build(deps): bump the bundler group across 14 directories with 14 updates

[dependabot]

Bumps the bundler group with 4 updates in the /pkgs/applications/office/ledger-web directory: activerecord, rack, rack-session and sinatra.
Bumps the bundler group with 3 updates in the /pkgs/applications/version-management/danger-gitlab directory: faraday, httparty and rexml.
Bumps the bundler group with 1 update in the /pkgs/by-name/ba/bashly directory: rexml.
Bumps the bundler group with 2 updates in the /pkgs/by-name/ce/cewl directory: rexml and nokogiri.
Bumps the bundler group with 2 updates in the /pkgs/by-name/cf/cfn-nag directory: rexml and aws-sdk-s3.
Bumps the bundler group with 1 update in the /pkgs/by-name/co/coltrane directory: activesupport.
Bumps the bundler group with 1 update in the /pkgs/by-name/do/doing directory: rexml.
Bumps the bundler group with 1 update in the /pkgs/by-name/ev/evil-winrm directory: rexml.
Bumps the bundler group with 1 update in the /pkgs/by-name/fu/fusuma directory: rexml.
Bumps the bundler group with 5 updates in the /pkgs/by-name/go/gollum directory:

Package	From	To
rack	3.1.8	3.1.20
rack-session	2.1.0	2.1.1
sinatra	4.1.1	4.2.0
rexml	3.4.0	3.4.2
nokogiri	1.18.1	1.19.1

Bumps the bundler group with 3 updates in the /pkgs/by-name/li/licensed directory: rack, faraday and nokogiri.
Bumps the bundler group with 1 update in the /pkgs/by-name/mp/mpdcron directory: nokogiri.
Bumps the bundler group with 1 update in the /pkgs/by-name/ov/overcommit directory: rexml.
Bumps the bundler group with 5 updates in the /pkgs/by-name/pg/pghero directory:

Package	From	To
rack	2.2.10	2.2.22
faraday	1.10.4	1.10.5
nokogiri	1.16.7	1.19.1
net-imap	0.5.0	0.5.7
rails-html-sanitizer	1.6.0	1.6.1

Updates activerecord from 8.0.2 to 8.0.2.1

Release notes

Sourced from activerecord's releases.

8.0.2.1

Active Support

• No changes.

Active Model

• No changes.

Active Record

• Call inspect on ids in RecordNotFound error

  [CVE-2025-55193]

  Gannon McGibbon, John Hawthorn

Action View

• No changes.

Action Pack

• No changes.

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

Remove dangerous transformations
[CVE-2025-24293]

... (truncated)

Commits

• b0c813b Preparing for 8.0.2.1 release
• a6d50ae Update CHANGELOGs
• 568c0bc Call inspect on ids in RecordNotFound error
• See full diff in compare view

Updates rack from 3.1.12 to 3.1.20

Changelog

Sourced from rack's changelog.

Changelog

All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.

Unreleased

Security

• CVE-2025-61780 Improper handling of headers in Rack::Sendfile may allow proxy bypass.
• CVE-2025-61919 Unbounded read in Rack::Request form parsing can lead to memory exhaustion.
• CVE-2026-25500 XSS injection via malicious filename in Rack::Directory.
• CVE-2026-22860 Directory traversal via root prefix bypass in Rack::Directory.

SPEC Changes

• Define rack.response_finished callback arguments more strictly. (#2365, @​skipkayhil)

Added

• Add Rack::Files#assign_headers to allow overriding how the configured file headers are set. (#2377, @​codergeek121)
• Add support for rack.response_finished to Rack::TempfileReaper. (#2363, @​skipkayhil)
• Add support for streaming bodies when using Rack::Events. (#2375, @​unflxw)
• Add deflaters option to Rack::Deflater to enable custom compression algorithms like zstd. (#2168, @​alexanderadam)
• Add Rack::Request#prefetch? for identifying requests with Sec-Purpose: prefetch header set. (#2405, @​glaszig)
• Add rack.request.trusted_proxy environment key to indicate whether the request is coming from a trusted proxy.

