.8
• Update gemspecs
• Stop testing on 1.8, it might work though
• Travis don't know how to build these rubies
• Fix conversion crash on 1.9
• Require ruby version 2.0 or better
• Reduce supported ruby versions
• Test newer rubies
• Use 2.3.1 for testing
• Merge RUBY_INTEGER_UNIFICATION changes
• Make it interactive
• Easy diffing
• Use ~> 2.0 test-unit that runs on 1.8 rubies as well
• Only test main 2.2 branch
• Move dependencies into gemspec files
• Check for existence of #to_json method before call
• Avoid system stack error
• Remove permutation dependency
• Be gone…
• Attempt to switch jruby into 2.0 mode
• Add 2.3.0 for travis teting
• Add missing tests
• Call OBJECT_HANDLER for objects without #to_json
• Correct CHANGES
• Convert README to markdown
• Fix some links
• Skip 1.8.4
• Add 2.2.3 explicitely
• Remove sdoc and upgrade dependencies
• Bump version to 1.8.4 and add to CHANGES
• Remove remnants of GPL licenses

↗️ loofah (indirect, 2.0.2 → 2.2.3) · Repo · Changelog

Release Notes

2.2.3

Notably, this release addresses CVE-2018-16468.

2.2.2

2.2.2 / 2018-03-22

Make public Loofah::HTML5::Scrub.force_correct_attribute_escaping!,
which was previously a private method. This is so that downstream gems
(like rails-html-sanitizer) can use this logic directly for their own
attribute scrubbers should they need to address CVE-2018-8048.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ mail (indirect, 2.6.3 → 2.7.1) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ mime-types (indirect, 2.6.1 → 2.99.3) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 22 commits:

• Remove SimpleCov for 2.99.3 and later
• mime-types 2.99.3: data release (#122)
• mime-types 2.99.2: data release (#119)
• mime-types 2.99.1: data update
• Update History doc for 2.99
• Updated data file for mime-types 2.99 release
• Merge pull request #110 from mime-types/mime-types-2.99
• mime-types 2.99
• Really protect against Ruby 2.0 gems
• Fix coverage report for Ruby 2.0 or higher
• Add a code of conduct
• Change to fivemat output
• Finalizing for release of 2.6.2.
• Updated MIME type definitions for 2.6.2.
• IANA parser: Do not include xref data when missing
• Merge pull request #105 from JuanitoFatas/doc/readme
• Merge pull request #109 from mattbeedle/fix-typo
• Fix typo in MIME::Type::Columnar
• Merge pull request #108 from losadaem/107-each-with-object
• 'each_with_object' passes the given object as last argument.
• Correct anchor for rdoc [ci skip]
• Fix a section link in README.rdoc [ci skip]

↗️ minitest (indirect, 5.7.0 → 5.11.3) · Repo · Changelog

↗️ rack (indirect, 1.6.4 → 1.6.11) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 29 commits:

• Bumping version for release
• Whitelist http/https schemes
• Merge pull request #1296 from tomelm/fix-prefers-plaintext
• Bump version for release
• Merge pull request #1249 from mclark/handle-invalid-method-parameters
• handle failure to upcase invalid strings
• Stick with a passing version of Rubygems and bundler
• bump version for release
• Merge pull request #1237 from eileencodes/backport-1137
• Backport pull request #1137 from unabridged/fix-eof-failure
• bump version
• Merge pull request #1170 from rack/1-8-fix
• Merge pull request #1169 from eileencodes/fix-mistake-in-encoding-change
• Ruby 1.8 doesn't know about encodings
• Fix mistake in encoding change
• Bump rack version for release
• Ensure env values are ASCII 8BIT encoded
• Bump Rack version for release
• Merge pull request #1115 from Shopify/fix-multipart-parsing-with-null-byte
• Merge pull request #1158 from marshall-lee/1-6-stable-backport-2f8b710
• Merge pull request #1080 from sophiedeziel/master
• bumping version
• Use Mutex instead of Thread.exclusive for reloader
• CI: Refresh and repair builds
• Validate the SameSite cookie option
• Merge pull request #1037 from mastahyeti/backport_same_site_cookies
• first-party cookies are now same-site cookies
• First-Party cookies, another line of CSRF defense
• fix 1.8 backwards compat

