build(deps): bump the bundler group across 7 directories with 10 updates

[dependabot]

Bumps the bundler group with 2 updates in the /pkgs/tools/misc/t directory: addressable and oauth.
Bumps the bundler group with 1 update in the /pkgs/tools/misc/riemann-tools directory: json.
Bumps the bundler group with 2 updates in the /pkgs/tools/misc/polar directory: google-protobuf and nokogiri.
Bumps the bundler group with 2 updates in the /pkgs/tools/misc/html-proofer directory: addressable and nokogiri.
Bumps the bundler group with 4 updates in the /pkgs/tools/misc/fluentd directory: google-protobuf, fluentd, aws-sdk-s3 and webrick.
Bumps the bundler group with 1 update in the /pkgs/tools/audio/mpdcron directory: nokogiri.
Bumps the bundler group with 1 update in the /pkgs/tools/admin/oxidized directory: json.

Updates addressable from 2.6.0 to 2.8.0

Changelog

Sourced from addressable's changelog.

Addressable 2.8.0

• fixes ReDoS vulnerability in Addressable::Template#match
• no longer replaces + with spaces in queries for non-http(s) schemes
• fixed encoding ipv6 literals
• the :compacted flag for normalized_query now dedupes parameters
• fix broken escape_component alias
• dropping support for Ruby 2.0 and 2.1
• adding Ruby 3.0 compatibility for development tasks
• drop support for rack-mount and remove Addressable::Template#generate
• performance improvements
• switch CI/CD to GitHub Actions

Addressable 2.7.0

• added :compacted flag to normalized_query
• heuristic_parse handles mailto: more intuitively
• dropped explicit support for JRuby 9.0.5.0
• compatibility w/ public_suffix 4.x
• performance improvements

Commits

• 6469a23 Updating gemspec again
• 2433638 Merge branch 'main' of github.com:sporkmonger/addressable into main
• e9c76b8 Merge pull request #378 from ashmaroli/flat-map
• 56c5cf7 Update the gemspec
• c1fed1c Require a non-vulnerable rake
• 0d8a312 Adding note about ReDoS vulnerability
• 89c7613 Merge branch 'template-regexp' into main
• cf8884f Note about alias fix
• bb03f71 Merge pull request #371 from charleystran/add_missing_encode_component_doc_entry
• 6d1d809 Adding note about :compacted normalization
• Additional commits viewable in compare view

Updates oauth from 0.5.4 to 0.5.5

Release notes

Sourced from oauth's releases.

Version 0.5.5

Fixed security issue and cleaned up codebase.

Changelog

Sourced from oauth's changelog.

[0.5.5] 2020-01-19

• TAG: [v0.5.5][0.5.5t]

Added

• Add :allow_empty_params option (#155)

Changed

• Allow redirect to different host but same path
• Various cleanups

Fixed

• Fixes ssl-noverify
• Fixed README example (#158, #159, by @​pboling)

Commits

• d453cee Update HISTORY
• 9919f7f Merge pull request #153 from moneybird/master
• 952cea5 Update HISTORY
• b5d8055 Merge pull request #155 from shotgunsoftware/master
• 6385e03 Merge pull request #171 from galois17/feature-add-examples
• 048c121 Merge pull request #170 from galois17/feature-update-history-0.5.5
• 783e34d Add another example
• 7442595 Update history for 0.5.5 release
• 93602bc Merge pull request #168 from galois17/fix-ssl-noverify
• 87064ce Merge branch 'fix-mocha-version' of github.com:galois17/oauth-ruby into fix-s...
• Additional commits viewable in compare view

Updates json from 1.8.6 to 2.3.0

Release notes

Sourced from json's releases.

v2.3.0

What's Changed

• README: Docs at rubydoc.info, not on rubyforge by @​olleolleolle in flori/json#376
• Remove RubyForge homepage reference by @​olleolleolle in flori/json#378
• Add ascii_only option to JSON::Ext::Generator::State.new. by @​sho-h in flori/json#367
• Gemspec: Drop EOL'd property rubyforge_project by @​olleolleolle in flori/json#381
• Backport ruby core changes by @​hsbt in flori/json#388
• Minor cleanup for ruby 2.7 warnings and failures. by @​zenspider in flori/json#389
• relax test-unit version for old ruby by @​hsbt in flori/json#390
• Bump versions for 2.3.0. by @​headius in flori/json#391

