From cc1340663fd41c833b08fa0139310ee166bbf1a7 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 6 Jun 2021 19:53:25 -0400 Subject: [PATCH 01/34] spelling: exclude Signed-off-by: Josh Soref --- test/markups/README.org | 2 +- test/markups/README.org.html | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/markups/README.org b/test/markups/README.org index dded60e3..0eca800a 100644 --- a/test/markups/README.org +++ b/test/markups/README.org @@ -58,7 +58,7 @@ end - Skipping text before the first headline (option skip:t) - Skipping tables (option |:nil) - Custom todo keywords - - EXPORT_SELECT_TAGS and EXPORT_EXLUDE_TAGS for controlling parts of + - EXPORT_SELECT_TAGS and EXPORT_EXCLUDE_TAGS for controlling parts of the tree to export - Rewrite "file:(blah).org" links to "http:(blah).html" links. This makes the inter-links to other org-mode files work. diff --git a/test/markups/README.org.html b/test/markups/README.org.html index ddf8b27e..458024af 100644 --- a/test/markups/README.org.html +++ b/test/markups/README.org.html @@ -52,7 +52,7 @@

2.3 2009-12-30: Version 0.5.0

  • Skipping text before the first headline (option skip:t)
  • Skipping tables (option |:nil)
  • Custom todo keywords
    • -
  • EXPORT_SELECT_TAGS and EXPORT_EXLUDE_TAGS for controlling parts of +
  • EXPORT_SELECT_TAGS and EXPORT_EXCLUDE_TAGS for controlling parts of the tree to export
    • From 040f91d9919c51a5ecbe54352a207a3281f07359 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Tue, 12 Apr 2022 07:20:31 +0200 Subject: [PATCH 02/34] Make sure all anchors are created for RST links. --- lib/github/commands/rest2html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/github/commands/rest2html b/lib/github/commands/rest2html index c7c89dce..c6fc663e 100755 --- a/lib/github/commands/rest2html +++ b/lib/github/commands/rest2html @@ -199,8 +199,8 @@ class GitHubHTMLTranslator(HTMLTranslator): # see also: http://bit.ly/NHtyRx # the a is to support ::contents with ::sectnums: http://git.io/N1yC def visit_section(self, node): - id_attribute = node.attributes['ids'][0] - self.body.append('\n' % id_attribute) + for id_attribute in node.attributes['ids']: + self.body.append('\n' % id_attribute) self.section_level += 1 def depart_section(self, node): From a78c9a718bf64daeb6cf2f996c5844fa7fc3457f Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Tue, 12 Apr 2022 07:28:04 +0200 Subject: [PATCH 03/34] Add test. On my system rest2html generates quite some different markup so I'm not sure whether this actually works. --- test/markups/README.rst | 4 ++++ test/markups/README.rst.html | 2 ++ 2 files changed, 6 insertions(+) diff --git a/test/markups/README.rst b/test/markups/README.rst index 53cba9e0..ad7af380 100644 --- a/test/markups/README.rst +++ b/test/markups/README.rst @@ -8,6 +8,8 @@ Example text. .. contents:: Table of Contents +.. _label_for_header_2: + Header 2 -------- @@ -17,6 +19,8 @@ Header 2 3. Somé UTF-8° +4. `Link to the above header `_ + The UTF-8 quote character in this table used to cause python to go boom. Now docutils just silently ignores it. .. csv-table:: Things that are Awesome (on a scale of 1-11) diff --git a/test/markups/README.rst.html b/test/markups/README.rst.html index 6accfdf6..ca6807f8 100644 --- a/test/markups/README.rst.html +++ b/test/markups/README.rst.html @@ -9,11 +9,13 @@

    Subtitle

    +

    Header 2

    1. Blah blah code blah
    2. More code, hooray
    3. Somé UTF-8°
      4. +
    4. Link to the above header

    The UTF-8 quote character in this table used to cause python to go boom. Now docutils just silently ignores it.