Changed

• Raise before exceeding a part limit, not after. (#2362, @​matthew-puku)
• Rack::Deflater now uses a fixed GZip mtime value. (#2372, @​bensheldon)
• Multipart parser drops support for RFC 2231 filename* parameter (prohibited by RFC 7578) and now properly handles UTF-8 encoded filenames via percent-encoding and direct UTF-8 bytes. (#2398, @​wtn)
• The query parser now raises Rack::QueryParser::IncompatibleEncodingError if we try to parse params that are not ASCII compatible. (#2416, @​bquorning)

Fixed

• Multipart parser: limit MIME header size check to the unread buffer region to avoid false multipart mime part header too large errors when previously read data accumulates in the scan buffer. (#2392, @​alpaca-tc, @​willnet, @​krororo)
• Fix Rack::MockResponse#body when the body is a Proc. (#2420, #2423, @​tavianator, [@​ioquatix])

[3.2.4] - 2025-11-03

Fixed

• Multipart parser: limit MIME header size check to the unread buffer region to avoid false multipart mime part header too large errors when previously read data accumulates in the scan buffer. (#2392, @​alpaca-tc, @​willnet, @​krororo)

[3.2.3] - 2025-10-10

Security

• CVE-2025-61780 Improper handling of headers in Rack::Sendfile may allow proxy bypass.
• CVE-2025-61919 Unbounded read in Rack::Request form parsing can lead to memory exhaustion.

... (truncated)

Commits

• 6504434 Bump patch version.
• 48e9030 Prevent directory traversal via root prefix bypass.
• ed0f455 XSS injection via malicious filename in Rack::Directory.
• b29df31 Bump patch version.
• 72719a8 Allow Multipart head to span read boundary. (#2392)
• 96cf078 Bump patch version.
• cbd541e Unbounded read in Rack::Request form parsing can lead to memory exhaustion.
• 7e69f65 Improper handling of proxy headers in Rack::Sendfile may allow proxy bypass.
• db6bc0f Normalize adivsories links.
• ad81f80 Fix handling of Errno::EPIPE in multipart tests.
• Additional commits viewable in compare view

Updates rack-session from 2.1.0 to 2.1.1

Release notes

Sourced from rack-session's releases.

v2.1.1

Full Changelog: rack/rack-session@v2.1.0...v2.1.1

Changelog

Sourced from rack-session's changelog.

v2.1.1

• Prevent Rack::Session::Pool from recreating deleted sessions CVE-2025-46336.

Commits

• 96663ec Bump patch version.
• c58ad79 Don't allow session to be recreated accidentally.
• See full diff in compare view

Updates sinatra from 4.1.1 to 4.2.0

Changelog

Sourced from sinatra's changelog.

4.2.0 / 2025-10-08

• New: Add :static_headers setting for custom headers in static file responses (#2089)
• Fix: Fix regex in etag_matches? to prevent ReDoS (#2121)
• Fix: PATH_INFO can never be empty (#2114)
• Fix: Fix malformed Content-Type headers (#2081)
• Fix: Avoid crash for integer values in content_type parameters (#2078)

Commits

• f2ad45f 4.2.0 release (#2122)
• 3fe8c38 Fix regex in etag_matches? to prevent ReDoS (#2121)
• fa99a21 PATH_INFO can never be empty. (#2114)
• ea0d3fa Skip broken tests. (#2115)
• 5e15985 Sync changelog for v4.0.1
• 91cfb54 Add :static_headers setting for custom headers in static file responses (#2089)
• c918134 Set rubygems_mfa_required for the sinatra gem (#2087)
• ac3ff23 README: Remove duplicate mention of installing puma (#2091)
• cfcc70d CI: don't use Rack::Lint on invalid hostname (#2086)
• c235249 CI: Test with Ruby 3.4 (#2083)
• Additional commits viewable in compare view

Updates uri from 1.0.3 to 1.1.1

Release notes

Sourced from uri's releases.