New Contributors

• @​zenspider made their first contribution in flori/json#389

Full Changelog: ruby/json@v2.2.0...v2.3.0

v2.2.0

What's Changed

• Fixed json_create example to use create_additions = true by @​perlun in flori/json#331
• README: Fixed code examples to start in the left-most column by @​perlun in flori/json#330
• Added missing bigdecimal for its test by @​hsbt in flori/json#335
• README: Added note about json/add/exception by @​perlun in flori/json#332
• fix link in travis widget by @​lostapathy in flori/json#340
• [CI] Test against Ruby 2.5 by @​nicolasleger in flori/json#352
• Removed control characters from gemspec. by @​hsbt in flori/json#360
• Fix typos in README.md by @​yui-knk in flori/json#363
• Backport from Ruby core repository by @​hsbt in flori/json#359
• Fix for bigdecimal updates by @​mrkn in flori/json#362
• Fix a typo. by @​sho-h in flori/json#369
• fix JSON::Generator::State#ascii_only? document same as lib/json/pure/generator.rb. by @​sho-h in flori/json#366

New Contributors

• @​lostapathy made their first contribution in flori/json#340
• @​nicolasleger made their first contribution in flori/json#352
• @​yui-knk made their first contribution in flori/json#363

Full Changelog: ruby/json@v2.1.0...v2.2.0

v2.1.0

What's Changed

• README.md typo fix by @​kaworu in flori/json#300
• Correct documentation of OpenStruct.json_create by @​kyanagi in flori/json#301
• No Bignum by @​nobu in flori/json#302
• CHANGES.md: Fixed typo by @​perlun in flori/json#306
• Actually test BigDecimal parsing. by @​xb in flori/json#321
• Back-out change of directory of json-java.gemspec. by @​xb in flori/json#323

New Contributors

• @​kaworu made their first contribution in flori/json#300
• @​kyanagi made their first contribution in flori/json#301

... (truncated)

Changelog

Sourced from json's changelog.

2019-12-11 (2.3.0)

• Fix default of create_additions to always be false for JSON(user_input) and JSON.parse(user_input, nil). Note that JSON.load remains with default true and is meant for internal serialization of trusted data. [CVE-2020-10663]
• Fix passing args all #to_json in json/add/*.
• Fix encoding issues
• Fix issues of keyword vs positional parameter
• Fix JSON::Parser against bigdecimal updates
• Bug fixes to JRuby port

2019-02-21 (2.2.0)

• Adds support for 2.6 BigDecimal and ruby standard library Set datetype.

2017-04-18 (2.1.0)

• Allow passing of decimal_class option to specify a class as which to parse JSON float numbers.

2017-03-23 (2.0.4)

• Raise exception for incomplete unicode surrogates/character escape sequences. This problem was reported by Daniel Gollahon (dgollahon).
• Fix arbitrary heap exposure problem. This problem was reported by Ahmad Sherif (ahmadsherif).

2017-01-12 (2.0.3)

• Set required_ruby_version to 1.9
• Some small fixes

2016-07-26 (2.0.2)

• Specify required_ruby_version for json_pure.
• Fix issue #295 failure when parsing frozen strings.

2016-07-01 (2.0.1)

• Fix problem when requiring json_pure and Parser constant was defined top level.
• Add RB_GC_GUARD to avoid possible GC problem via Pete Johns.
• Store current_nesting on stack by Aaron Patterson.

2015-09-11 (2.0.0)

• Now complies to newest JSON RFC 7159.
• Implements compatibility to ruby 2.4 integer unification.
• Removed support for quirks_mode option.
• Drops support for old rubies whose life has ended, that is rubies < 2.0. Also see https://www.ruby-lang.org/en/news/2014/07/01/eol-for-1-8-7-and-1-9-2/
• There were still some mentions of dual GPL licensing in the source, but JSON has just the Ruby license that itself includes an explicit dual-licensing clause that allows covered software to be distributed under the terms of the Simplified BSD License instead for all ruby versions >= 1.9.3. This is however a GPL compatible license according to the Free Software Foundation. I changed these mentions to be consistent with the Ruby license setting in the gemspec files which were already correct now.

