🚨 [security] Update html-proofer: 3.14.1 → 3.17.0 (minor)

[depfu]

---

Welcome to Depfu 👋

This is one of the first three pull requests with dependency updates we've sent your way. We tried to start with a few easy patch-level updates. Hopefully your tests will pass and you can merge this pull request without too much risk. This should give you an idea how Depfu works in general.

After you merge your first pull request, we'll send you a few more. We'll never open more than seven PRs at the same time so you're not getting overwhelmed with updates.

Let us know if you have any questions. Thanks so much for giving Depfu a try!

---

---

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

---

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ html-proofer (3.14.1 → 3.17.0) · Repo

Release Notes

3.16.0

• Add support for before_request: #577

3.15.0

• #362

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 63 commits:

• :gem: bump to 3.17.0
• Merge pull request #592 from gjtorikian/rubocop
• minor fixes
• lint
• Merge pull request #590 from gjtorikian/support-local-cache
• Merge pull request #591 from gjtorikian/check-source
• test source tags
• stupid ordering stuff
• Remove needless duplication
• fix tests
• support cache for internal links
• it's ok
• Merge pull request #586 from iBobik/patch-2
• Replaced reccomanded Docker image
• :gem: bump to 3.16.0
• :gem: bump to 3.16.0
• Merge pull request #577 from asbjornu/feature/before-request
• Update README
• Merge pull request #578 from gjtorikian/allow-at-sign
• Rubocop
• Correctly broken
• Allow for at-signs
• Add HTMLProofer::Runner#before_request
• :gem: bump to 3.15.3
• Merge pull request #556 from riccardoporreca/fix-recheck-failure
• Merge branch 'master' into fix-recheck-failure
• :gem: bump to 3.15.2
• Merge pull request #560 from gjtorikian/leave-semicolon-attr
• Fix tests
• Ruby 2.3 is gone
• tr away semicolons
• Report on errors here
• ticks
• Provide Timecop updates
• Test alias
• Merge pull request #555 from gjtorikian/parse-failure
• crap, this should always have been on
• not sure why this is not printing properly
• Add more error options
• Assert HTML failures are reported
• minor - improve comments
• No extra empty line detected at block body beginning/end.
• Fix recheck of failures.
• Fix and simplify cache tests on existing URL.
• Merge pull request #551 from dsinn/patch-1
• Minor grammar fix
• Update CODEOWNERS
• :gem: bump to 3.15.1
• Merge pull request #550 from gjtorikian/new-ruby-issues
• Ah Rubocop
• Fix logging issues
• Demonstrate 2.7 break
• Hide vendor/cache
• :gem: bump to 3.15.0
• Merge pull request #362 from jeremy/html5
• rubocop!!
• Add missing docs
• Slight gem fixes
• Add doctype to valid doc fixture
• rubocop
• Merge branch 'master' into html5
• CI trigger?
• Report errors

↗️ ffi (indirect, 1.11.2 → 1.13.1) · Repo · Changelog

Release Notes

1.13.1 (from changelog)

Changed:

• Revert use of ucrtbase.dll as default C library on Windows-MINGW. ucrtbase.dll is still used on MSWIN target. #790
• Test for ffi_prep_closure_loc() to make sure we can use this function. This fixes incorrect use of system libffi on MacOS Mojave (10.14). #787
• Update types.conf on x86_64-dragonflybsd

1.13.0 (from changelog)

Added:

• Add TruffleRuby support. Almost all specs are running on TruffleRuby and succeed. #768
• Add ruby source files to the java gem. This allows to ship the Ruby library code per platform java gem and add it as a default gem to JRuby. #763
• Add FFI::Platform::LONG_DOUBLE_SIZE
• Add bounds checks for writing to an inline char[] . #756
• Add long double as callback return value. #771
• Update type definitions and add types from stdint.h and stddef.h on i386-windows, x86_64-windows, x86_64-darwin, x86_64-linux, arm-linux, powerpc-linux. #749
• Add new type definitions for powerpc-openbsd and sparcv9-openbsd. #775, #778

Changed:

