Bump the bundler group across 1 directory with 10 updates

[dependabot]

Bumps the bundler group with 9 updates in the / directory:

Package	From	To
redcarpet	3.4.0	3.5.1
nokogiri	1.6.8.1	1.16.5
activesupport	5.0.1	5.0.7.2
addressable	2.5.0	2.8.6
ffi	1.9.17	1.16.3
haml	4.0.7	6.3.0
kramdown	1.13.2	1.17.0
rack	2.0.1	2.2.9
sprockets	3.7.1	4.2.1

Updates redcarpet from 3.4.0 to 3.5.1

Release notes

Sourced from redcarpet's releases.

Redcarpet v3.5.1

Fix a security vulnerability using :quote in combination with the :escape_html option.

Reported by Johan Smits.

v3.5.0

This release mostly ships with bug fixes and tiny improvements.

Improvements

• Avoid mutating the options hash passed to a render object (See #663).

• Automatically enable the fenced_code_blocks option passing a HTML_TOC object to the Markdown object's constructor since some languages rely on the sharp to comment code (See #451).

• Remove the rel and rev attributes from the output generated for footnotes as they don't pass the HTML 5 validation (See #536).

• Allow passing Range objects to the nesting_level option to have a higher level of customization for table of contents (See #519):

  Redcarpet::Render::HTML_TOC.new(nesting_level: 2..5)

Bug fixes

• Fix a segfault rendering quotes using StripDown and the :quote option.

• Fix SmartyPants single quotes right after a link. For example:

  [John](http://john.doe)'s cat

  Will now properly converts ' to a right single quote (i.e. ’).

Changelog

Sourced from redcarpet's changelog.

Version 3.5.1 (Security)

• Fix a security vulnerability using :quote in combination with the :escape_html option.

  Reported by Johan Smits.

Version 3.5.0

• Avoid mutating the options hash passed to a render object.

  Refs #663.

  Max Schwenk

• Fix a segfault rendering quotes using StripDown and the :quote option.

  Fixes #639.

• Fix warning: instance variable @options not initialized when running under verbose mode (-w, $VERBOSE = true).

• Fix SmartyPants single quotes right after a link. For example:

  [John](http://john.doe)'s cat

  Will now properly converts ' to a right single quote (i.e. ’).

  Fixes #624.

• Remove the rel and rev attributes from the output generated for footnotes as they don't pass the HTML 5 validation.

  Fixes #536.

• Automatically enable the fenced_code_blocks option passing a HTML_TOC object to the Markdown object's constructor since some languages rely on the sharp to comment code.

  Fixes #451.

• Allow passing Range objects to the nesting_level option to have a higher level of customization for table of contents:

  Redcarpet::Render::HTML_TOC.new(nesting_level: 2..5)

... (truncated)

Commits

• a699c82 Fix a security issue using :quote with :escape_html
• 6270d6b Redcarpet v3.5.0
• 94f6e27 Tiny follow-up to #663
• 3100f65 Merge pull request #663 from maschwenk/dont-mutate-options
• fc52d9c Add regression test
• 03e7997 Don't mutated passed options
• 92a7b3a Fix a segfault with StripDown and the :quote option
• 7352162 Merge pull request #649 from rbalint/master
• e23383e Merge pull request #650 from kolen/fix-warning-options-not-initialized
• 6b86656 Fix "instance variable @​options not initialized" warning
• Additional commits viewable in compare view

Updates nokogiri from 1.6.8.1 to 1.16.5

Release notes

Sourced from nokogiri's releases.

v1.16.5 / 2024-05-13

Security

• [CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See GHSA-r95h-9x8f-r3f7 for more information.