Commits

• 92cf5c4 v2.3.0
• 579ae85 Add some more recent jruby
• acabfeb Make tests green on jruby
• c194360 Update travis config
• 49317c1 Ignore log files
• d84439f Merge pull request #391 from headius/prep_2.3.0
• 38f68d1 Bump versions for 2.3.0.
• 40524a9 Merge pull request #390 from flori/relax-test-unit
• 87379e6 relax test-unit version for old ruby
• 05de02f Merge branch 'zenspider-zenspider/ruby-2.7'
• Additional commits viewable in compare view

Updates google-protobuf from 3.15.6 to 3.25.5

Release notes

Sourced from google-protobuf's releases.

Protocol Buffers v3.20.3

Java

• Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder.
• Move proto wireformat parsing functionality from the private "parsing constructor" to the Builder class.
• Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations.
• Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance.
• Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field.
• This release addresses a Security Advisory for Java users

Protocol Buffers v3.20.2

C++

• Reduce memory consumption of MessageSet parsing
• This release addresses a Security Advisory for C++ and Python users

Protocol Buffers v3.19.6

Java

• Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder.
• Move proto wireformat parsing functionality from the private "parsing constructor" to the Builder class.
• Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations.
• Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance.
• Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field.
• This release addresses a Security Advisory for Java users

Protocol Buffers v3.19.5

C++

• Reduce memory consumption of MessageSet parsing
• This release addresses a Security Advisory for C++ and Python users

Protocol Buffers v3.18.3

C++

• Reduce memory consumption of MessageSet parsing
• This release addresses a Security Advisory for C++ and Python users

Protobuf Release v3.16.3

Java

• Refactoring java full runtime to reuse sub-message builders and prepare to

... (truncated)

Commits

• 70e85ae Updating version.json and repo version numbers to: 25.5-dev
• 489aba5 Merge pull request #15984 from mkruskal-google/staleness-fix-25
• 367c7be Regen stale files
• bbbd2de Updating version.json and repo version numbers to: 25.4-dev
• fc222b9 Updating version.json and repo version numbers to: 25.3-dev
• 6ac0447 Updating version.json and repo version numbers to: 25.2-dev
• 7f94235 Updating version.json and repo version numbers to: 25.1
• e4b00c7 Add support for extensions in CRuby, JRuby, and FFI Ruby (#14703) (#14756)
• 2495d4f Add support for options in CRuby, JRuby and FFI (#14594) (#14739)
• 6b5d8db Updating version.json and repo version numbers to: 25.0
• Additional commits viewable in compare view

Updates nokogiri from 1.11.2 to 1.18.9

Release notes

Sourced from nokogiri's releases.

v1.18.9 / 2025-07-20

Security

• [CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See GHSA-353f-x4gh-cqq8 for more information.

5bcfdf7aa8d1056a7ad5e52e1adffc64ef53d12d0724fbc6f458a3af1a4b9e32  nokogiri-1.18.9-aarch64-linux-gnu.gem
55e9e6ca46c4ad1715e313f407d8481d15be1e3b65d9f8e52ba1c124d01676a7  nokogiri-1.18.9-aarch64-linux-musl.gem
eea3f1f06463ff6309d3ff5b88033c4948d0da1ab3cc0a3a24f63c4d4a763979  nokogiri-1.18.9-arm64-darwin.gem
fe611ae65880e445a9c0f650d52327db239f3488626df4173c05beafd161d46e  nokogiri-1.18.9-arm-linux-gnu.gem
935605e14c0ba17da18d203922440bf6c0676c602659278d855d4622d756a324  nokogiri-1.18.9-arm-linux-musl.gem
ac5a7d93fd0e3cef388800b037407890882413feccca79eb0272a2715a82fa33  nokogiri-1.18.9.gem
1fe5b7aa4a054eda689a969bb4e03999960a6ea806582d327207d687168bceb5  nokogiri-1.18.9-java.gem
6b4fc1523aa0370c78653e38c94cb50e7f3ab786425de66ba7ad24222c1164a3  nokogiri-1.18.9-x64-mingw-ucrt.gem
e0d2deb03d3d7af8016e8c9df5ff4a7d692159cefb135cbb6a4109f265652348  nokogiri-1.18.9-x86_64-darwin.gem
b52f5defedc53d14f71eeaaf990da66b077e1918a2e13088b6a96d0230f44360  nokogiri-1.18.9-x86_64-linux-gnu.gem
e69359d6240c17e64cc9f43970d54f13bfc7b8cc516b819228f687e953425e69  nokogiri-1.18.9-x86_64-linux-musl.gem

v1.18.8 / 2025-04-21

Security

• [CRuby] Vendored libxml2 is updated to v2.13.8 to address CVE-2025-32414 and CVE-2025-32415. See GHSA-5w6v-399v-w3cc for more information.