    From 65bfe283658857d7d506c923bd808c369a8cd90d Mon Sep 17 00:00:00 2001 From: TAbdiukov Date: Tue, 4 Jul 2023 06:23:18 +0200 Subject: [PATCH 04/34] Textile language link now leads to something completely different - replace the link with the current official one --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b2bcc809..93eb15ba 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ The following markups are supported. The dependencies listed are required if you wish to run the library. You can also run `script/bootstrap` to fetch them all. * [.markdown, .mdown, .mkdn, .md](http://daringfireball.net/projects/markdown/) -- `gem install commonmarker` (https://github.com/gjtorikian/commonmarker) -* [.textile](https://www.promptworks.com/textile) -- `gem install RedCloth` (https://github.com/jgarber/redcloth) +* [.textile](https://textile-lang.com/) -- `gem install RedCloth` (https://github.com/jgarber/redcloth) * [.rdoc](https://ruby.github.io/rdoc/) -- `gem install rdoc -v 3.6.1` * [.org](http://orgmode.org/) -- `gem install org-ruby` (https://github.com/wallyqs/org-ruby) * [.creole](http://wikicreole.org/) -- `gem install creole` (https://github.com/larsch/creole) From e6973dfdacfb5d124fc45fdef2a6467d91ac3aa8 Mon Sep 17 00:00:00 2001 From: jmeridth Date: Mon, 17 Jun 2024 10:44:53 -0500 Subject: [PATCH 05/34] chore: add dependabot and update github actions Closes #1756 - [x] update github actions to latest versions - [x] use SHAs instead of tags for github actions, more secure supply chain - [x] add dependabot file grouping minor/patch dependency updates to reduce PRs - [x] remove Gemfile.lock from .gitignore and add it back to source control - this will allow dependabot to detect dependency updates Signed-off-by: jmeridth Co-authored-by: Zack Koppert --- .github/dependabot.yaml | 39 +++++++++++ .github/workflows/ci.yml | 8 +-- .gitignore | 1 - Gemfile.lock | 135 +++++++++++++++++++++++++++++++++++++++ 4 files changed, 178 insertions(+), 5 deletions(-) create mode 100644 .github/dependabot.yaml create mode 100644 Gemfile.lock diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml new file mode 100644 index 00000000..802b7513 --- /dev/null +++ b/.github/dependabot.yaml @@ -0,0 +1,39 @@ +--- +version: 2 +updates: + - package-ecosystem: 'bundler' + directory: '/' + schedule: + interval: 'weekly' + commit-message: + prefix: 'chore(deps)' + groups: + dependencies: + applies-to: version-updates + update-types: + - 'minor' + - 'patch' + - package-ecosystem: 'github-actions' + directory: '/' + schedule: + interval: 'weekly' + commit-message: + prefix: 'chore(deps)' + groups: + dependencies: + applies-to: version-updates + update-types: + - 'minor' + - 'patch' + - package-ecosystem: 'docker' + directory: '/' + schedule: + interval: 'weekly' + commit-message: + prefix: 'chore(deps)' + groups: + dependencies: + applies-to: version-updates + update-types: + - 'minor' + - 'patch' diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a25fdefc..e0feed3c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,21 +19,21 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: fetch-depth: 10 - - uses: ruby/setup-ruby@v1 + - uses: ruby/setup-ruby@ff740bc00a01b3a50fffc55a1071b1060eeae9dc # v1 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true - - uses: actions/setup-python@v2 + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5 with: # This should match lib/github/markups.rb GitHub::Markups::MARKUP_RST python-version: '3.x' - - uses: actions/cache@v2 + - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 with: path: ~/.cache/pip key: ${{ runner.os }}-pip diff --git a/.gitignore b/.gitignore index 5e84e6f2..eac4d715 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,6 @@ *.pyc pkg/ .bundle -Gemfile.lock .project .buildpath *~ diff --git a/Gemfile.lock b/Gemfile.lock new file mode 100644 index 00000000..225b59a6 --- /dev/null +++ b/Gemfile.lock @@ -0,0 +1,135 @@ +GIT + remote: https://github.com/gjtorikian/commonmarker.git + revision: 2838ebaa83ee0081d481c21f3bc0e4cb3e8de9da + tag: v0.18.3 + specs: + commonmarker (0.18.3) + ruby-enum (~> 0.5) + +PATH + remote: . + specs: + github-markup (5.0.1) + +GEM + remote: http://rubygems.org/ + specs: + RedCloth (4.3.4) + activesupport (7.1.3.4) + base64 + bigdecimal + concurrent-ruby (~> 1.0, >= 1.0.2) + connection_pool (>= 2.2.5) + drb + i18n (>= 1.6, < 2) + minitest (>= 5.1) + mutex_m + tzinfo (~> 2.0) + asciidoctor (2.0.23) + base64 (0.2.0) + bigdecimal (3.1.8) + builder (3.3.0) + cgi (0.4.1) + charlock_holmes (0.7.7) + concurrent-ruby (1.3.3) + connection_pool (2.4.1) + crass (1.0.6) + creole (0.3.8) + drb (2.2.1) + expression_parser (0.9.0) + github-linguist (7.30.0) + cgi + charlock_holmes (~> 0.7.7) + mini_mime (~> 1.0) + rugged (~> 1.0) + html-pipeline (1.11.0) + activesupport (>= 2) + nokogiri (~> 1.4) + htmlentities (4.3.4) + i18n (1.14.5) + concurrent-ruby (~> 1.0) + mini_mime (1.1.5) + minitest (5.23.1) + mutex_m (0.2.0) + nokogiri (1.16.6-aarch64-linux) + racc (~> 1.4) + nokogiri (1.16.6-arm-linux) + racc (~> 1.4) + nokogiri (1.16.6-arm64-darwin) + racc (~> 1.4) + nokogiri (1.16.6-x86-linux) + racc (~> 1.4) + nokogiri (1.16.6-x86_64-darwin) + racc (~> 1.4) + nokogiri (1.16.6-x86_64-linux) + racc (~> 1.4) + nokogiri-diff (0.3.0) + nokogiri (~> 1.5) + tdiff (~> 0.4) + org-ruby (0.9.9) + rubypants (~> 0.2) + psych (5.1.2) + stringio + racc (1.8.0) + rake (13.2.1) + rdoc (6.7.0) + psych (>= 4.0.0) + redcarpet (3.6.0) + rexml (3.3.0) + strscan + ruby-enum (0.9.0) + i18n + rubypants (0.7.1) + rugged (1.7.2) + sanitize (6.1.1) + crass (~> 1.0.2) + nokogiri (>= 1.12.0) + stringio (3.1.1) + strscan (3.1.0) + tdiff (0.4.0) + twitter-text (1.14.7) + unf (~> 0.1.0) + tzinfo (2.0.6) + concurrent-ruby (~> 1.0) + unf (0.1.4) + unf_ext + unf_ext (0.0.9.1) + wikicloth (0.8.3) + builder + expression_parser + htmlentities + nokogiri + twitter-text + +PLATFORMS + aarch64-linux + arm-linux + arm64-darwin + x86-linux + x86_64-darwin + x86_64-linux + +DEPENDENCIES + RedCloth + activesupport (~> 7.1.3.4) + asciidoctor (~> 2.0.5) + commonmarker! + creole (~> 0.3.6) + github-linguist (>= 7.1.3) + github-markup! + html-pipeline (~> 1.0) + kramdown + minitest (~> 5.4, >= 5.4.3) + nokogiri (~> 1.16.5) + nokogiri-diff (~> 0.3.0) + org-ruby (= 0.9.9) + rake + rdoc (~> 6.7.0) + redcarpet + rexml + sanitize (>= 4.6.3) + twitter-text (~> 1.14) + wikicloth (= 0.8.3) + +BUNDLED WITH + 2.5.9 From 06e35c7cd36c297d220a07118b6b89cc925d0843 Mon Sep 17 00:00:00 2001 From: Justin Kenyon Date: Wed, 19 Jun 2024 15:36:52 -0400 Subject: [PATCH 06/34] Create stale.yml --- .github/workflows/stale.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .github/workflows/stale.yml diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 00000000..6bf0d0b6 --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,27 @@ +# This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time. +# +# You can adjust the behavior by modifying this file. +# For more information, see: +# https://github.com/actions/stale +name: Mark stale issues and pull requests + +on: + schedule: + - cron: '0 12 * * *' + +jobs: + stale: + + runs-on: ubuntu-latest + permissions: + issues: write + pull-requests: write + + steps: + - uses: actions/stale@v5 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + stale-issue-message: 'Stale issue message' + stale-pr-message: 'Stale pull request message' + stale-issue-label: 'no-issue-activity' + stale-pr-label: 'no-pr-activity' From 2a0c8ddb79d66be5d03e8618896b2f1db89e82a9 Mon Sep 17 00:00:00 2001 From: jmeridth Date: Wed, 19 Jun 2024 15:33:14 -0500 Subject: [PATCH 07/34] chore: use sha instead of tag on stale workflow didn't catch this in #1821 Using SHA instead of tag ensures secure supply chain. Tags are mutable, SHAs are not Signed-off-by: jmeridth --- .github/workflows/stale.