↗️ rails-dom-testing (indirect, 1.0.6 → 1.0.9) · Repo

Commits

See the full diff on Github. The new version differs by 19 commits:

• Bump gem version to prep for release
• Merge pull request #70 from Tonkpils/frozen-selector-string-fix
• Dup selector string when extracting in case it's frozen
• Fix jruby on travis
• "2.3" seems too fuzzy
• Current rails 4.2 doesn't support ruby 2.4 and 2.5
• CI against ruby 2.3
• nokogiri 1.7 requires ruby version >= 2.1.0
• It's because bundler is too old that bundler tries to bundle AS 5.0.0.rc2
• This tries to bundle activesupport 5.0.0.rc2 where we actually need 4.2.x
• Release 1.0.8
• Allow Nokogiri 1.7
• Release 1.0.7
• Merge pull request #37 from aar0nr/readme-fixes
• Fix Nokogiri documentation links in README
• Merge pull request #36 from tgxworld/fix_incorrect_spelling
• Move `CountDescribable` into `Rails::Dom::Testing::Assertions::SelectorAssertions`.
• Fix incorrect spelling.
• Dont set @html_document to not collide with ActionDispatch

↗️ rails-html-sanitizer (indirect, 1.0.2 → 1.2.0) · Repo · Changelog

Release Notes

1.2.0

• Remove needless white_list_sanitizer deprecation.

  By deprecating this, we were forcing Rails 5.2 to be updated or spew
  deprecations that users could do nothing about.

  That's pointless and I'm sorry for adding that!

  Now there's no deprecation warning and Rails 5.2 works out of the box, while
  Rails 6 can use the updated naming.

  Kasper Timm Hansen

1.1.0

• Add safe_list_sanitizer and deprecate white_list_sanitizer to be removed
  in 1.2.0. #87

  Juanito Fatas

• Remove href from LinkScrubber's tags as it's not an element.
  #92

  Juanito Fatas

• Explain that we don't need to bump Loofah here if there's CVEs.
  d4d823c

  Kasper Timm Hansen

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 53 commits:

• Prepare 1.2.0
• Remove needless white list sanitizer deprecations
• Merge pull request #96 from olleolleolle/patch-1
• CI: Drop unused sudo: false Travis directive
• Merge pull request #95 from rwojnarowski/patch-1
• Deprecated warning text, missing space
• Prepare version 1.1.0
• Merge pull request #91 from JuanitoFatas/doc/scrubbers
• Merge pull request #92 from JuanitoFatas/link-sanitizer
• Improve LinkSanitizer's documentation
• href is not a HTML element
• Improve Scrubber documentations
• Merge pull request #87 from JuanitoFatas/migrate-to-safelist
• Migrate to SafeListSanitizer
• Merge pull request #90 from JuanitoFatas/jf.fix-tests
• Update test behavior for Nokogiri > 1.9.1.
• Merge pull request #89 from JuanitoFatas/rubies
• Merge pull request #88 from JuanitoFatas/jf.relax-bundler-dependency
• Update Ruby version matrix on CI
• Use a inclusive Bundler version
• Merge pull request #86 from tebs/fix-documentation-link
• Fix Nokogiri link in documentation
• [ci skip] Please don't send more PRs trying to bump Loofah.
• Merge pull request #71 from nicolasleger/patch-1
• [CI] Allow failure with ruby head
• [CI] Test against Ruby 2.5
• Prepare to 1.0.4 release
• Make sure we address CVE-2018-8048
• Remove rbx since it doesn't seem to install.
• Merge pull request #66 from fschwahn/improve-tests
• Fix deprecation warning from Minitest
• Make tests pass again with recent nokogiri versions
• Rename test to better reflect what is actually tested
• typos
• We're still testing against ruby 1.9 and 2.0 that aren't supported by nokogiri 1.7
• activesupport 5 doesn't support ruby < 2.2.2 that are still tested in this repo
• bundle with the newest released bundler
• Test against newer released rubies
• [ci skip] Remove faulty overrides in scrubber example.
• [ci skip] Change override method in PermitScrubber.
• Merge pull request #47 from pvalena/patch-1
• Correct license filename
• bumping version
• convert CDATA nodes to TEXT nodes to avoid XSS issues
• Do not unescape already escaped HTML entities
• Define a less permissive list of tags and attributes
• Use the image hack name instead of the index
• Merge pull request #43 from maclover7/contributing
• Add CONTRIBUTING.md [ci skip]
• Merge pull request #40 from yui-knk/refactor/permit
• Refactor TargetScrubber
• Merge pull request #36 from JuanitoFatas/fix/gemspec
• Fix homepage uri in gemspec.