36badd2eb281fca6214a5188e24a34399b15d89730639a068d12931e2adc210e  nokogiri-1.18.8-aarch64-linux-gnu.gem
664e0f9a77a7122a66d6c03abba7641ca610769a4728db55ee1706a0838b78a2  nokogiri-1.18.8-aarch64-linux-musl.gem
483b5b9fb33653f6f05cbe00d09ea315f268f0e707cfc809aa39b62993008212  nokogiri-1.18.8-arm64-darwin.gem
17de01ca3adf9f8e187883ed73c672344d3dbb3c260f88ffa1008e8dc255a28e  nokogiri-1.18.8-arm-linux-gnu.gem
6e6d7e71fc39572bd613a82d528cf54392c3de1ba5ce974f05c832b8187a040b  nokogiri-1.18.8-arm-linux-musl.gem
8c7464875d9ca7f71080c24c0db7bcaa3940e8be3c6fc4bcebccf8b9a0016365  nokogiri-1.18.8.gem
41002596960ff854198a20aaeb34cff0d445406d5ad85ba7ca9c3fd0c8f03de0  nokogiri-1.18.8-java.gem
11ab0f76772c5f2d718fb253fca5b74c6ef7628b72bbf8deba6ab1ffc93344cf  nokogiri-1.18.8-x64-mingw-ucrt.gem
024cdfe7d9ae3466bba6c06f348fb2a8395d9426b66a3c82f1961b907945cc0c  nokogiri-1.18.8-x86_64-darwin.gem
4a747875db873d18a2985ee2c320a6070c4a414ad629da625fbc58d1a20e5ecc  nokogiri-1.18.8-x86_64-linux-gnu.gem
ddd735fba49475a395b9ea793bb6474e3a3125b89960339604d08a5397de1165  nokogiri-1.18.8-x86_64-linux-musl.gem

v1.18.7 / 2025-03-31

Dependencies

... (truncated)

Changelog

Sourced from nokogiri's changelog.

v1.18.9 / 2025-07-20

Security

• [CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See GHSA-353f-x4gh-cqq8 for more information.

v1.18.8 / 2025-04-21

Security

• [CRuby] Vendored libxml2 is updated to v2.13.8 to address CVE-2025-32414 and CVE-2025-32415. See GHSA-5w6v-399v-w3cc for more information.

v1.18.7 / 2025-03-31

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.13.7, which is a bugfix release.

v1.18.6 / 2025-03-24

Fixed

• [JRuby] In HTML documents, Node#attribute now returns the correct attribute. This has been broken, and returning nil, since v1.17.0. (#3487) @​flavorjones

v1.18.5 / 2025-03-19

Fixed

• [JRuby] Update JRuby's XML serialization so it outputs namespaces exactly like CRuby. (#3455, #3456) @​johnnyshields

v1.18.4 / 2025-03-14

Security

• [CRuby] Vendored libxslt is updated to v1.1.43 to address CVE-2025-24855 and CVE-2024-55549. See GHSA-mrxw-mxhj-p664 for more information.

v1.18.3 / 2025-02-18

Security

• [CRuby] Vendored libxml2 is updated v2.13.6 to address CVE-2025-24928 and CVE-2024-56171. See GHSA-vvfq-8hwr-qm4m for more information.

v1.18.2 / 2024-01-19

... (truncated)

Commits

• 1dcd8ce version bump to v1.18.9
• a05d2b4 Apply upstream patches to address multiple vulnerabilities (#3526)
• 947a55e Apply upstream patches to address multiple vulnerabilities
• 9187f4a version bump to v1.18.8
• 1deea04 dep: libxml2 to v2.13.8 (branch v1.18.x) (#3509)
• 6457fe6 dep: libxml2 to v2.13.8
• 13e8aa4 version bump to v1.18.7
• 605699d dep: bump libxml2 to 2.13.7 (v1.18.x backport) (#3495)
• 804e590 dep: bump libxml2 to 2.13.7
• 52bf15b dep(dev): drop Rubocop from JRuby deps
• Additional commits viewable in compare view

Updates addressable from 2.7.0 to 2.8.0

Changelog

Sourced from addressable's changelog.