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.7 from v2.12.6. (@​flavorjones)

---

sha256 checksums:

af0f44fa3e664dfb2aa10de8b551447d720c1e8d1f0aa3f35783dcc43e40a874  nokogiri-1.16.5-aarch64-linux.gem
23dc2357b26409a5c33b7e32a82902f0e9995305420f16d1a03ab3ea1a482fec  nokogiri-1.16.5-arm-linux.gem
950d037530edb49f75ad35de0b8038b970a7dda57e2b6326895b0e49fadf6214  nokogiri-1.16.5-arm64-darwin.gem
b7aefc94370c62476b8528e8d8abb6160203abd84a1f4eceda8f1aa8974d9989  nokogiri-1.16.5-java.gem
ec2167160df8fec3137bf95d574ed80ebc1d002bb3b281546b60b4aa9002466e  nokogiri-1.16.5-x64-mingw-ucrt.gem
6984200491fac69974005ecfa2de129d61843d345eafa5d6f58e8b908d1cf107  nokogiri-1.16.5-x64-mingw32.gem
abdc389ab1ec6604492da16bd9d06ad746fdb6bd6a1bd274c400d61ffcadb3c4  nokogiri-1.16.5-x86-linux.gem
63d24981345856f2baf7f4089870a62d3042fb8d3021b280fb04fc052532e3c4  nokogiri-1.16.5-x86-mingw32.gem
71b5f54e378c433d13df67c3b71acc4716129da62402d8181f310c4216a63279  nokogiri-1.16.5-x86_64-darwin.gem
0ca238da870066bed2f7837af6f35791bb9b76c4c5638999c46aac44818a6a97  nokogiri-1.16.5-x86_64-linux.gem
ec36162c68984fa0a90a5c4ae7ab7759460639e716cc1ce75f34c3cb54158ad2  nokogiri-1.16.5.gem

v1.16.4 / 2024-04-10

Dependencies

• [CRuby] Vendored zlib in the precompiled native gems is updated to v1.3.1 from v1.3. Nokogiri is not affected by the minizip CVE patched in this version, but this update may satisfy some security scanners. Related, see this discussion about removing the compression libraries altogether in a future version of Nokogiri.

---

sha256 checksums:

bdb1dc4378ebcf3ade8f440c7df68f6d76946a1a96c4823a2b4c53c01a320cd5  nokogiri-1.16.4-aarch64-linux.gem
0c994b9996d5576eddcc3201a94ef2bff6fc3627c4ae4d2708b0ec9b9743ec6a  nokogiri-1.16.4-arm-linux.gem
8e86abb64c93c06d3c588042a0e757279e8f1dc88b5210a00be892a9a7a27196  nokogiri-1.16.4-arm64-darwin.gem
bf84fa28be4943692bd64772186e0832fb1061f80714ccb93e111e9d72b1cadc  nokogiri-1.16.4-java.gem
a46808467c1f63a2031e1ca0715cd5336bb4ec759e9c0e2f4c951c1cc30994ae  nokogiri-1.16.4-x64-mingw-ucrt.gem
4cdf64bc5e9443ec3e0b595347ecc8affe21968d9ae934c0825d26630ef96468  nokogiri-1.16.4-x64-mingw32.gem
d86d21bae47dd9f6f5223055e45d33fae08b0b89aad94cbc0ece4f4274fa7af5  nokogiri-1.16.4-x86-linux.gem
d488b872884844686780fda7cf5da44ee884d32faa713a55aeb4736d76718168  nokogiri-1.16.4-x86-mingw32.gem
a896e52a56951ffb0e6a9279afbf485d683e357a053d27f4cfcb2a73b0824628  nokogiri-1.16.4-x86_64-darwin.gem
92ff4f09910255fec84b3bc4c4b182e94cada3ed12b9f7a6ea058e0af186fb31  nokogiri-1.16.4-x86_64-linux.gem
</tr></table> 

... (truncated)

Changelog

Sourced from nokogiri's changelog.

v1.16.5

Security

• [CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See GHSA-r95h-9x8f-r3f7 for more information.

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.7 from v2.12.6. (@​flavorjones)

v1.16.4 / 2024-04-10

Dependencies

• [CRuby] Vendored zlib in the precompiled native gems is updated to v1.3.1 from v1.3. Nokogiri is not affected by the minizip CVE patched in this version, but this update may satisfy some security scanners. Related, see this discussion about removing the compression libraries altogether in a future version of Nokogiri.

v1.16.3 / 2024-03-15

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.6 from v2.12.5. (@​flavorjones)

Changed

• [CRuby] XML::Reader sets the @encoding instance variable during reading if it is not passed into the initializer. Previously, it would remain nil. The behavior of Reader#encoding has not changed. This works around changes to how libxml2 reports the encoding used in v2.12.6.

v1.16.2 / 2024-02-04

Security

• [CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See GHSA-xc9x-jj77-9p9j for more information.