↗️ rake (indirect, 10.4.2 → 12.3.3) · Repo · Changelog

Release Notes

12.3.3 (from changelog)

Bug fixes

• Use the application's name in error message if a task is not found. Pull Request #303 by tmatilai

Enhancements:

• Use File.open explicitly.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ sprockets (indirect, 3.2.0 → 3.7.2) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ sprockets-rails (indirect, 2.3.2 → 3.2.1) · Repo · Changelog

Release Notes

3.2.1

• Fix load error with ActionView::Helpers. [#383]

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ thor (indirect, 0.19.1 → 0.20.3) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ thread_safe (indirect, 0.3.5 → 0.3.6) · Repo

Commits

See the full diff on Github. The new version differs by 20 commits:

• Bump version to 0.3.6
• Merge pull request #29 from nomoon/integer_unification
• Better comparison
• Fix Ruby 2.4 Integer unification deprecation error and get tests/CI functioning again.
• Merge pull request #26 from keithrbennett/add-concurrent-ruby-note-to-readme
• Modify README.md to explain that this code has been moved into the concurrent-ruby gem.
• Merge pull request #20 from dzjuck/remove_1_8
• Merge pull request #18 from dzjuck/flunk_to_fail
• Merge pull request #17 from dzjuck/cache_values_spec
• Remove code related to Ruby 1.8
• Call fail instead flunk
• Add Cache#values spec
• Merge pull request #15 from dzjuck/rspec_tests
• Rewrite tests from minitest to rspec
• Merge pull request #14 from ktdreyer/minitest-reporter-optional
• tests: make minitest-reporters optional
• Merge pull request #13 from ktdreyer/simplecov-optional
• Merge pull request #12 from ktdreyer/gemspec-summary-description
• tests: make simplecov/coveralls optional
• gemspec: switch summary and description

↗️ tzinfo (indirect, 1.2.2 → 1.2.5) · Repo · Changelog

Release Notes

1.2.5

• Support recursively (deep) freezing Country and Timezone instances. #80.
• Allow negative daylight savings time offsets to be derived when reading from zoneinfo files. The utc_offset and std_offset are now derived correctly for Europe/Dublin in the 2018a and 2018b releases of the Time Zone Database.

TZInfo v1.2.5 on RubyGems.org

1.2.4

• Ignore the leapseconds file that is included in zoneinfo directories installed with version 2017c and later of the Time Zone Database.

TZInfo v1.2.4 on RubyGems.org

1.2.3

• Reduce the number of String objects allocated when loading zoneinfo files. #54.
• Make Timezone#friendly_identifier compatible with frozen string literals.
• Improve the algorithm for deriving the utc_offset from zoneinfo files. This now correctly handles Pacific/Apia switching from one side of the International Date Line to the other whilst observing daylight savings time. #66.
• Fix an UnknownTimezone exception when calling transitions_up_to or offsets_up_to on a TimezoneProxy instance obtained from Timezone.get_proxy.
• Allow the Factory zone to be obtained from the Zoneinfo data source.
• Ignore the /usr/share/zoneinfo/timeconfig symlink included in Slackware distributions. #64.
• Fix Timezone#strftime handling of %Z expansion when %Z is prefixed with more than one percent. #31.
• Support expansion of %z, %:z, %::z and %:::z to the UTC offset of the time zone in Timezone#strftime. #31 and #67.

