Bump the bundler group with 5 updates

[dependabot[bot]]

Bumps the bundler group with 5 updates:

Package	From	To
activesupport	7.0.4	7.0.7.1
google-protobuf	3.21.9	3.25.5
nokogiri	1.13.9	1.18.8
rexml	3.2.5	3.3.9
webrick	1.7.0	1.8.2

Updates activesupport from 7.0.4 to 7.0.7.1

Release notes

Sourced from activesupport's releases.

7.0.7.1

Active Support

• Use a temporary file for storing unencrypted files while editing

  [CVE-2023-38037]

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• No changes.

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

... (truncated)

Commits

• c92caef Preparing for 7.0.7.1 release
• 936587d updating version / changelog
• a21d6ed Use a temporary file for storing unencrypted files while editing
• 522c86f Preparing for 7.0.7 release
• 5610cba Sync CHANGELOG with the changes in the repository
• 7e9ffc2 Fix to_s not using :default format with no args
• a8e88e2 Fix Cache::NullStore with local caching for repeated reads
• b18b9df Merge pull request #48800 from robinjam/fix-humanize-nil
• b12fe80 Fix Enumerable#sum for Enumerator#lazy
• e3f80f6 Add lower bound to Listen gem requirement
• Additional commits viewable in compare view

Updates google-protobuf from 3.21.9 to 3.25.5

Commits

• 70e85ae Updating version.json and repo version numbers to: 25.5-dev
• 489aba5 Merge pull request #15984 from mkruskal-google/staleness-fix-25
• 367c7be Regen stale files
• bbbd2de Updating version.json and repo version numbers to: 25.4-dev
• fc222b9 Updating version.json and repo version numbers to: 25.3-dev
• 6ac0447 Updating version.json and repo version numbers to: 25.2-dev
• 7f94235 Updating version.json and repo version numbers to: 25.1
• e4b00c7 Add support for extensions in CRuby, JRuby, and FFI Ruby (#14703) (#14756)
• 2495d4f Add support for options in CRuby, JRuby and FFI (#14594) (#14739)
• 6b5d8db Updating version.json and repo version numbers to: 25.0
• Additional commits viewable in compare view

Updates nokogiri from 1.13.9 to 1.18.8

Release notes

Sourced from nokogiri's releases.

v1.18.8 / 2025-04-21

Security

• [CRuby] Vendored libxml2 is updated to v2.13.8 to address CVE-2025-32414 and CVE-2025-32415. See GHSA-5w6v-399v-w3cc for more information.

36badd2eb281fca6214a5188e24a34399b15d89730639a068d12931e2adc210e  nokogiri-1.18.8-aarch64-linux-gnu.gem
664e0f9a77a7122a66d6c03abba7641ca610769a4728db55ee1706a0838b78a2  nokogiri-1.18.8-aarch64-linux-musl.gem
483b5b9fb33653f6f05cbe00d09ea315f268f0e707cfc809aa39b62993008212  nokogiri-1.18.8-arm64-darwin.gem
17de01ca3adf9f8e187883ed73c672344d3dbb3c260f88ffa1008e8dc255a28e  nokogiri-1.18.8-arm-linux-gnu.gem
6e6d7e71fc39572bd613a82d528cf54392c3de1ba5ce974f05c832b8187a040b  nokogiri-1.18.8-arm-linux-musl.gem
8c7464875d9ca7f71080c24c0db7bcaa3940e8be3c6fc4bcebccf8b9a0016365  nokogiri-1.18.8.gem
41002596960ff854198a20aaeb34cff0d445406d5ad85ba7ca9c3fd0c8f03de0  nokogiri-1.18.8-java.gem
11ab0f76772c5f2d718fb253fca5b74c6ef7628b72bbf8deba6ab1ffc93344cf  nokogiri-1.18.8-x64-mingw-ucrt.gem
024cdfe7d9ae3466bba6c06f348fb2a8395d9426b66a3c82f1961b907945cc0c  nokogiri-1.18.8-x86_64-darwin.gem
4a747875db873d18a2985ee2c320a6070c4a414ad629da625fbc58d1a20e5ecc  nokogiri-1.18.8-x86_64-linux-gnu.gem
ddd735fba49475a395b9ea793bb6474e3a3125b89960339604d08a5397de1165  nokogiri-1.18.8-x86_64-linux-musl.gem

v1.18.7 / 2025-03-31

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.13.7, which is a bugfix release.