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.5 from v2.12.4. (@​flavorjones)

v1.16.1 / 2024-02-03

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.12.4 from v2.12.3. (@​flavorjones)

... (truncated)

Commits

• cd70bd3 version bump to v1.16.5
• afc36de dep: update vendored libxml2 to v2.12.7 (#3191)
• 41b4f08 ci: add arm64-darwin coverage using macos-14
• 67b9e86 dep: update libxml2 to v2.12.7
• 17c0362 version bump to v1.16.4
• 1c329e9 dep: update to zlib 1.3.1 (v1.16.x) (#3175)
• edeac07 dep: update to zlib 1.3.1
• 80fb608 version bump to v1.16.3
• 710bd96 dep: update libxml 2.12.6 (branch v1.16.x) (#3151)
• 461a96e fix: Reader#read sets @​encoding if it is unset
• Additional commits viewable in compare view

Updates activesupport from 5.0.1 to 5.0.7.2

Commits

• c4d3e20 Prep release
• 2383952 Preparing for 5.0.7.1 release
• aea6423 Preparing for 5.0.7 release
• 01dc2b5 Add missing require for remove_possible_method
• 8b88fc0 Return all mappings for a timezone id in country_zones
• ca97282 Don't force people to upgrade i18n gem
• c3a0f17 Merge pull request #31991 from radar/bump-i18n-to-one-dot-oh
• 782fd76 Merge pull request #31803 from rmosolgo/rm-dependencies
• a02a8d7 Merge pull request #31525 from yahonda/5-1-stable_backport_31520
• 867d3ad Fix syntax error on 5-0-stable build
• Additional commits viewable in compare view

Updates addressable from 2.5.0 to 2.8.6

Changelog

Sourced from addressable's changelog.

Addressable 2.8.6

• Memoize regexps for common character classes (#524)

#524: sporkmonger/addressable#524

Addressable 2.8.5

• Fix thread safety issue with encoding tables (#515)
• Define URI::NONE as a module to avoid serialization issues (#509)
• Fix YAML serialization (#508)

#508: sporkmonger/addressable#508 #509: sporkmonger/addressable#509 #515: sporkmonger/addressable#515

Addressable 2.8.4

• Restore Addressable::IDNA.unicode_normalize_kc as a deprecated method (#504)

#504: sporkmonger/addressable#504

Addressable 2.8.3

• Fix template expand level 2 hash support for non-string objects (#499, #498)

#499: sporkmonger/addressable#499 #498: sporkmonger/addressable#498

Addressable 2.8.2

• Improve cache hits and JIT friendliness (#486)
• Improve code style and test coverage (#482)
• Ensure reset of deferred validation (#481)
• Resolve normalization differences between IDNA::Native and IDNA::Pure (#408, #492)
• Remove redundant colon in Addressable::URI::CharacterClasses::AUTHORITY regex (#438) (accidentally reverted by #449 merge but added back in #492)

#492: sporkmonger/addressable#492

Addressable 2.8.1

• refactor Addressable::URI.normalize_path to address linter offenses (#430)
• update gemspec to reflect supported Ruby versions (#466, #464, #463)
• compatibility w/ public_suffix 5.x (#466, #465, #460)
• fixes "invalid byte sequence in UTF-8" exception when unencoding URLs containing non UTF-8 characters (#459)
• Ractor compatibility (#449)
• use the whole string instead of a single line for template match (#431)
• force UTF-8 encoding only if needed (#341)

#449: sporkmonger/addressable#449 #460: sporkmonger/addressable#460 #463: sporkmonger/addressable#463 #464: sporkmonger/addressable#464 #465: sporkmonger/addressable#465 #466: sporkmonger/addressable#466

... (truncated)

Commits

• 35a0f5c gemspec: more #freeze and rubygems_version bump (#526)
• 63ab40e Update version, gemspec, and CHANGELOG for 2.8.6 (#525)
• 20879a9 Memoize regexps for common character classes (#524)
• 60feb48 Link directly to versioned changelog from gemspec (#522)
• d3635cc Bump actions/checkout from 3 to 4 (#521)
• 7cd185e Update version, gemspec, and CHANGELOG for 2.8.5 (#518)
• a5a8514 Fix gemspec generation (#517)
• e01456b Fix thread safety issue with encoding tables (#515)
• cf2153e Allow ruby-head to fail (#516)
• b56cef3 Define URI::NONE as a module to avoid serialization issues (#509)
• Additional commits viewable in compare view

Updates ffi from 1.9.17 to 1.16.3

Changelog

Sourced from ffi's changelog.