TZInfo v1.2.3 on RubyGems.org

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 47 commits:

• Preparing v1.2.5.
• Update copyright years.
• Use Ruby 1.8 compatible syntax.
• Document that utc_offset and std_offset may be inaccurate with zoneinfo.
• Allow zoneinfo offset derivation to pick a negative std_offset.
• Don't store lazily-evaluated results if the object has been frozen.
• Remove unnecessary calls to Country.get in tests.
• Restore $SAFE after running a safe mode test (if possible).
• Disable Minitest's use of external diff tools during safe mode tests.
• Add Ruby 2.5.0 and update to the latest Ruby, JRuby and Rbx releases.
• Replace expired gem signing certificate.
• Preparing v1.2.4.
• Update bundler before installing gems.
• Use the Trusty build environment.
• Update to Ruby 2.2.8, 2.3.5, 2.4.2, JRuby 1.7.27, 9.1.13.0 and rbx 3.86.
• Ignore the leapseconds file included in v2017c+ zoneinfo directories.
• Preparing v1.2.3.
• Add releases from the 0.3 branch.
• Fix Markdown syntax error.
• Update to Ruby 2.4.1.
• Test strftime %z support with DateTime and Time as well as Integer.
• Fix handling of strftime('%::::z') on Ruby 1.8.7 on Windows.
• Add deprecation warnings to documentation for methods removed in v2.0.0.
• Document changes to strftime %z support in v2.0.0.
• Improve documentation for Timezone#strftime.
• replace %z like %Z
• fix %Z replacing with many percents
• Handle permission denied errors when creating symlinks.
• Ignore the timeconfig symlink included on Slackware.
• Don't exclude the Factory zone in ZoneinfoDataSource.
• Fix TimezoneProxy UnknownTimezone exception.
• use a more concise syntax and avoid unnecessary objects
• Remove jruby-19mode.
• Update copyright years.
• Remove :rbx section.
• Test on Ruby versions supported in v1.2.x.
• Disable test when Encoding is not available (Ruby < 1.9).
• Rename the first_offset variable to indicate that it contains an index.
• Add a test for invalid zoneinfo files with no offsets.
• Improved algorithm for deriving the utc_offset for zoneinfo files.
• Don't return binary Strings in Timezone#friendly_identifier.
• Compatibility with Ruby 2.3's frozen string literals.
• freeze some strings that are created regularly
• Support changes to tar execution in Rake 10.4.
• Update to the latest version of gem-public_cert.pem from master.
• Update to the latest version of .travis.yml from master.
• Replace expired gem signing certificate.

🆕 concurrent-ruby (added, 1.1.5)

🆕 crass (added, 1.0.4)

🆕 mini_mime (added, 1.0.2)

🆕 mini_portile2 (added, 2.4.0)

🗑️ mini_portile (removed)

---

👉 No CI detected

You don't seem to have any Continuous Integration service set up!

Without a service that will test the Depfu branches and pull requests, we can't inform you if incoming updates actually work with your app. We think that this degrades the service we're trying to provide down to a point where it is more or less meaningless.

This is fine if you just want to give Depfu a quick try. If you want to really let Depfu help you keep your app up-to-date, we recommend setting up a CI system:

• Circle CI, Semaphore and Travis-CI are all excellent options.
• If you use something like Jenkins, make sure that you're using the Github integration correctly so that it reports status data back to Github.
• If you have already set up a CI for this repository, you might need to check your configuration. Make sure it will run on all new branches. If you don’t want it to run on every branch, you can whitelist branches starting with depfu/.

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)

[depfu]

Closed in favor of #36.