v1.1.1

What's Changed

• Re-allow consecutive, leading and trailing dots in EMAIL_REGEXP by @​osyoyu in ruby/uri#189

New Contributors

• @​osyoyu made their first contribution in ruby/uri#189

Full Changelog: ruby/uri@v1.1.0...v1.1.1

v1.1.0

What's Changed

• Update to use the latest version of setup-ruby and bump up to Ruby 3.4 by @​hsbt in ruby/uri#158
• Fix the mention to removed URI.escape/URI::Escape by @​y-yagi in ruby/uri#146
• Use a fully qualified name in warning messages by @​y-yagi in ruby/uri#150
• Support Ractor#value by @​hsbt in ruby/uri#163
• Removed unnecessary workaround by @​hsbt in ruby/uri#164
• Escape reserved characters in scheme name by @​nobu in ruby/uri#148
• [DOC] State that uri library is needed to call Kernel#URI by @​nobu in ruby/uri#167
• Prefer dedicated assertion methods by @​nobu in ruby/uri#169
• Fix the message for unexpected argument by @​nobu in ruby/uri#171
• Make URI::regexp schemes case sensitive (#38) by @​nobu in ruby/uri#170
• The local part should not contain leading or trailing dots in the EMAIL_REGEXP by @​nlevchuk in ruby/uri#124
• More checks in EMAIL_REGEXP by @​nobu in ruby/uri#172
• Do not allow empty host names, as they are not allowed by RFC 3986 by @​jeremyevans in ruby/uri#116
• Improve performance of URI::MailTo::EMAIL_REGEXP by @​nobu in ruby/uri#173
• Performance test stability by @​nobu in ruby/uri#174
• Update documents that used URI::Parser by @​nobu in ruby/uri#175
• Add a workflow to sync commits to ruby/ruby by @​k0kubun in ruby/uri#183
• Add irb to the Gemfile to fix the warning by @​y-yagi in ruby/uri#182
• Replace reference to the obsolete URI.escape with URI::RFC2396_PARSER.escape by @​vivshaw in ruby/uri#166
• Switch a parsing behavior completely when switching a parser by @​y-yagi in ruby/uri#161
• improve error message by @​soda92 in ruby/uri#130
• Use generic version number to VERSION by @​hsbt in ruby/uri#187

New Contributors

• @​y-yagi made their first contribution in ruby/uri#146
• @​nlevchuk made their first contribution in ruby/uri#124
• @​vivshaw made their first contribution in ruby/uri#166
• @​soda92 made their first contribution in ruby/uri#130

Full Changelog: ruby/uri@v1.0.4...v1.1.0

v1.0.4

Security fixes

• CVE-2025-61594

... (truncated)

Commits

• f1b05c8 v1.1.1
• 8557e8d Merge pull request #189 from osyoyu/restore-whatwg-email-regexp
• c551d70 Re-allow consecutive, leading and trailing dots in EMAIL_REGEXP
• c41903b v1.1.0
• b433f34 Merge pull request #187 from ruby/switch-version-code
• 1fc4f04 Use generic version number to VERSION and generate VERSION_CODE from that
• e830680 Exclude dependabot updates from release note
• 70d245f Merge pull request #130 from soda92/improve-error-message
• d629c8c Merge pull request #161 from y-yagi/fix_changing_parser
• fec6733 Merge pull request #166 from vivshaw/vivshaw/correct-obsolete-parse
• Additional commits viewable in compare view

Updates faraday from 1.7.0 to 1.10.5

Release notes

Sourced from faraday's releases.

v1.10.5

What's Changed

• Backport CVE-2026-25765 by @​iMacTia in lostisland/faraday#1665

Full Changelog: lostisland/faraday@v1.10.4...v1.10.5

v1.10.4

What's Changed

• Make sure that Faraday::Request::Json and Faraday::Response::Json are correctly autoloaded by @​iMacTia in lostisland/faraday#1595