1.16.3 / 2023-10-04

Fixed:

• Fix gcc error when building on CentOS 7. #1052
• Avoid trying to store new DataConverter type in frozen TypeDefs hash. #1057

1.16.2 / 2023-09-25

Fixed:

• Handle null pointer crash after fork. #1051

1.16.1 / 2023-09-24

Fixed:

• Fix compiling the builtin libffi. #1049

1.16.0 / 2023-09-23

Fixed:

• Fix an issue with signed bitmasks when using flags on the most significant bit. #949
• Fix FFI::Pointer#initialize using NUM2LL instead of NUM2ULL.
• Fix FFI::Type#inspect to properly display the constant name. #1002
• Use libffi closure allocations on hppa-Linux. #1017 Previously they would segfault.
• Fix class name of Symbol#inspect.
• Fix MSVC support of libtest. #1028
• Fix attach_function of functions ending in ? or ! #971

Added:

• Convert all C-based classes to TypedData and use write barriers. #994, #995, #996, #997, #998, #999, #1000, #1001, #1003, #1004, #1005, #1006, #1007, #1008, #1009, #1010, #1011, #1012 This results in less pressure on the garbage collector, since the objects can be promoted to the old generation, which means they only get marked on major GC.
• Implement ObjectSpace.memsize_of() of all C-based classes.
• Make FFI Ractor compatible. #1023 Modules extended per extend FFI::Library need to be frozen in order to be used by non-main Ractors. This can be done by calling freeze below of all C interface definitions.
  • In a Ractor it's possible to:
    • load DLLs and call its functions, access its global variables
    • use builtin typedefs
    • use and modify ractor local typedefs
    • define callbacks
    • receive async callbacks from non-ruby threads
    • use frozen FFI::Library based modules with all attributes (enums, structs, typedefs, functions, callbacks)
    • invoke frozen functions and callbacks defined in the main Ractor

... (truncated)

Commits

• 6cef66d Bump VERSION to 1.16.3
• 87ca653 Update CHANGELOG for ffi-1.16.3
• a8f7d97 Update link in README.md [ci skip]
• 87ff960 Merge branch 'master' of github.com:ffi/ffi
• c97b825 Add examples from https://github.com/ffi/ffi/wiki/How-to-use-FFI-in-Ruby-Ractors
• c1ed9bc Add link to Ractor docs to README.md
• 13afd23 Merge pull request #1057 from mvz/avoid-frozen-typemap
• 6e29dc1 Avoid trying to store new DataConverter type in frozen TypeDefs hash
• bf21280 Prepare a CHANGELOG entry for ffi-1.16.3
• 683e18b Merge pull request #1053 from larskanis/fix-1052
• Additional commits viewable in compare view

Updates haml from 4.0.7 to 6.3.0

Release notes

Sourced from haml's releases.

v6.3.0

• Remove Haml::RailsTemplate#default_format that was added in v6.1.3 for Turbo #1152, #1154 (discussion)
  • See the reference for suggested alternatives.

v6.2.5

• Deprecate Haml::RailsTemplate#default_format that was added in v6.1.3 for Turbo (discussion)
  • See the reference for suggested alternatives.

v6.2.4

• Support case-in statement #1155

v6.2.3

• Resurrect RDFa doctype support #1147

v6.2.2

• Allow adding custom attributes to Haml::BOOLEAN_ATTRIBUTES #1148
• Consider aria-xxx: false as a boolean attribute

v6.2.1

• Fix v6.2.0's bug in rendering dynamic aria attributes #1149

v6.2.0

• Drop the C extension #1146

v6.1.4

• Let Haml::Util.escape_html use ERB::Escape if available #1145

v6.1.3

• Add Haml::RailsTemplate#default_format for Turbo compatibility #1144

v6.1.2

• Use the rails template path as filename #1140

v6.1.1

• Fix an empty output of Ruby 3.1's Hash shorthand syntax #1083

v6.1.0

• Optimize away a to_s call on = scripts
• Fix escaping for objects that return an html_safe string on to_s #1117

v6.0.12

• Fix a whitespace removal with > and an if-else statement #1114

v6.0.11

• Fix a whitespace removal with > and an if statement #1114

v6.0.10

• Evaluate :erb filter in the template context like Haml 5

v6.0.9

... (truncated)

Changelog

Sourced from haml's changelog.

