Update web-console: 3.5.1 → 3.7.0 (minor)

[depfu]

We've updated a dependency and here is what you need to know:

name	version specification	old version	new version
web-console	>= 3.3.0	3.5.1	3.7.0

Additionally, the update changed a few other dependencies as well:

action	name	old version	new version
updated	crass	1.0.3	1.0.4
updated	erubi	1.7.0	1.7.1
updated	i18n	0.9.1	0.9.5
updated	loofah	2.1.1	2.2.2
updated	minitest	5.10.3	5.11.3
updated	nokogiri	1.8.1	1.8.4
updated	rack	2.0.3	2.0.5
updated	rack-test	0.7.1	1.1.0
updated	rails-html-sanitizer	1.0.3	1.0.4
updated	rake	12.3.0	12.3.1
updated	tzinfo	1.2.4	1.2.5

You should probably take a good look at the info here and the test results before merging this pull request, of course.

What changed?

✳️ web-console (3.5.1 → 3.7.0) · Repo · Changelog

Release Notes

3.7.0

• #263 Show binding changes (@causztic)
• #258 Support Ctrl-A, Ctrl-W and Ctrl-U (@gsamokovarov)
• #257 Always try to keep the console underneath the website content (@gsamokovarov)

3.6.1

• #252 Fix improper injection in Rack bodies like ActionDispatch::Response::RackBody (@gsamokovarov)

Commits

See the full diff on Github. The new version differs by 48 commits:

• Release 3.7.0
• Drop the bundle warning about insecure git sources
• Show binding changes (#263)
• How to prevent unavailable session on Passenger (#262)
• Fix rubocop offences in the middleware tests
• Sync up the latest rails .rubocop rules
• Always try to keep the console underneath the website content (#257)
• Support Ctrl-A, Ctrl-W and Ctrl-U (#258)
• Spelling and grammar fixes (#259)
• Release 3.6.2
• Move the Content-Length header deletion to the WebConsole::Injector
• Merge pull request #255 from timomeh/fix-truncated-body
• Add test if Content-Length is correct
• Fix typo
• Fix truncated body in exception view
• Release 3.6.1
• Rely only on methods defined by the Rack body spec while injecting
• Release 3.6.0
• Cleanup no longer installable rubies
• Silence the actual test warnings
• Silence the dummy app warnings during testing
• Fix the deprecated mocha/mini_test require
• Rubocop format with the Rails config
• Update the testable rubies on travis
• Fix frozen string modifications in WebConsole::Response
• Merge pull request #254 from wjordan/rescue_ip_spoof
• Rescue ActionDispatch::RemoteIp::IpSpoofAttackError
• Merge pull request #253 from nicolasleger/patch-1
• [CI] Test against patched Ruby
• Merge pull request #251 from ttanimichi/patch-1
• Format
• Workaround the travis rotten image
• Update .travis.yml for Ruby 2.5.0
• Merge pull request #250 from wagenet/close-spec
• Close original body to comply with Rack SPEC
• Merge pull request #249 from pat/frozen-string-literals
• Adding frozen_string_literal pragma comment.
• Merge pull request #248 from ybart/master
• Merge pull request #246 from fl0l0u/patch-1
• Update for frozen-string-literal friendliness.
• Fix copy on Safari
• Merge pull request #244 from gsamokovarov/stderr-logging
• Fix Issue #40
• Revert "Backport all the latest Web Console features for 4.2"
• Backport all the latest Web Console features for 4.2
• Let WebConsole.logger respect Rails.logger
• A small pass over the README
• Keep the changelog PR link format consistent

↗️ crass (indirect, 1.0.3 → 1.0.4) · Repo · Changelog

Release Notes

1.0.4

• Fixed whitespace warnings. (#7 - @yahonda)

Commits

See the full diff on Github. The new version differs by 5 commits:

• chore: Release 1.0.4
• chore: Enable warnings when running tests
• Address `warning: mismatched indentations at 'when' with 'case'`
• Merge pull request #6 from nicolasleger/patch-1
• [CI] Test against Ruby 2.5

↗️ erubi (indirect, 1.7.0 → 1.7.1) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 7 commits:

• Bump version to 1.7.1
• Remove one difference from README
• Minor tweak to README
• Bump copyright year
• Make whitespace handling for <%# %> tags more compatible with Erubis (Fixes #14)
• Test on ruby 2.5 on Travis
• remove unnecessary ternary operation

↗️ i18n (indirect, 0.9.1 → 0.9.5) · Repo · Changelog

Release Notes

0.9.5

• #404 reported a regression in 0.9.3, which wasn't fixed by 0.9.4. #408 fixes this issue.