Addressable 2.8.0

• fixes ReDoS vulnerability in Addressable::Template#match
• no longer replaces + with spaces in queries for non-http(s) schemes
• fixed encoding ipv6 literals
• the :compacted flag for normalized_query now dedupes parameters
• fix broken escape_component alias
• dropping support for Ruby 2.0 and 2.1
• adding Ruby 3.0 compatibility for development tasks
• drop support for rack-mount and remove Addressable::Template#generate
• performance improvements
• switch CI/CD to GitHub Actions

Addressable 2.7.0

• added :compacted flag to normalized_query
• heuristic_parse handles mailto: more intuitively
• dropped explicit support for JRuby 9.0.5.0
• compatibility w/ public_suffix 4.x
• performance improvements

Commits

• 6469a23 Updating gemspec again
• 2433638 Merge branch 'main' of github.com:sporkmonger/addressable into main
• e9c76b8 Merge pull request #378 from ashmaroli/flat-map
• 56c5cf7 Update the gemspec
• c1fed1c Require a non-vulnerable rake
• 0d8a312 Adding note about ReDoS vulnerability
• 89c7613 Merge branch 'template-regexp' into main
• cf8884f Note about alias fix
• bb03f71 Merge pull request #371 from charleystran/add_missing_encode_component_doc_entry
• 6d1d809 Adding note about :compacted normalization
• Additional commits viewable in compare view

Updates nokogiri from 1.11.1 to 1.18.9

Release notes

Sourced from nokogiri's releases.

v1.18.9 / 2025-07-20

Security

• [CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See GHSA-353f-x4gh-cqq8 for more information.

5bcfdf7aa8d1056a7ad5e52e1adffc64ef53d12d0724fbc6f458a3af1a4b9e32  nokogiri-1.18.9-aarch64-linux-gnu.gem
55e9e6ca46c4ad1715e313f407d8481d15be1e3b65d9f8e52ba1c124d01676a7  nokogiri-1.18.9-aarch64-linux-musl.gem
eea3f1f06463ff6309d3ff5b88033c4948d0da1ab3cc0a3a24f63c4d4a763979  nokogiri-1.18.9-arm64-darwin.gem
fe611ae65880e445a9c0f650d52327db239f3488626df4173c05beafd161d46e  nokogiri-1.18.9-arm-linux-gnu.gem
935605e14c0ba17da18d203922440bf6c0676c602659278d855d4622d756a324  nokogiri-1.18.9-arm-linux-musl.gem
ac5a7d93fd0e3cef388800b037407890882413feccca79eb0272a2715a82fa33  nokogiri-1.18.9.gem
1fe5b7aa4a054eda689a969bb4e03999960a6ea806582d327207d687168bceb5  nokogiri-1.18.9-java.gem
6b4fc1523aa0370c78653e38c94cb50e7f3ab786425de66ba7ad24222c1164a3  nokogiri-1.18.9-x64-mingw-ucrt.gem
e0d2deb03d3d7af8016e8c9df5ff4a7d692159cefb135cbb6a4109f265652348  nokogiri-1.18.9-x86_64-darwin.gem
b52f5defedc53d14f71eeaaf990da66b077e1918a2e13088b6a96d0230f44360  nokogiri-1.18.9-x86_64-linux-gnu.gem
e69359d6240c17e64cc9f43970d54f13bfc7b8cc516b819228f687e953425e69  nokogiri-1.18.9-x86_64-linux-musl.gem

v1.18.8 / 2025-04-21

Security

• [CRuby] Vendored libxml2 is updated to v2.13.8 to address CVE-2025-32414 and CVE-2025-32415. See GHSA-5w6v-399v-w3cc for more information.