Full Changelog: lostisland/faraday@v1.10.3...v1.10.4

v1.10.3

What's Changed

• Add support for Ruby 3.2.0 in Faraday v1.x by @​timrogers in lostisland/faraday#1483

New Contributors

• @​timrogers made their first contribution in lostisland/faraday#1483

Full Changelog: lostisland/faraday@v1.10.2...v1.10.3

v1.10.2

What's Changed

• Deprecate three methods for version 2.0 by @​hyuraku in lostisland/faraday#1446

Full Changelog: lostisland/faraday@v1.10.1...v1.10.2

v1.10.1

What's Changed

• add Faraday#Deprecate to 1.x by @​hyuraku in lostisland/faraday#1438

New Contributors

• @​hyuraku made their first contribution in lostisland/faraday#1438

Full Changelog: lostisland/faraday@v1.10.0...v1.10.1

v1.10.0

What's Changed

• Add JSON middleware by @​iMacTia in lostisland/faraday#1400

Full Changelog: lostisland/faraday@v1.9.3...v1.10.0

v1.9.3

What's Changed

• Re-add support for Ruby 2.4+ by @​iMacTia in lostisland/faraday#1371

Full Changelog: lostisland/faraday@v1.9.2...v1.9.3

... (truncated)

Changelog

Sourced from faraday's changelog.

Faraday Changelog

The changelog has moved!

This file is not being updated anymore. Instead, please check the Releases page.

2.2.0 (2022-02-03)

• Reintroduce the possibility to register middleware with symbols, strings or procs in #1391

2.1.0 (2022-01-15)

• Fix test adapter thread safety by @​iMacTia in #1380
• Add default adapter options by @​hirasawayuki in #1382
• CI: Add Ruby 3.1 to matrix by @​petergoldstein in #1374
• docs: fix regex pattern in logger.md examples by @​hirasawayuki in #1378

2.0.1 (2022-01-05)

• Re-add faraday-net_http as default adapter by @​iMacTia in #1366
• Updated sample format in UPGRADING.md by @​vimutter in #1361
• docs: Make UPGRADING examples more copyable by @​olleolleolle in #1363

2.0.0 (2022-01-04)

The next major release is here, and it comes almost 2 years after the release of v1.0!

This release changes the way you use Faraday and embraces a new paradigm of Faraday as an ecosystem, rather than a library.

What does that mean? It means that Faraday is less of a bundled tool and more of a framework for the community to build on top of.

As a result, all adapters and some middleware have moved out and are now shipped as standalone gems 🙌!

But this doesn't mean that upgrading from Faraday 1.x to Faraday 2.0 should be hard, in fact we've listed everything you need to do in the UPGRADING.md doc.

Moreover, we've setup a new awesome-faraday repository that will showcase a curated list of adapters and middleware 😎.

This release was the result of the efforts of the core team and all the contributors, new and old, that have helped achieve this milestone 👏.

What's Changed

• Autoloading, dependency loading and middleware registry cleanup by @​iMacTia in #1301
• Move JSON middleware (request and response) from faraday_middleware by @​iMacTia in #1300
• Remove deprecated Faraday::Request#method by @​olleolleolle in #1303
• Remove deprecated Faraday::UploadIO by @​iMacTia in #1307
• [1.x] Deprecate Authorization helpers in Faraday::Connection by @​iMacTia in #1306
• Drop deprecated auth helpers from Connection and refactor auth middleware by @​iMacTia in #1308
• Add Faraday 1.x examples in authentication.md docs by @​iMacTia in #1320
• Fix passing a URL with embedded basic auth by @​iMacTia in #1324
• Register JSON middleware by @​mollerhoj in #1331

... (truncated)

Commits

• 5c1d68a Version bump to 1.10.5
• ea02c0e Update rubocop complexity thresholds for security fix
• d0fc049 Backport security fix for CVE-2026-25765 to 1.x branch (#1665)
• 41c990e Version bump to 1.10.4
• 435888d Make sure that Faraday::Request::Json and Faraday::Response::Json are cor...
• 8208693 Use ruby/setup-ruby in publish.yml
• eeec367 Fix ruby version in publish.yml
• 92c038b Update publish.yml to use Ruby 2.7
• 7a382b5 Version bump to 1.10.3
• 16506ee Add support for Ruby 3.2.0 in Faraday v1.x (#1483)
• Additional commits viewable in compare view