Thanks @wjordan!

0.9.4

• Fixed a regression with chained backends introduced in v0.9.3 (#402) - #405 - bug report / #407 - PR to fix
• Optimize Backend::Simple#available_locales - reports are that this is now 4x faster than previously - #406

0.9.3

(For those wondering where v0.9.2 went: I got busy after I pushed the commit for the release, so there was no gem release that day. I am not busy today, so here is v0.9.3 in its stead. This changelog contains changes from v0.9.1 -> v0.9.3)

• I18n no longer stores translations for unavailable locales. #391.
• Added the ability to interpolate with arrays #395.
• Documentation for lambda has been corrected. #396
• I18n will use oj -- a faster JSON library -- but only if it is available. #398
• Fixed an issue with translate and default: [false] as an option. #399
• Fixed an issue with translate with nil and empty keys. #400
• Fix issue with disabled subtrees and pluralization for KeyValue backend #402

Thank you to @stereobooster, @fatkodima and @lulalala for the patches that went towards this release. We appreciate your efforts!

Commits

See the full diff on Github. The new version differs by 34 commits:

• Bump to 0.9.5
• Lock Rake to 12.2.x versions
• Merge pull request #408 from wjordan/enforce_available_locales_false_fix
• store translations for unavailable locales if enforce_available_locales is false
• Bump to 0.9.4
• Merge pull request #407 from fatkodima/fix-key-value-subtrees
• Merge pull request #406 from jhawthorn/optimize_available_locales
• Fix Chained backend with KeyValue
• Optimize Backend::Simple#available_locales
• Bump to 0.9.3
• Merge pull request #395 from stereobooster/interpolate-for-arrays
• Merge pull request #402 from fatkodima/subtrees-bug
• Merge pull request #403 from fatkodima/ci-ruby2.5.0
• CI against ruby 2.5.0
• Fix issue with disabled subtrees and pluralization for KeyValue backend
• Bump to 0.9.2
• Merge pull request #400 from fatkodima/fix-t-empty-keys
• Merge pull request #399 from fatkodima/fix-t-with-false
• Fix translate with nil and empty keys
• Fix translate with default: [false]
• Merge pull request #396 from lulalala/fix-lambda-doc
• Merge pull request #398 from stereobooster/oj
• Use oj if available instead ActiveSupport::JSON
• Document about lambda return value also being interpolated
• Fix lambda document example
• Remove redundant test for lookup
• Fix specs for array interpolation
• Add comments exaplining new array behaviour for #interpolate
• Refactor interpolation method
• Update interpolation.rb
• Interpolate now works for array
• Merge pull request #391 from stereobooster/dont-store-tr-for-locales-not-set-as-available
• Fix CR notes
• Don't store translations for locales not set as available

↗️ loofah (indirect, 2.1.1 → 2.2.2) · Repo · Changelog

Release Notes

2.2.2

2.2.2 / 2018-03-22

Make public Loofah::HTML5::Scrub.force_correct_attribute_escaping!,
which was previously a private method. This is so that downstream gems
(like rails-html-sanitizer) can use this logic directly for their own
attribute scrubbers should they need to address CVE-2018-8048.