57a064ab5440814a69a0e040817bd8154adea68a30d2ff2b3aa515a6a06dbb5f  nokogiri-1.18.7-aarch64-linux-gnu.gem
3e442dc5b69376e84288295fe37cbb890a21ad816a7e571e5e9967b3c1e30cd3  nokogiri-1.18.7-aarch64-linux-musl.gem
083abb2e9ed2646860f6b481a981485a658c6064caafaa81bf1cda1bada2e9d5  nokogiri-1.18.7-arm64-darwin.gem
337d9149deb5ae01022dff7c90f97bed81715fd586aacab0c5809ef933994c5e  nokogiri-1.18.7-arm-linux-gnu.gem
97a26edcc975f780a0822aaf7f7d7427c561067c1c9ee56bd3542960f0c28a6e  nokogiri-1.18.7-arm-linux-musl.gem
6b63ff5defe48f30d1d3b3122f65255ca91df2caf5378c6e0482ce73ff46fb31  nokogiri-1.18.7.gem
2cb83666f35619ec59d24d831bf492e49cfe27b112c222330ee929737f42f2eb  nokogiri-1.18.7-java.gem
681148fbc918aa5d54933d8b48aeb9462ab708d23409797ed750af961107f72b  nokogiri-1.18.7-x64-mingw-ucrt.gem
081d1aa517454ba3415304e2ea51fe411d6a3a809490d0c4aa42799cada417b7  nokogiri-1.18.7-x86_64-darwin.gem
3a0bf946eb2defde13d760f869b61bc8b0c18875afdd3cffa96543cfa3a18005  nokogiri-1.18.7-x86_64-linux-gnu.gem
9d83f8ec1fc37a305fa835d7ee61a4f37899e6ccc6dcb05be6645fa9797605af  nokogiri-1.18.7-x86_64-linux-musl.gem

v1.18.6 / 2025-03-24

Fixed

... (truncated)

Changelog

Sourced from nokogiri's changelog.

v1.18.8 / 2025-04-21

Security

• [CRuby] Vendored libxml2 is updated to v2.13.8 to address CVE-2025-32414 and CVE-2025-32415. See GHSA-5w6v-399v-w3cc for more information.

v1.18.7 / 2025-03-31

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.13.7, which is a bugfix release.

v1.18.6 / 2025-03-24

Fixed

• [JRuby] In HTML documents, Node#attribute now returns the correct attribute. This has been broken, and returning nil, since v1.17.0. (#3487) @​flavorjones

v1.18.5 / 2025-03-19

Fixed

• [JRuby] Update JRuby's XML serialization so it outputs namespaces exactly like CRuby. (#3455, #3456) @​johnnyshields

v1.18.4 / 2025-03-14

Security

• [CRuby] Vendored libxslt is updated to v1.1.43 to address CVE-2025-24855 and CVE-2024-55549. See GHSA-mrxw-mxhj-p664 for more information.

v1.18.3 / 2025-02-18

Security

• [CRuby] Vendored libxml2 is updated v2.13.6 to address CVE-2025-24928 and CVE-2024-56171. See GHSA-vvfq-8hwr-qm4m for more information.

v1.18.2 / 2024-01-19

Fixed

• When performing a CSS selector query, an XML document's root namespace declarations should not be applied to wildcard selectors ("*"). Fixes a bug introduced in v1.17.0. (#3411) @​flavorjones

v1.18.1 / 2024-12-29

... (truncated)

Commits

• 9187f4a version bump to v1.18.8
• 1deea04 dep: libxml2 to v2.13.8 (branch v1.18.x) (#3509)
• 6457fe6 dep: libxml2 to v2.13.8
• 13e8aa4 version bump to v1.18.7
• 605699d dep: bump libxml2 to 2.13.7 (v1.18.x backport) (#3495)
• 804e590 dep: bump libxml2 to 2.13.7
• 52bf15b dep(dev): drop Rubocop from JRuby deps
• 189769d version bump to v1.18.6
• de4982f fix(jruby): Node#attribute in HTML documents (v1.18.x) (#3492)
• 7d95b0f fix(jruby): Node#attribute in HTML documents
• Additional commits viewable in compare view

Updates rexml from 3.2.5 to 3.3.9

Release notes

Sourced from rexml's releases.

REXML 3.3.9 - 2024-10-24

Improvements

• Improved performance.
  • GH-210
  • Patch by NAITOH Jun.

Fixes

• Fixed a parse bug for text only invalid XML.

  • GH-215
  • Patch by NAITOH Jun.

• Fixed a parse bug that &#0x...; is accepted as a character reference.

Thanks

• NAITOH Jun

REXML 3.3.8 - 2024-09-29

Improvements

• SAX2: Improve parse performance.
  • GH-207
  • Patch by NAITOH Jun.

Fixes

• Fixed a bug that unexpected attribute namespace conflict error for the predefined "xml" namespace is reported.
  • GH-208
  • Patch by KITAITI Makoto

Thanks

• NAITOH Jun

• KITAITI Makoto

REXML 3.3.7 - 2024-09-04

Improvements

• Added local entity expansion limit methods
  • GH-192
  • GH-202
  • Reported by takuya kodama.

... (truncated)

Changelog

Sourced from rexml's changelog.

3.3.9 - 2024-10-24 {#version-3-3-9}

Improvements

• Improved performance.
  • GH-210
  • Patch by NAITOH Jun.

Fixes

• Fixed a parse bug for text only invalid XML.

  • GH-215
  • Patch by NAITOH Jun.

• Fixed a parse bug that &#0x...; is accepted as a character reference.

Thanks

• NAITOH Jun

3.3.8 - 2024-09-29 {#version-3-3-8}

Improvements

• SAX2: Improve parse performance.
  • GH-207
  • Patch by NAITOH Jun.