36badd2eb281fca6214a5188e24a34399b15d89730639a068d12931e2adc210e  nokogiri-1.18.8-aarch64-linux-gnu.gem
664e0f9a77a7122a66d6c03abba7641ca610769a4728db55ee1706a0838b78a2  nokogiri-1.18.8-aarch64-linux-musl.gem
483b5b9fb33653f6f05cbe00d09ea315f268f0e707cfc809aa39b62993008212  nokogiri-1.18.8-arm64-darwin.gem
17de01ca3adf9f8e187883ed73c672344d3dbb3c260f88ffa1008e8dc255a28e  nokogiri-1.18.8-arm-linux-gnu.gem
6e6d7e71fc39572bd613a82d528cf54392c3de1ba5ce974f05c832b8187a040b  nokogiri-1.18.8-arm-linux-musl.gem
8c7464875d9ca7f71080c24c0db7bcaa3940e8be3c6fc4bcebccf8b9a0016365  nokogiri-1.18.8.gem
41002596960ff854198a20aaeb34cff0d445406d5ad85ba7ca9c3fd0c8f03de0  nokogiri-1.18.8-java.gem
11ab0f76772c5f2d718fb253fca5b74c6ef7628b72bbf8deba6ab1ffc93344cf  nokogiri-1.18.8-x64-mingw-ucrt.gem
024cdfe7d9ae3466bba6c06f348fb2a8395d9426b66a3c82f1961b907945cc0c  nokogiri-1.18.8-x86_64-darwin.gem
4a747875db873d18a2985ee2c320a6070c4a414ad629da625fbc58d1a20e5ecc  nokogiri-1.18.8-x86_64-linux-gnu.gem
ddd735fba49475a395b9ea793bb6474e3a3125b89960339604d08a5397de1165  nokogiri-1.18.8-x86_64-linux-musl.gem

v1.18.7 / 2025-03-31

Dependencies

... (truncated)

Changelog

Sourced from nokogiri's changelog.

v1.18.9 / 2025-07-20

Security

• [CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See GHSA-353f-x4gh-cqq8 for more information.

v1.18.8 / 2025-04-21

Security

• [CRuby] Vendored libxml2 is updated to v2.13.8 to address CVE-2025-32414 and CVE-2025-32415. See GHSA-5w6v-399v-w3cc for more information.

v1.18.7 / 2025-03-31

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.13.7, which is a bugfix release.

v1.18.6 / 2025-03-24

Fixed

• [JRuby] In HTML documents, Node#attribute now returns the correct attribute. This has been broken, and returning nil, since v1.17.0. (#3487) @​flavorjones

v1.18.5 / 2025-03-19

Fixed

• [JRuby] Update JRuby's XML serialization so it outputs namespaces exactly like CRuby. (#3455, #3456) @​johnnyshields

v1.18.4 / 2025-03-14

Security

• [CRuby] Vendored libxslt is updated to v1.1.43 to address CVE-2025-24855 and CVE-2024-55549. See GHSA-mrxw-mxhj-p664 for more information.

v1.18.3 / 2025-02-18

Security

• [CRuby] Vendored libxml2 is updated v2.13.6 to address CVE-2025-24928 and CVE-2024-56171. See GHSA-vvfq-8hwr-qm4m for more information.

v1.18.2 / 2024-01-19

... (truncated)

Commits

• 1dcd8ce version bump to v1.18.9
• a05d2b4 Apply upstream patches to address multiple vulnerabilities (#3526)
• 947a55e Apply upstream patches to address multiple vulnerabilities
• 9187f4a version bump to v1.18.8
• 1deea04 dep: libxml2 to v2.13.8 (branch v1.18.x) (#3509)
• 6457fe6 dep: libxml2 to v2.13.8
• 13e8aa4 version bump to v1.18.7
• 605699d dep: bump libxml2 to 2.13.7 (v1.18.x backport) (#3495)
• 804e590 dep: bump libxml2 to 2.13.7
• 52bf15b dep(dev): drop Rubocop from JRuby deps
• Additional commits viewable in compare view

Updates google-protobuf from 3.19.1 to 3.25.5

Release notes

Sourced from google-protobuf's releases.