6.3.0

• Remove Haml::RailsTemplate#default_format that was added in v6.1.3 for Turbo #1152, #1154 (discussion)
  • See the reference for suggested alternatives.

6.2.5

• Deprecate Haml::RailsTemplate#default_format that was added in v6.1.3 for Turbo (discussion)

6.2.4

• Support case-in statement #1155

6.2.3

• Resurrect RDFa doctype support #1147

6.2.2

• Allow adding custom attributes to Haml::BOOLEAN_ATTRIBUTES #1148
• Consider aria-xxx: false as a boolean attribute

6.2.1

• Fix v6.2.0's bug in rendering dynamic aria attributes #1149

6.2.0

• Drop the C extension #1146

6.1.4

• Let Haml::Util.escape_html use ERB::Escape if available #1145

6.1.3

• Add Haml::RailsTemplate#default_format for Turbo compatibility #1144

6.1.2

• Use the rails template path as filename #1140

6.1.1

• Fix an empty output of Ruby 3.1's Hash shorthand syntax #1083

6.1.0

• Optimize away a to_s call on = scripts
• Fix escaping for objects that return an html_safe string on to_s #1117

... (truncated)

Commits

• 8e68e37 Version 6.3.0
• 414a4fc Remove Haml::RailsTemplate#default_format
• 721b381 Version 6.2.5
• 9357721 Warn the use of #default_format
• 2269160 Add a documentation about Turbo
• 7db9665 Version 6.2.4
• 1098bc1 Fix running tests against Rails 7.1
• a55cbf6 Remove advice to run git submodule update --init
• 616cf38 Add support for case-in statements
• 88049a6 Version 6.2.3
• Additional commits viewable in compare view

Updates kramdown from 1.13.2 to 1.17.0

Commits

• See full diff in compare view

Updates rack from 2.0.1 to 2.2.9

Release notes

Sourced from rack's releases.

v2.2.8.1

What's Changed

• Fixed ReDoS in Accept header parsing [CVE-2024-26146]
• Fixed ReDoS in Content Type header parsing [CVE-2024-25126]
• Reject Range headers which are too large [CVE-2024-26141]

Full Changelog: rack/rack@v2.2.8...v2.2.8.1

v2.2.8

What's Changed

• Limit file extension length of multipart tempfiles (2.2 backport) by @​dentarg in rack/rack#2075
• CHANGELOG: Add missing 2.2.7 by @​tisba in rack/rack#2081
• Update cookie.rb by @​dchandekstark in rack/rack#2092
• Prefer ubuntu-latest for testing. by @​ioquatix in rack/rack#2095
• Fix inefficient assert pattern in Rack::Lint [2-2-stable] by @​skipkayhil in rack/rack#2101
• Regenerate SPEC [2-2-stable] by @​skipkayhil in rack/rack#2102

New Contributors

• @​tisba made their first contribution in rack/rack#2081
• @​dchandekstark made their first contribution in rack/rack#2092

Full Changelog: rack/rack@v2.2.7...v2.2.8

v2.2.7

What's Changed

• Correct the year number in the changelog by @​kimulab in rack/rack#2015
• Support underscore in host names for Rack 2.2 (Fixes #2070) by @​jeremyevans in rack/rack#2071

New Contributors

• @​kimulab made their first contribution in rack/rack#2015

Full Changelog: rack/rack@v2.2.6.4...v2.2.7

v2.2.6.4

No release notes provided.

v2.1.4.4

What's Changed

• Fixed ReDoS in Accept header parsing [CVE-2024-26146]

Full Changelog: rack/rack@v2.1.4.3...v2.1.4.4

v2.0.9.4

What's Changed

• Fixed ReDoS in Accept header parsing [CVE-2024-26146]

Full Changelog: rack/rack@v2.0.9.3...v2.0.9.4

Changelog

Sourced from rack's changelog.