Commits

See the full diff on Github. The new version differs by 47 commits:

• version bump to 2.2.2
• Make public `force_correct_attribute_escaping!`
• use VersionInfo.instance
• version bump to 2.2.1
• update Manifest.txt and CHANGELOG.md
• Merge branch 'flavorjones-remediate-attribute-escaping'
• tests and fix for CVE-2018-8048
• SECURITY.md to publish vuln reporting process
• bump the fake gemspec
• fix remaining rdoc format in README
• fix Hoe config to use README.md
• version bump to v2.2.0
• finishes previous logical commit
• convert README from rdoc to markdown
• remove travis config
• update CHANGELOG
• Merge pull request #142 from eventfuel/added_list_type_style_to_css_props
• whitelist CSS function `rgb`
• Added list-type-style as a safe CSS property to whitelist by default (replacement for PR #137)
• Merge branch 'pr136-block-level'
• update CHANGELOG
• tidy elements.rb, cover html5 block elements
• update CHANGELOG
• Merge pull request #123 from eventfuel/enable_whitelisting_css_functions
• Merge pull request #141 from david-a-wheeler/doc-xxe
• Merge pull request #138 from rmacklin/fix-inaccurate-example-in-readme
• concourse: fix rubinius builds
• Document doesn't use dangerous Nokogiri config
• Fix inaccurate example in README
• add html5 block-level elements
• frozen-string-literal support in tests
• update CHANGELOG
• Merge branch '127-nested-script-tags'
• handle nested script tags
• update CHANGELOG
• Merge pull request #131 from baopham/add-symbol
• update CHANGELOG
• Merge pull request #134 from MothOnMars/whitelist_main
• whitelist HTML5 <main> element
• concourse: remove serialness of PR builds
• concourse: run PRs on all MRIs
• nest non-spec tests to avoid duplicate test runs
• Add symbol to list of SVG_ELEMENTS
• Merge pull request #126 from aried3r/patch-1
• Update CHANGELOG.md
• concourse: add windows tests
• jruby shouldn't be a blocker to PR success for now

↗️ minitest (indirect, 5.10.3 → 5.11.3) · Repo · Changelog

↗️ nokogiri (indirect, 1.8.1 → 1.8.4) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rack (indirect, 2.0.3 → 2.0.5) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 14 commits:

• Bump version for release
• Merge pull request #1268 from eileencodes/forwardport-pr-1249-to-2-0-stable
• Merge pull request #1249 from mclark/handle-invalid-method-parameters
• Stick with a passing version of Rubygems and bundler
• Leahize
• Bumping version
• webrick: remove concurrent-ruby dev dependency
• Merge pull request #1190 from hugoabonizio/master
• Merge pull request #1193 from tompng/multipart_less_memory
• Merge pull request #1192 from jkowens/master
• Merge pull request #1179 from tompng/master
• Merge pull request #1151 from cremno/simplify-some-string-creations
• Merge pull request #1189 from lugray/fix_rack_lock
• Require the right file for the digest we're using

↗️ rack-test (indirect, 0.7.1 → 1.1.0) · Repo · Changelog

Release Notes

1.1.0

1.1.0 / 2018-07-21

• Breaking changes:

  • None

• Minor enhancements / new functionality:

  • [GitHub] Added configuration for Stale (Per Lundberg #232)
  • follow_direct: Include rack.session.options (Mark Edmondson #233)
  • [CI] Add simplecov (fatkodima #227)

Bug fixes:

• Follow relative locations correctly. (Samuel Williams #230)

1.0.0

1.0.0 / 2018-03-27

• The first release in the 1.0.0 series. 🎉 For the 1.x releases, we will follow Semantic Versioning very strictly; please keep this in mind when submitting fixes/suggesting changes.

• Breaking changes:

  • Always set CONTENT_TYPE for non-GET requests
    (Per Lundberg #223)

• Minor enhancements / bug fixes:

  • Create tempfile using the basename without extension
    (Edouard Chin #201)
  • Save session during follow_redirect!
    (Alexander Popov #218)
  • Document how to use URL params with DELETE method
    (Timur Platonov #220)

0.8.3

0.8.3 / 2018-02-27

• Bug fixes:

  • Do not set Content-Type if params are explicitly set to nil
    (Bartek Bułat #212). Fixes #200.
  • Fix UploadedFile#new regression
    (Per Lundberg #215)

• Minor enhancements

  • [CI] Test against Ruby 2.5 (Nicolas Leger #217)

0.8.2

0.8.2 / 2017-11-21

• Bug fixes:
  • Bugfix for UploadedFile.new unintended API breakage.
    (Per Lundberg #210)

Commits

See the full diff on Github. The new version differs by 5 commits:

• Release 1.1.0
• Add simplecov (#227)
• Follow relative locations correctly. Fixes #228 (#230)
• follow_direct: Include rack.session.options (#233)
• Added configuration for Stale (#232)