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 6bf0d0b6..6f52b5d0 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -18,7 +18,7 @@ jobs: pull-requests: write steps: - - uses: actions/stale@v5 + - uses: actions/stale@f7176fd3007623b69d27091f9b9d4ab7995f0a06 # v5 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: 'Stale issue message' From 7e6c70341e46d0212a811a259f4706d88e9629fa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 17 Jul 2024 00:03:10 +0000 Subject: [PATCH 08/34] chore(deps): bump rexml from 3.3.0 to 3.3.2 in the bundler group Bumps the bundler group with 1 update: [rexml](https://github.com/ruby/rexml). Updates `rexml` from 3.3.0 to 3.3.2 - [Release notes](https://github.com/ruby/rexml/releases) - [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md) - [Commits](https://github.com/ruby/rexml/compare/v3.3.0...v3.3.2) --- updated-dependencies: - dependency-name: rexml dependency-type: direct:production dependency-group: bundler ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 225b59a6..30c4454c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -75,7 +75,7 @@ GEM rdoc (6.7.0) psych (>= 4.0.0) redcarpet (3.6.0) - rexml (3.3.0) + rexml (3.3.2) strscan ruby-enum (0.9.0) i18n From 2b0455a36cda769a2da7df1e29cb77143d1bd3f7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 2 Aug 2024 16:46:51 +0000 Subject: [PATCH 09/34] chore(deps): bump rexml from 3.3.2 to 3.3.3 in the bundler group Bumps the bundler group with 1 update: [rexml](https://github.com/ruby/rexml). Updates `rexml` from 3.3.2 to 3.3.3 - [Release notes](https://github.com/ruby/rexml/releases) - [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md) - [Commits](https://github.com/ruby/rexml/compare/v3.3.2...v3.3.3) --- updated-dependencies: - dependency-name: rexml dependency-type: direct:production dependency-group: bundler ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 30c4454c..9a4cdb41 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -75,7 +75,7 @@ GEM rdoc (6.7.0) psych (>= 4.0.0) redcarpet (3.6.0) - rexml (3.3.2) + rexml (3.3.3) strscan ruby-enum (0.9.0) i18n From 83b09f8186a3f364c537726c3cfaa3a62924f8bc Mon Sep 17 00:00:00 2001 From: jmeridth Date: Tue, 6 Aug 2024 15:05:30 -0500 Subject: [PATCH 10/34] fix: ensure rubygems url is using https Fixes https://github.com/github/markup/security/code-scanning/1 `Dependency source URL uses the unencrypted protocol HTTP. Use HTTPS instead.` Signed-off-by: jmeridth --- Gemfile | 2 +- Gemfile.lock | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile b/Gemfile index fb3c1308..9b317555 100644 --- a/Gemfile +++ b/Gemfile @@ -1,4 +1,4 @@ -source "http://rubygems.org" +source "https://rubygems.org" gemspec gem "redcarpet", :platforms => :ruby diff --git a/Gemfile.lock b/Gemfile.lock index 30c4454c..b6d184d4 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -12,7 +12,7 @@ PATH github-markup (5.0.1) GEM - remote: http://rubygems.org/ + remote: https://rubygems.org/ specs: RedCloth (4.3.4) activesupport (7.1.3.4) From 1e2c03935912e5cf4bfb81726f5a9bfe18a86c43 Mon Sep 17 00:00:00 2001 From: jmeridth Date: Tue, 6 Aug 2024 15:24:51 -0500 Subject: [PATCH 11/34] fix: add explicit permissions to ci github action Fixing a code scanning alert Signed-off-by: jmeridth --- .github/workflows/ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e0feed3c..9e8e31dc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -4,6 +4,9 @@ on: [push, pull_request] env: JRUBY_OPTS: -Xcext.enabled=true +permissions: + contents: read + jobs: build: name: "Test / Ruby ${{ matrix.ruby }}" From 6d287a98bb5a400b780bc9db191899ba442dd6ec Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 22 Aug 2024 20:51:15 +0000 Subject: [PATCH 12/34] chore(deps): bump rexml from 3.3.3 to 3.3.6 in the bundler group Bumps the bundler group with 1 update: [rexml](https://github.com/ruby/rexml). Updates `rexml` from 3.3.3 to 3.3.6 - [Release notes](https://github.com/ruby/rexml/releases) - [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md) - [Commits](https://github.com/ruby/rexml/compare/v3.3.3...v3.3.6) --- updated-dependencies: - dependency-name: rexml dependency-type: direct:production dependency-group: bundler ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 6dc75c96..d2c84309 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -75,7 +75,7 @@ GEM rdoc (6.7.0) psych (>= 4.0.0) redcarpet (3.6.0) - rexml (3.3.3) + rexml (3.3.6) strscan ruby-enum (0.9.0) i18n From 2880c2c6d108531a8eed179b369762e0aeaec9ce Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Sep 2024 11:01:09 +0000 Subject: [PATCH 13/34] chore(deps): bump the dependencies group across 1 directory with 2 updates Bumps the dependencies group with 2 updates in the / directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [actions/setup-python](https://github.com/actions/setup-python). Updates `ruby/setup-ruby` from 1.180.0 to 1.190.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](https://github.com/ruby/setup-ruby/compare/ff740bc00a01b3a50fffc55a1071b1060eeae9dc...a6e6f86333f0a2523ece813039b8b4be04560854) Updates `actions/setup-python` from 5.1.0 to 5.2.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/82c7e631bb3cdc910f68e0081d67478d79c6982d...f677139bbe7f9c59b41e40162b753c062f5d49a3) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9e8e31dc..3640b8b4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,12 +26,12 @@ jobs: with: fetch-depth: 10 - - uses: ruby/setup-ruby@ff740bc00a01b3a50fffc55a1071b1060eeae9dc # v1 + - uses: ruby/setup-ruby@a6e6f86333f0a2523ece813039b8b4be04560854 # v1 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true - - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5 + - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5 with: # This should match lib/github/markups.rb GitHub::Markups::MARKUP_RST python-version: '3.x' From b4f9c54a4b4c117cb315cd0f4df09ffd5a1484b7 Mon Sep 17 00:00:00 2001 From: jmeridth Date: Wed, 4 Sep 2024 15:06:15 -0500 Subject: [PATCH 14/34] chore: add .venv/venv to .gitignore best practices with local python development is to create a virtual environment. The most common are either .venv or venv folders in the root of the repo. We currently install [docutils](https://github.com/github/markup/blob/914839fd31c93b93a8054a3c91fce0906b2d1375/script/bootstrap#L8) via pip (python). - [x] add .venv/venv folders to .gitignore - [x] update README with how to setup locally environment Signed-off-by: jmeridth --- .gitignore | 2 ++ README.md | 9 +++++++++ 2 files changed, 11 insertions(+) diff --git a/.gitignore b/.gitignore index eac4d715..b0f0821c 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,5 @@ pkg/ *~ vendor/ .DS_Store +.venv +venv diff --git a/README.md b/README.md index b2bcc809..3aeb7110 100644 --- a/README.md +++ b/README.md @@ -72,6 +72,15 @@ require 'github/markup' GitHub::Markup.render_s(GitHub::Markups::MARKUP_MARKDOWN, "* One\n* Two") ``` +Local Development +----------------- + +```sh +python3 -m venv .venv +source .venv/bin/activate +cd script +./bootstrap +``` Contributing ------------ From bc6e6e36a6cdf5e4cd73f4d3bcfafd05c3e4cb67 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 10:25:23 +0000 Subject: [PATCH 15/34] chore(deps): bump ruby/setup-ruby in the dependencies group Bumps the dependencies group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby). Updates `ruby/setup-ruby` from 1.190.0 to 1.191.