• Raise required ruby version to >= 2.3.
• Lots of cleanups and improvements in library, specs and benchmarks.
• Fix a lot of compiler warnings at the C-extension
• Fix several install issues on MacOS:
  • Look for libffi in SDK paths, since recent versions of macOS removed it from /usr/include . #757
  • Fix error ld: library not found for -lgcc_s.10.4
  • Don't built for i386 architecture as it is deprecated
• Several fixes for MSVC build on Windows. #779
• Use ucrtbase.dll as default C library on Windows instead of old msvcrt.dll. #779
• Update builtin libffi to fix a Powerpc issue with parameters of type long
• Allow unmodified sourcing of (the ruby code of) this gem in JRuby and TruffleRuby as a default gem. #747
• Improve check to detect if a module has a #find_type method suitable for FFI. This fixes compatibility with stdlib mkmf . #776

Removed:

• Reject callback with :string return type at definition, because it didn't work so far and is not save to use. #751, #782

1.12.2 (from changelog)

• Fix possible segfault at FFI::Struct#[] and []= after GC.compact . #742

1.12.1 (from changelog)

Added:

• Add binary gem support for ruby-2.7 on Windows

1.12.0 (from changelog)

Added:

• FFI::VERSION is defined as part of require 'ffi' now. It is no longer necessary to require 'ffi/version' .

Changed:

• Update libffi to latest master.

Deprecated:

• Overwriting struct layouts is now warned and will be disallowed in ffi-2.0. #734, #735

1.11.3 (from changelog)

Removed:

• Remove support for tainted objects which cause deprecation warnings in ruby-2.7. #730

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ nokogiri (indirect, 1.10.5 → 1.10.10) · Repo · Changelog

Security Advisories 🚨

🚨 xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

Pulled in upstream patch from libxml that addresses CVE-2020-7595. Full details are available in #1992. Note that this patch is not yet (as of 2020-02-10) in an upstream release of libxml.

Release Notes

1.10.10

1.10.10 / 2020-07-06

Features

• [MRI] Cross-built Windows gems now support Ruby 2.7 [#2029]. Note that prior to this release, the v1.11.x prereleases provided this support.

1.10.9

1.10.9 / 2020-03-01

Fixed

• [MRI] Raise an exception when Nokogiri detects a specific libxml2 edge case involving blank Schema nodes wrapped by Ruby objects that would cause a segfault. Currently no fix is available upstream, so we're preventing a dangerous operation and informing users to code around it if possible. [#1985, #2001]
• [JRuby] Change NodeSet#to_a to return a RubyArray instead of Object, for compilation under JRuby 9.2.9 and later. [#1968, #1969] (Thanks, @headius!)

1.10.8

1.10.8 / 2020-02-10

Security

[MRI] Pulled in upstream patch from libxml that addresses CVE-2020-7595. Full details are available in #1992. Note that this patch is not yet (as of 2020-02-10) in an upstream release of libxml.

1.10.7

1.10.7 / 2019-12-03

Bug

• [MRI] Ensure the patch applied in v1.10.6 works with GNU patch. [#1954]

1.10.6

1.10.6 / 2019-12-03

Bug

• [MRI] Fix FreeBSD installation of vendored libxml2. [#1941, #1953] (Thanks, @nurse!)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 24 commits:

• version bump to v1.10.10
• update CHANGELOG for v1.10.10
• Merge branch '2029-windows-support-for-ruby-27-on-v110x' into v1.10.x
• Support fat binary gems for ruby-2.7
• ci: only manage the v1.10.x pipeline on this branch
• version bump to v1.10.9
• update CHANGELOG
• Change return type to RubyArray
• update CHANGELOG for #1985
• Work around a bug in libxml2
• version bump to v1.10.8
• update CHANGELOG for v1.10.8
• remove patches from the hoe Manifest
• update to use rake-compiler ~1.1.0
• backport libxml2 patch for CVE-2020-7595
• version bump to v1.10.7
• update CHANGELOG
• Fix the patch from #1953 to work with both `git` and `patch`
• Fix typo in generated metadata
• add gem metadata
• version bump to v1.10.6
• update CHANGELOG
• Add a patch to fix libxml2.la's path
• add security note to CHANGELOG

↗️ parallel (indirect, 1.19.0 → 1.20.0) · Repo

Commits

See the full diff on Github. The new version differs by 23 commits:

• v1.20.0
• Merge pull request #285 from grosser/grosser/break
• allow breaking with value
• Merge pull request #278 from grosser/grosser/ci
• remove cert
• fix errors
• bump rake to fix warnings
• bump rails
• bump ruby requirements
• bump AR
• fix ci
• v1.19.2
• Merge pull request #277 from grosser/grosser/timeout
• Allow timeout usage inside of threads
• simplify activerecord wording
• Merge pull request #272 from kakra/fixes/issue-150
• docs: Improve notes about ActiveRecord
• v1.19.1
• Merge pull request #271 from grosser/grosser/exc
• rescue core exceptions like rspec does
• Merge pull request #270 from orien/gem-metadata
• Documentation is the readme
• Add project metadata to the gemspec

↗️ typhoeus (indirect, 1.3.1 → 1.4.0) · Repo · Changelog

Release Notes

1.4.0 (from changelog)

Full Changelog

1 feature

• Faraday adapter exceptions namespace compatibility with Faraday v1 (@iMacTia in #616)

3 Others

• Yard warning fixes (@olleolleolle in #622)
• Add more Ruby versions in CI matrix (@olleolleolle in #623)
• Use of argument passed in function instead of attr_reader (@v-kolesnikov in #625)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 26 commits:

• Merge pull request #643 from ruslankhaertdinov/update_readme
• Update README
• Merge pull request #633 from tors/patch-1
• Test if the call is made when cache is not present. No new request is made when there’s a cache hit.
• Bump to v1.4.0
• Correct version
• Bump to v1.4.1
• Merge pull request #625 from v-kolesnikov/patch-1
• Fix using an argument in `EasyFactory#sanitize`
• Merge pull request #622 from olleolleolle/fix/yard-warnings
• Merge pull request #623 from olleolleolle/patch-1
• Fix YARD mis-annotation
• Avoid YARD warnings
• Use Request caching mechanism in Hydra
• CI: Extend and update matrix
• Merge pull request #636 from typhoeus/fix-master-build
• Expect correct error to be raised
• Merge pull request #635 from typhoeus/use-cache-key-for-rails-store
• Merge pull request #630 from codetriage-readme-bot/codetriage-badge
• Use Queue to avoid concurrency issues
• Use different platforms for older Rubies
• Call `Request#cache_key` to set the key for Rails cache store
• Add CodeTriage badge to typhoeus/typhoeus
• Update codeclimate maintainability badge
• Merge pull request #616 from iMacTia/patch-1
• Makes faraday adapter compatible with Faraday 1.0

↗️ yell (indirect, 2.2.0 → 2.2.2) · Repo

Sorry, we couldn't find anything useful about this release.

🆕 nokogumbo (added, 2.0.2)

---

👉 No CI detected

You don't seem to have any Continuous Integration service set up!

Without a service that will test the Depfu branches and pull requests, we can't inform you if incoming updates actually work with your app. We think that this degrades the service we're trying to provide down to a point where it is more or less meaningless.

This is fine if you just want to give Depfu a quick try. If you want to really let Depfu help you keep your app up-to-date, we recommend setting up a CI system:

• Circle CI, Semaphore and Travis-CI are all excellent options.
• If you use something like Jenkins, make sure that you're using the Github integration correctly so that it reports status data back to Github.
• If you have already set up a CI for this repository, you might need to check your configuration. Make sure it will run on all new branches. If you don’t want it to run on every branch, you can whitelist branches starting with depfu/.

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)

[github-learning-lab]

I was expecting your file to be named _posts/0000-01-02-AnjaPrivat.md.

Let's edit this pull request to fix both of these issues.

⌨️ Activity: Fixing your pull request

1. Click the Files Changed tab in this pull request
2. Verify that the only file edited is named _posts/0000-01-02-AnjaPrivat.md.
3. If the file is improperly named, or not in a proper location, use the edit function to correct it.
4. Above the contents of the file, select all text in the field that contains the filename and delete it.
5. Continue pressing your backspace key to also delete any directory names that exist.
6. Type the proper filename:

   _posts/0000-01-02-AnjaPrivat.md

7. Scroll to the bottom and enter a commit message and commit in the Commit Changes section.

Note: Can't find the button to edit the file? It may look like a pencil, or it may look like three dots.

If you would like assistance troubleshooting the issue you are encountering, create a post on the GitHub Community board. You might also want to search for your issue to see if other people have resolved it in the past.

---

I'll respond below when I detect a commit on this branch.

[depfu]

Closed in favor of #19.