Updates httparty from 0.18.1 to 0.24.0

Release notes

Sourced from httparty's releases.

v0.24.0

What's Changed

• Force binary encoding throughout by @​jnunemaker in jnunemaker/httparty#823
• set Content-Type for Hash body in requests by @​jnunemaker in jnunemaker/httparty#828
• feat: stream multipart file uploads to reduce memory usage by @​jnunemaker in jnunemaker/httparty#829
• fix: prevent SSRF via absolute URL bypassing base_uri by @​jnunemaker in jnunemaker/httparty#830

Full Changelog: jnunemaker/httparty@v0.23.2...v0.24.0

0.23.2

What's Changed

• Add changelog_uri metadata to gemspec by @​baraidrissa in jnunemaker/httparty#817
• Fix multipart with files in binary mode and fields including non-ASCII characters by @​rdimartino in jnunemaker/httparty#822

New Contributors

• @​baraidrissa made their first contribution in jnunemaker/httparty#817
• @​rdimartino made their first contribution in jnunemaker/httparty#822

Full Changelog: jnunemaker/httparty@v0.23.1...v0.23.2

v0.23.1

• Add foul option to class level jnunemaker/httparty@d268387

Full Changelog: jnunemaker/httparty@v0.23.0...v0.23.1

v0.23.0

What's Changed

• new: foul mode to rescue all common network errors: https://github.com/jnunemaker/httparty/blob/891a4a8093afd4cacecab2719223e3170d07f1c0/examples/party_foul_mode.rb
• docs: replace master branch to main for better view by @​bestony in jnunemaker/httparty#803
• Update README.md by @​tradesmanhelix in jnunemaker/httparty#811

New Contributors

• @​ashishra0 made their first contribution with foul mode
• @​bestony made their first contribution in jnunemaker/httparty#803
• @​tradesmanhelix made their first contribution in jnunemaker/httparty#811

Full Changelog: jnunemaker/httparty@v0.22.0...v0.23.0

v0.22.0

What's Changed

• Fix typo in example name by @​xymbol in jnunemaker/httparty#780
• Extract request building method by @​aliismayilov in jnunemaker/httparty#786
• CI: Tell dependabot to update GH Actions by @​olleolleolle in jnunemaker/httparty#791
• Add CSV gem as a dependency for Ruby 3.4 by @​ngan in jnunemaker/httparty#796
• Clear body when redirecting to a GET by @​rhett-inbox in jnunemaker/httparty#783
• CI against Ruby 3.3 by @​y-yagi in jnunemaker/httparty#798
• Bump actions/checkout from 3 to 4 by @​dependabot in jnunemaker/httparty#792

... (truncated)

Changelog

Sourced from httparty's changelog.

Changelog

All notable changes since 0.22 are documented in GitHub Releases.

0.21.0

• escape filename in the multipart/form-data Content-Disposition header
• Fix request marshaling
• Replace mime-types with mini_mime

0.20.0

Breaking changes

• Require Ruby >= 2.3.0

Fixes

• Marshal.dump fails on response objects when request option :logger is set or :parser is a proc
• Switch :pem option to to OpenSSL::PKey.read to support other algorithms

0.19.1

• Remove use of unary + method for creating non-frozen string to increase compatibility with older versions of ruby

0.19.0

• Multipart/Form-Data: rewind files after read
• add frozen_string_literal pragma to all files
• [Better handling of Accept-Encoding / Content-Encoding decompression (fixes #562)](jnunemaker/httparty#729)