Changelog

All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.

Unreleased

SPEC Changes

• rack.input is now optional. (#1997, [@​ioquatix])
• Rack::Utils.escape_html is now delegated to CGI.escapeHTML. ' is escaped to [#39](https://github.com/rack/rack/issues/39); instead of #x27;. (decimal vs hexadecimal) (#2099, @​JunichiIto)

Changed

• rack.input is now optional, and if missing, will raise an error. Use this to fail on multipart parsing a request without an input body. (#2018, [@​ioquatix])
• Introduce module Rack::BadRequest which is included in multipart and query parser errors. (#2019, [@​ioquatix])
• MIME type for JavaScript files (.js) changed from application/javascript to text/javascript (1bd0f15)
• Add .mjs MIME type (#2057, [@​axilleas])
• Update MIME types associated to .ttf, .woff, .woff2 and .otf extensions to use mondern font/* types. (#2065, [@​davidstosik])
• set_cookie_header utility now supports the partitioned cookie attribute. This is required by Chrome in some embedded contexts. (#2131, [@​flavio-b])
• Remove non-standard status codes 306, 509, & 510 and update descriptions for 413, 422, & 451. (#2137, [@​wtn])
• Add fallback lookup and deprecation warning for obsolete status symbols. (#2137, [@​wtn])
• In Rack::Files, ignore the Range header if served file is 0 bytes. (#2159, [@​zarqman])

[3.0.11] - 2024-05-10

• Backport #2062 to 3-0-stable: Do not allow BodyProxy to respond to to_str, make to_ary call close . (#2062, @​jeremyevans)

[3.0.10] - 2024-03-21

• Backport #2104 to 3-0-stable: Return empty when parsing a multi-part POST with only one end delimiter. (#2164, @​JoeDupuis)

[3.0.9.1] - 2024-02-21

Security

• CVE-2024-26146 Fixed ReDoS in Accept header parsing
• CVE-2024-25126 Fixed ReDoS in Content Type header parsing
• CVE-2024-26141 Reject Range headers which are too large

[3.0.9] - 2024-01-31

• Fix incorrect content-length header that was emitted when Rack::Response#write was used in some situations. (#2150, @​mattbrictson)

[3.0.8] - 2023-06-14

• Fix some unused variable verbose warnings. (#2084, [@​jeremyevans], @​skipkayhil)

... (truncated)

Commits

• b1deebd Bump patch version.
• f7d40f9 Merge branch '2-2-sec' into 2-2-stable
• e830011 bump version
• d9c163a Avoid 2nd degree polynomial regexp in MediaType
• 6245768 Return an empty array when ranges are too large
• e4c1177 Fixing ReDoS in header parsing
• fdb12cb backport #2104 (#2121)
• 99057e6 Update CHANGELOG for 2.2.8 (#2107)
• 3314622 Adds missing 2.2.8 to CHANGELOG.md (#2106)
• f169ff7 Bump patch version.
• Additional commits viewable in compare view

Updates sprockets from 3.7.1 to 4.2.1

Release notes

Sourced from sprockets's releases.

4.2.1

What's Changed

• Fix .jpeg precompile issue by @​ghiculescu in rails/sprockets#781
• CI against Ruby 3.2 [changelog skip] by @​amatsuda in rails/sprockets#777
• Fix header casing compatibility with Rails 7 by @​skipkayhil in rails/sprockets#790
• fix: set application/css-sourcemap+json default charset to unicode by @​chadlwilson in rails/sprockets#764

New Contributors

• @​ghiculescu made their first contribution in rails/sprockets#781
• @​skipkayhil made their first contribution in rails/sprockets#791
• @​jpbalarini made their first contribution in rails/sprockets#768
• @​chadlwilson made their first contribution in rails/sprockets#764

Full Changelog: rails/sprockets@v4.2.0...v4.2.1

4.2.0

What's Changed

• Fix class name in sample code by @​ursm in rails/sprockets#751
• fix: grammar by @​benkoshy in rails/sprockets#756
• fix typo by @​benkoshy in rails/sprockets#757
• Update Link by @​benkoshy in rails/sprockets#754
• Rack 3 support by @​lsylvester in rails/sprockets#758
• Make Sprockets::Utils.module_include thread safe on JRuby by @​ntkme in rails/sprockets#759
• Fix thread safety of Sprockets::CachedEnvironment and Sprockets::Cache::MemoryStore by @​eregon in rails/sprockets#771

New Contributors

• @​ursm made their first contribution in rails/sprockets#751
• @​benkoshy made their first contribution in rails/sprockets#756
• @​ntkme made their first contribution in rails/sprockets#759

Full Changelog: rails/sprockets@v4.1.1...v4.2.0

v4.1.1

• Fix Sprockets::Server to return response headers to compatible with with Rack::Lint 2.0.