Protocol Buffers v3.20.3

Java

• Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder.
• Move proto wireformat parsing functionality from the private "parsing constructor" to the Builder class.
• Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations.
• Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance.
• Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field.
• This release addresses a Security Advisory for Java users

Protocol Buffers v3.20.2

C++

• Reduce memory consumption of MessageSet parsing
• This release addresses a Security Advisory for C++ and Python users

Protocol Buffers v3.19.6

Java

• Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder.
• Move proto wireformat parsing functionality from the private "parsing constructor" to the Builder class.
• Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations.
• Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance.
• Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field.
• This release addresses a Security Advisory for Java users

Protocol Buffers v3.19.5

C++

• Reduce memory consumption of MessageSet parsing
• This release addresses a Security Advisory for C++ and Python users

Protocol Buffers v3.18.3

C++

• Reduce memory consumption of MessageSet parsing
• This release addresses a Security Advisory for C++ and Python users

Protobuf Release v3.16.3

Java

• Refactoring java full runtime to reuse sub-message builders and prepare to

... (truncated)

Commits

• 70e85ae Updating version.json and repo version numbers to: 25.5-dev
• 489aba5 Merge pull request #15984 from mkruskal-google/staleness-fix-25
• 367c7be Regen stale files
• bbbd2de Updating version.json and repo version numbers to: 25.4-dev
• fc222b9 Updating version.json and repo version numbers to: 25.3-dev
• 6ac0447 Updating version.json and repo version numbers to: 25.2-dev
• 7f94235 Updating version.json and repo version numbers to: 25.1
• e4b00c7 Add support for extensions in CRuby, JRuby, and FFI Ruby (#14703) (#14756)
• 2495d4f Add support for options in CRuby, JRuby and FFI (#14594) (#14739)
• 6b5d8db Updating version.json and repo version numbers to: 25.0
• Additional commits viewable in compare view

Updates fluentd from 1.14.3 to 1.15.3

Release notes

Sourced from fluentd's releases.

Fluentd v1.15.3

Bug Fix

• #3917 Support glob for !include directive in YAML config format
• #3929 Remove meaningless oj options
• #3939 Fix log initializer to correctly create per-process files on Windows
• #3942 out_file: Fix the multi-worker check with <worker 0-N> directive

Misc

• #3883 #3922 Fix broken tests on Ruby 3.2

Contributors to this release (Alphabetical order)

• Fujimoto Seiji
• Takuro Ashie

Fluentd v1.15.2

Enhancement

• #3857 Add a new system configuration enable_jit

Bug Fix

• #3864 out_file: Fix append mode with --daemon flag
• #3844 child_process: Plug file descriptor leak

Misc

• #3849 #3866 Drop win32-api gem to support Ruby 3.2

Contributors to this release (Alphabetical order)

• Fujimoto Seiji
• Takuro Ashie

Fluentd v1.15.1

Bug Fix

• #3808 Add support for concurrent append in out_file

Misc

• #3829 in_tail: Show more information on skipping update_watcher

Contributors to this release (Alphabetical order)

• Fujimoto Seiji
• Takuro Ashie

... (truncated)

Changelog

Sourced from fluentd's changelog.

Release v1.15.3 - 2022/11/02

Bug Fix

• Support glob for !include directive in YAML config format fluent/fluentd#3917
• Remove meaningless oj options fluent/fluentd#3929
• Fix log initializer to correctly create per-process files on Windows fluent/fluentd#3939
• out_file: Fix the multi-worker check with <worker 0-N> directive fluent/fluentd#3942

Misc

• Fix broken tests on Ruby 3.2 fluent/fluentd#3883 fluent/fluentd#3922

Release v1.15.2 - 2022/08/22

Enhancement

• Add a new system configuration enable_jit fluent/fluentd#3857

Bug Fix

• out_file: Fix append mode with --daemon flag fluent/fluentd#3864
• child_process: Plug file descriptor leak fluent/fluentd#3844

Misc

• Drop win32-api gem to support Ruby 3.2 fluent/fluentd#3849 fluent/fluentd#3866

Release v1.15.1 - 2022/07/27

Bug Fix

• Add support for concurrent append in out_file fluent/fluentd#3808

Misc

• in_tail: Show more information on skipping update_watcher fluent/fluentd#3829

... (truncated)