Commits

• 55ec76e Release 0.24.0
• ddfbc8d Merge pull request #830 from jnunemaker/fix-ssrf-base-uri-bypass
• 0529bcd fix: prevent SSRF via absolute URL bypassing base_uri (GHSA-hm5p-x4rq-38w4)
• 05f38fd Merge pull request #829 from jnunemaker/memory
• 8901c23 feat: stream multipart file uploads to reduce memory usage
• 091bd6a Merge pull request #828 from jnunemaker/issue-826
• 59c0ac5 feat: set Content-Type for Hash body in requests
• 5c8b45e Merge pull request #823 from jnunemaker/mixed-encodings
• 6419cb3 Force binary encoding throughout
• c74571f Release 0.23.2
• Additional commits viewable in compare view

Updates rexml from 3.2.5 to 3.4.2

Release notes

Sourced from rexml's releases.

REXML 3.4.2 - 2025-08-26

Improvement

• Improved performance.

  • GH-244
  • GH-245
  • GH-246
  • GH-249
  • GH-256
  • Patch by NAITOH Jun

• Raise appropriate exception when failing to match start tag in DOCTYPE

  • GH-247
  • Patch by NAITOH Jun

• Deprecate accepting array as an element in XPath.match, first and each

  • GH-252
  • Patch by tomoya ishida

• Don't call needless encoding_updated

  • GH-259
  • Patch by Sutou Kouhei

• Reuse XPath::match

  • GH-263
  • Patch by pboling

• Cache redundant calls for doctype

  • GH-264
  • Patch by pboling

• Use Safe Navigation (&.) from Ruby 2.3

  • GH-265
  • Patch by pboling

• Remove redundant return statements

  • GH-266
  • Patch by pboling

• Added XML declaration check & Source#skip_spaces method

  • GH-282
  • Patch by NAITOH Jun
  • Reported by Sofi Aberegg

Fixes

• Fix docs typo
  • GH-248
  • Patch by James Coleman

... (truncated)

Changelog

Sourced from rexml's changelog.

3.4.2 - 2025-08-26 {#version-3-4-2}

Improvement

• Improved performance.

  • GH-244
  • GH-245
  • GH-246
  • GH-249
  • GH-256
  • Patch by NAITOH Jun

• Raise appropriate exception when failing to match start tag in DOCTYPE

  • GH-247
  • Patch by NAITOH Jun

• Deprecate accepting array as an element in XPath.match, first and each

  • GH-252
  • Patch by tomoya ishida

• Don't call needless encoding_updated

  • GH-259
  • Patch by Sutou Kouhei

• Reuse XPath::match

  • GH-263
  • Patch by pboling

• Cache redundant calls for doctype

  • GH-264
  • Patch by pboling

• Use Safe Navigation (&.) from Ruby 2.3

  • GH-265
  • Patch by pboling

• Remove redundant return statements

  • GH-266
  • Patch by pboling

• Added XML declaration check & Source#skip_spaces method

  • GH-282
  • Patch by NAITOH Jun
  • Reported by Sofi Aberegg

Fixes

• Fix docs typo
  • GH-248
  • Patch by James Coleman

... (truncated)

Commits

• f36916f Add 3.4.2 entry (#284)
• 5859bde Added XML declaration check & Source#skip_spaces method (#282)
• 1d876e3 Bump actions/checkout from 4 to 5 (#283)
• c87bda8 Remove ostruct from dev deps (#281)
• c60ae02 Remove bundler from dev deps (#277)
• 9b084d7 Fix & Deprecate REXML::Text#text_indent (#275)
• 04a589a Fix a bug that XPath can't be used for no document element (#268)
• 66232ea Remove redundant return statements (#266)
• 63f3e97 Use Safe Navigation (&.) from Ruby 2.3 (#265)
• d427fc5 Avoid redundant calls for doctype (#264)
• Additional commits viewable in compare view

Updates rexml from 3.4.1 to 3.4.2

Release notes

Sourced from rexml's releases.

REXML 3.4.2 - 2025-08-26

Improvement

• Improved performance.