Full Changelog: rails/sprockets@v4.1.0...v4.1.1

v4.1.0

What's Changed

• Lowercase all response headers by @​amatsuda in rails/sprockets#744
• Ensure compatibility with esbuilds' base32 digests by @​dhh in rails/sprockets#726
• cache nil values in the CachedEnvironment by @​lsylvester in rails/sprockets#723
• Explain configuration for Rails engines by @​pjmorse in rails/sprockets#694
• Get rid off undefined method `start_with?' for nil:NilClass error by @​dakolech in rails/sprockets#684
• Added support for ERB in webmanifest files by @​mashedkeyboard in rails/sprockets#608
• Set application/js-sourcemap+json charset to unicode by @​andresakata in rails/sprockets#669
• Adding directive depends_on_directory by @​jessecollier in rails/sprockets#668
• Fix cache key for coffee script processor by @​code-constructor in rails/sprockets#670
• Add text/ejs to register_transformer_suffix for ERBProcessor by @​cgunther in rails/sprockets#674

... (truncated)

Changelog

Sourced from sprockets's changelog.

4.2.1

• Fix for precompile issues when multiple extensions map to the same MIME type (eg. .jpeg / .jpg). #781
• Fix application/css-sourcemap+json charset #764
• Fix compatibility with Rack 2 applications. #790

4.2.0

• Rack 3 compatibility. #758
• Fix thread safety of Sprockets::CachedEnvironment and Sprockets::Cache::MemoryStore. #771
• Add support for Rack 3.0. Headers set by sprockets will now be lower case. #758
• Make Sprockets::Utils.module_include thread safe on JRuby. #759
• Fix typo in asset.rb file. #768

4.1.1

• Fix Sprockets::Server to return response headers to be compatible with Rack::Lint 2.0.

4.1.0

• Allow age to be altered in asset:clean rake task.
• Fix Sprockets::Server to return lower-cased response headers to comply with Rack::Lint 3.0. #744
• Adding new directive depend_on_directory #668
• Fix application/js-sourcemap+json charset #669
• Fix CachedEnvironment caching nil values #723
• Process *.jst.ejs.erb files with ERBProcessor #674
• Fix cache key for coffee script processor to be dependent on the filename #670

4.0.3

• Fix Manifest#find yielding from a Promise causing issue on Ruby 3.1.0-dev. #720
• Better detect the ERB version to avoid deprecation warnings. #719
• Allow assets already fingerprinted to be served through Sprockets::Server
• Do not fingerprint files that already contain a valid digest in their name
• Remove remaining support for Ruby < 2.4.#672

4.0.2

• Fix etag and digest path compilation that were generating string with invalid digest since 4.0.1.

4.0.1

• Fix for Ruby 2.7 keyword arguments warning in base.rb. #660
• Fix for when x_sprockets_linecount is missing from a source map.
• Fix subresource integrity to match the digest of the asset.

4.0.0

• Fixes for Ruby 2.7 keyword arguments warnings #625
• Manifest files are sorted alphabetically #626

... (truncated)

Commits

• 5b040f3 Prepare for 4.2.1
• 0a5879d Remove check CHANGELOG action
• 8ee21cf Use Ruby LSP instead of rebornix.Ruby
• 5d26375 Merge pull request #764 from chadlwilson/fix-css-sourcemap-default-charset
• 572235a Merge branch 'main' into fix-css-sourcemap-default-charset
• 42f7d5e Merge pull request #790 from skipkayhil/hm-fix-rails-7-compat
• d0de178 Merge pull request #768 from jpbalarini/patch-1
• 5d795a7 Fix header casing compatibility with Rails 7
• 6554b6d ...

  Description has been truncated