Fixes

• Fixed a bug that unexpected attribute namespace conflict error for the predefined "xml" namespace is reported.
  • GH-208
  • Patch by KITAITI Makoto

Thanks

• NAITOH Jun

• KITAITI Makoto

3.3.7 - 2024-09-04 {#version-3-3-7}

Improvements

• Added local entity expansion limit methods
  • GH-192
  • GH-202
  • Reported by takuya kodama.

... (truncated)

Commits

• 38eaa86 Add 3.3.9 entry
• ce59f2e parser: fix a bug that &#0x...; is accepted as a character reference
• a09646d test: fix indent
• cf0fb9c Fix IOSource#readline for @pending_buffer (#215)
• 1d0c362 Optimize IOSource#read_until method (#210)
• 622011f Bump version
• 036d508 test: avoid using needless non ASCII characters
• 4197054 Add 3.3.8 entry
• 78f8712 Fix handling with "xml:" prefixed namespace (#208)
• 2e1cd64 Optimize SAX2Parser#get_namespace (#207)
• Additional commits viewable in compare view

Updates webrick from 1.7.0 to 1.8.2

Release notes

Sourced from webrick's releases.

v1.8.2

What's Changed

• Drop commented-out line by @​olleolleolle in ruby/webrick#108
• Add Ruby 3.1 & 3.2 to CI matrix by @​tricknotes in ruby/webrick#109
• Fix/redos by @​ooooooo-q in ruby/webrick#114
• Raise HTTPStatus::BadRequest for requests with invalid/duplicate content-length headers by @​jeremyevans in ruby/webrick#120
• Bump actions/checkout from 3 to 4 by @​dependabot in ruby/webrick#121
• Improve CI by @​hsbt in ruby/webrick#123
• Fix WEBrick::TestFileHandler#test_short_filename test not working on mswin by @​KJTsanaktsidis in ruby/webrick#128
• Fix bug chunk extension detection by @​jeremyevans in ruby/webrick#125
• Fix CI. by @​ioquatix in ruby/webrick#131
• Merge multiple cookie headers, preserving semantic correctness. by @​ioquatix in ruby/webrick#130
• Test on macos-latest by @​byroot in ruby/webrick#132
• Require CRLF line endings in request line and headers by @​jeremyevans in ruby/webrick#138
• Prefer squigly heredocs. by @​ioquatix in ruby/webrick#143
• Only strip space and horizontal tab in headers by @​jeremyevans in ruby/webrick#141
• Treat missing CRLF separator after headers as an EOFError by @​jeremyevans in ruby/webrick#142
• Return 400 response for chunked requests with unexpected data after chunk by @​jeremyevans in ruby/webrick#136
• Fix reference to URI::REGEXP::PATTERN::HOST by @​casperisfine in ruby/webrick#144
• Prevent request smuggling by @​jeremyevans in ruby/webrick#146

New Contributors

• @​tricknotes made their first contribution in ruby/webrick#109
• @​ooooooo-q made their first contribution in ruby/webrick#114
• @​KJTsanaktsidis made their first contribution in ruby/webrick#128
• @​byroot made their first contribution in ruby/webrick#132
• @​casperisfine made their first contribution in ruby/webrick#144

Full Changelog: https://github.com/ruby/webrick/compare/v1.8.1...v1.8.2

v1.8.1

What's Changed

• Body should be non-frozen by default. by @​ioquatix in ruby/webrick#103
• Join test thread. by @​ioquatix in ruby/webrick#104
• Fix several regexp warnings. by @​ioquatix in ruby/webrick#105

Full Changelog: https://github.com/ruby/webrick/compare/v1.8.0...v1.8.1

v1.8.0

What's Changed

• Use frozen strings by @​kirs in ruby/webrick#65
• Use test-unit by @​hsbt in ruby/webrick#66
• More rubies on CI, deprecating ruby 2.3 due to test failure by @​mathieujobin in ruby/webrick#68
• Adds common mime types by @​gotoken in ruby/webrick#75
• add mime type for .webmanifest extension by @​olleolleolle in ruby/webrick#76
• CI: use bundler-cache: true by @​olleolleolle in ruby/webrick#79
• Typo by @​printfinn in ruby/webrick#78
• s/RubyVM::JIT/RubyVM::MJIT/g by @​k0kubun in ruby/webrick#82
• Fix invalid use of IP addresses in SNI by @​jeremyevans in ruby/webrick#83

... (truncated)

Commits

• 0fb9de6 Bump up v1.8.2
• b9a4c81 Removed trailing spaces
• f5faca9 Prevent request smuggling
• 0c600e1 Fix reference to URI::REGEXP::PATTERN::HOST
• 15a9391 Return 400 response for chunked requests with unexpected data after chunk
• 2b38d56 Treat missing CRLF separator after headers as an EOFError
• e4efb4a Remove unnecessary gsub calls in test_httprequest.rb
• 426e214 Only strip space and horizontal tab in headers
• e72cb69 Prefer squigly heredocs. (#143)
• ee60354 Require CRLF line endings in request line and headers
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the Security Alerts page.