  • GH-244
  • GH-245
  • GH-246
  • GH-249
  • GH-256
  • Patch by NAITOH Jun

• Raise appropriate exception when failing to match start tag in DOCTYPE

  • GH-247
  • Patch by NAITOH Jun

• Deprecate accepting array as an element in XPath.match, first and each

  • GH-252
  • Patch by tomoya ishida

• Don't call needless encoding_updated

  • GH-259
  • Patch by Sutou Kouhei

• Reuse XPath::match

  • GH-263
  • Patch by pboling

• Cache redundant calls for doctype

  • GH-264
  • Patch by pboling

• Use Safe Navigation (&.) from Ruby 2.3

  • GH-265
  • Patch by pboling

• Remove redundant return statements

  • GH-266
  • Patch by pboling

• Added XML declaration check & Source#skip_spaces method

  • GH-282
  • Patch by NAITOH Jun
  • Reported by Sofi Aberegg

Fixes

• Fix docs typo
  • GH-248
  • Patch by James Coleman

... (truncated)

Changelog

Sourced from rexml's changelog.

3.4.2 - 2025-08-26 {#version-3-4-2}

Improvement

• Improved performance.

  • GH-244
  • GH-245
  • GH-246
  • GH-249
  • GH-256
  • Patch by NAITOH Jun

• Raise appropriate exception when failing to match start tag in DOCTYPE

  • GH-247
  • Patch by NAITOH Jun

• Deprecate accepting array as an element in XPath.match, first and each

  • GH-252
  • Patch by tomoya ishida

• Don't call needless encoding_updated

  • GH-259
  • Patch by Sutou Kouhei

• Reuse XPath::match

  • GH-263
  • Patch by pboling

• Cache redundant calls for doctype

  • GH-264
  • Patch by pboling

• Use Safe Navigation (&.) from Ruby 2.3

  • GH-265
  • Patch by pboling

• Remove redundant return statements

  • GH-266
  • Patch by pboling

• Added XML declaration check & Source#skip_spaces method

  • GH-282
  • Patch by NAITOH Jun
  • Reported by Sofi Aberegg

Fixes

• Fix docs typo
  • GH-248
  • Patch by James Coleman

... (truncated)

Commits

• f36916f Add 3.4.2 entry (#284)
• 5859bde Added XML declaration check & Source#skip_spaces method (#282)
• 1d876e3 Bump actions/checkout from 4 to 5 (#283)
• c87bda8 Remove ostruct from dev deps (#281)
• c60ae02 Remove bundler from dev deps (#277)
• 9b084d7 Fix & Deprecate REXML::Text#text_indent (#275)
• 04a589a Fix a bug that XPath can't be used for no document element (#268)
• 66232ea Remove redundant return statements (#266)
• 63f3e97 Use Safe Navigation (&.) from Ruby 2.3 (#265)
• d427fc5 Avoid redundant calls for doctype (#264)
• Additional commits viewable in compare view

Updates rexml from 3.4.1 to 3.4.2

Release notes

Sourced from rexml's releases.

REXML 3.4.2 - 2025-08-26

Improvement

• Improved performance.

  • GH-244
  • GH-245
  • GH-246
  • GH-249
  • GH-256
  • Patch by NAITOH Jun

• Raise appropriate exception when failing to match start tag in DOCTYPE

  • GH-247
  • Patch by NAITOH Jun

• Deprecate accepting array as an element in XPath.match, first and each

  • GH-252
  • Patch by tomoya ishida

• Don't call needless encoding_updated

  • GH-259
  • Patch by Sutou Kouhei

• Reuse XPath::match

  • GH-263
  • Patch by pboling

• Cache redundant calls for doctype

  • GH-264
  • Patch by pboling

• Use Safe Navigation (&.) from Ruby 2.3

  • GH-265
  • Patch by pboling

• Remove redundant return statements

  • GH-266
  • Patch by pboling

• Added XML declaration check & Source#skip_spaces method

  • GH-282
  • Patch by NAITOH Jun
  • Reported by Sofi Aberegg

Fixes

• Fix docs typo
  • GH-248
  • Patch by James Coleman

... (truncated)

Changelog

Sourced from