↗️ rails-html-sanitizer (indirect, 1.0.3 → 1.0.4) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 16 commits:

• Prepare to 1.0.4 release
• Make sure we address CVE-2018-8048
• Remove rbx since it doesn't seem to install.
• Merge pull request #66 from fschwahn/improve-tests
• Fix deprecation warning from Minitest
• Make tests pass again with recent nokogiri versions
• Rename test to better reflect what is actually tested
• typos
• We're still testing against ruby 1.9 and 2.0 that aren't supported by nokogiri 1.7
• activesupport 5 doesn't support ruby < 2.2.2 that are still tested in this repo
• bundle with the newest released bundler
• Test against newer released rubies
• [ci skip] Remove faulty overrides in scrubber example.
• [ci skip] Change override method in PermitScrubber.
• Merge pull request #47 from pvalena/patch-1
• Correct license filename

↗️ rake (indirect, 12.3.0 → 12.3.1) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 41 commits:

• bump version to 12.3.1
• Fixed rdoc style
• rubocop -a
• Merge pull request #262 from gfx/did_you_mean-v1.2.0
• support did_you_mean >= v1.2.0 which has a breaking change on formatters
• Merge pull request #252 from grzuy/fix_multitask_failures
• Prefer #refute over negated #assert
• Merge pull request #259 from grzuy/fix_leading_whitespaces
• Keep original test case testing spaces in some arguments
• Merge pull request #261 from aycabta/use-jruby-9.1.16.0
• Use JRuby 9.1.16.0
• Make space trimming consistent for all task arguments. Fixes #260
• Merge pull request #258 from grzuy/ruby_2_5_ci
• Merge pull request #254 from grzuy/remove_dup_inclusion
• make AppVeyor test with ruby 2.5 also
• Removes duplicated inclusion of Rake::DSL
• Merge pull request #256 from ruby/avoid-install-needless-deps
• To use gem install insteaad of bundle install
• Merge pull request #253 from radar/patch-1
• Remove date field from rake.gemspec
• Don't run tasks if it depends on already invoked but failed task. Fixes #189
• rubocop -a
• Merge pull request #250 from dylanahsmith/re-raise-load-error-without-path
• Re-raise a LoadError that didn't come from require in the test loader
• Merge pull request #249 from esparta/fix_readme_minimal_ruby_version
• [skip ci] Fix minimal ruby version on README
• rubocop -a
• Merge remote-tracking branch 'origin/v11'
• prefer to use %x literal instead of back-tick
• Support non-bundler environment
• Merge pull request #244 from aycabta/2.5.0
• Merge pull request #245 from aycabta/force-installation-bundler
• Force installation Bundler
• Use 2.5.0 and more latest Ruby versions
• Merge pull request #242 from stomar/ftp-publishing
• Add missing information on FTP publishing to README
• Merge pull request #240 from aycabta/jruby-9.1.15.0
• Use JRuby 9.1.15.0 on .travis.yml
• Merge pull request #239 from donv/patch-1
• [skip-ci] Fixed typo
• bump release date

↗️ tzinfo (indirect, 1.2.4 → 1.2.5) · Repo · Changelog

Release Notes

1.2.5

• Support recursively (deep) freezing Country and Timezone instances. #80.
• Allow negative daylight savings time offsets to be derived when reading from zoneinfo files. The utc_offset and std_offset are now derived correctly for Europe/Dublin in the 2018a and 2018b releases of the Time Zone Database.

TZInfo v1.2.5 on RubyGems.org

Commits

See the full diff on Github. The new version differs by 10 commits:

• Preparing v1.2.5.
• Update copyright years.
• Use Ruby 1.8 compatible syntax.
• Document that utc_offset and std_offset may be inaccurate with zoneinfo.
• Allow zoneinfo offset derivation to pick a negative std_offset.
• Don't store lazily-evaluated results if the object has been frozen.
• Remove unnecessary calls to Country.get in tests.
• Restore $SAFE after running a safe mode test (if possible).
• Disable Minitest's use of external diff tools during safe mode tests.
• Add Ruby 2.5.0 and update to the latest Ruby, JRuby and Rbx releases.

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.