Commits

• e89092c v1.15.3
• 5e2ef51 Merge pull request #3942 from fujimotos/sf/out-file-worker-0-N
• a777183 Merge pull request #3939 from fujimotos/sf/win32-logrotate
• 6263f74 out_file: Avoid performing multi-worker check in configure()
• 8b615ea Fix "unable to rotate log files on Windows" bug
• a3b1cda Merge pull request #3929 from fluent/remove-meaningless-oj-options
• 3c417bb Remove FLUENT_OJ_OPTION_MAX_NESTING
• 48e5b85 Remove object from the available list of FLUENT_OJ_OPTION_MODE
• 5c41401 Merge pull request #3922 from fluent/fix-test-failure-on-ruby-3.2
• 386ebf2 Fix a test failure on ruby 3.2.0dev (2022-10-20)
• Additional commits viewable in compare view

Updates aws-sdk-s3 from 1.109.0 to 1.208.0

Changelog

Sourced from aws-sdk-s3's changelog.

1.208.0 (2025-12-16)

• Feature - Updates to the S3 Encryption Client. The V3 S3 Encryption Client now requires key committing algorithm suites by default.

1.207.0 (2025-12-15)

• Feature - This release adds support for the new optional field 'LifecycleExpirationDate' in S3 Inventory configurations.

1.206.0 (2025-12-02)

• Feature - New S3 Storage Class FSX_ONTAP

1.205.0 (2025-11-20)

• Feature - Enable / Disable ABAC on a general purpose bucket.

1.204.0 (2025-11-19)

• Feature - Adds support for blocking SSE-C writes to general purpose buckets.

1.203.1 (2025-11-10)

• Issue - Deprecated :checksum_mode parameter in FileDownloader#download. When set to "DISABLED", a deprecation warning is issued and the parameter is ignored. Use :response_checksum_validation on the S3 client instead to control checksum validation behavior.

1.203.0 (2025-11-05)

• Feature - Launch IPv6 dual-stack support for S3 Express

1.202.0 (2025-10-28)

• Feature - Amazon Simple Storage Service / Features: Add conditional writes in CopyObject on destination key to prevent unintended object modifications.

1.201.0 (2025-10-21)

• Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

• Issue - Fix multipart upload to respect request_checksum_calculation when_required mode.

1.200.0 (2025-10-15)

... (truncated)

Commits

• See full diff in compare view

Updates jmespath from 1.4.0 to 1.6.2

Release notes

Sourced from jmespath's releases.

Release v1.6.2 - 2022-11-25

• Issue - Allow comparison of Numeric types (includes Float).

• Issue - Add jmespath.rb to gemspec executables.

Release v1.6.1 - 2022-03-07

• Issue - Use JSON.parse instead of JSON.load.

Release v1.6.0 - 2022-02-14

• Feature - Add support for string comparissons.

Release v1.5.0 - 2022-01-10

• Support implicitly convertible objects/duck-type values responding to to_hash and to_ary.

  [See related GitHub pull request #51](jmespath/jmespath.rb#51).

Changelog

Sourced from jmespath's changelog.

1.6.2 (2022-11-25)

• Issue - Allow comparison of Numeric types (includes Float).

• Issue - Add jmespath.rb to gemspec executables.

1.6.1 (2022-03-07)

• Issue - Use JSON.parse instead of JSON.load.

1.6.0 (2022-02-14)

• Feature - Add support for string comparisons.

1.5.0 (2022-01-10)

• Support implicitly convertible objects/duck-type values responding to to_hash and to_ary.

  [See related GitHub pull request #51](jmespath/jmespath.rb#51).

Commits

• 8336859 Bump changelog and version
• 9c7d316 Merge pull request #57 from mtichner/patch-1
• 90ab191 Merge branch 'main' into patch-1
• a085656 Merge pull request #48 from mvastola/master
• a700772 Update syntax and add changelog entry
• 1b91b71 Merge branch 'main' into master
• c27c82d Add numeric as a comparable type
• 57d77ea Update lib/jmespath/nodes/condition.rb
• fbb7ff4 nit
• a78135f use numerics
• Additional commits viewable in compare view

Updates webrick from 1.7.0 to 1.8.2

Release notes

Sourced from webrick's releases.

v1.8.2

What's Changed...

Description has been truncated