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](https://github.com/ruby/setup-ruby/compare/a6e6f86333f0a2523ece813039b8b4be04560854...52753b7da854d5c07df37391a986c76ab4615999) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3640b8b4..dd8812d5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,7 +26,7 @@ jobs: with: fetch-depth: 10 - - uses: ruby/setup-ruby@a6e6f86333f0a2523ece813039b8b4be04560854 # v1 + - uses: ruby/setup-ruby@52753b7da854d5c07df37391a986c76ab4615999 # v1 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true From 459fb1b32f42e005140979f007ad84ca75e0b7d2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 10:32:15 +0000 Subject: [PATCH 16/34] chore(deps): bump ruby/setup-ruby in the dependencies group Bumps the dependencies group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby). Updates `ruby/setup-ruby` from 1.191.0 to 1.193.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](https://github.com/ruby/setup-ruby/compare/52753b7da854d5c07df37391a986c76ab4615999...f321cf5a4d1533575411f8752cf25b86478b0442) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index dd8812d5..3ed2585a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,7 +26,7 @@ jobs: with: fetch-depth: 10 - - uses: ruby/setup-ruby@52753b7da854d5c07df37391a986c76ab4615999 # v1 + - uses: ruby/setup-ruby@f321cf5a4d1533575411f8752cf25b86478b0442 # v1 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true From af6b5419e67273b90a3db2cdfaeab46f40c2d80c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 10:32:39 +0000 Subject: [PATCH 17/34] chore(deps): bump the dependencies group with 2 updates Bumps the dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [ruby/setup-ruby](https://github.com/ruby/setup-ruby). Updates `actions/checkout` from 4.1.7 to 4.2.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/692973e3d937129bcbf40652eb9f2f61becf3332...d632683dd7b4114ad314bca15554477dd762a938) Updates `ruby/setup-ruby` from 1.193.0 to 1.194.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](https://github.com/ruby/setup-ruby/compare/f321cf5a4d1533575411f8752cf25b86478b0442...c04af2bb7258bb6a03df1d3c1865998ac9390972) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: ruby/setup-ruby dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3ed2585a..effc3f2a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,11 +22,11 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4 with: fetch-depth: 10 - - uses: ruby/setup-ruby@f321cf5a4d1533575411f8752cf25b86478b0442 # v1 + - uses: ruby/setup-ruby@c04af2bb7258bb6a03df1d3c1865998ac9390972 # v1 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true From 0a930b28d65d8d3bffec77ee3dbaafcb11032d32 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Oct 2024 18:49:07 +0000 Subject: [PATCH 18/34] chore(deps): bump rexml from 3.3.6 to 3.3.9 in the bundler group Bumps the bundler group with 1 update: [rexml](https://github.com/ruby/rexml). Updates `rexml` from 3.3.6 to 3.3.9 - [Release notes](https://github.com/ruby/rexml/releases) - [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md) - [Commits](https://github.com/ruby/rexml/compare/v3.3.6...v3.3.9) --- updated-dependencies: - dependency-name: rexml dependency-type: direct:production dependency-group: bundler ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index d2c84309..761f6cc0 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -75,8 +75,7 @@ GEM rdoc (6.7.0) psych (>= 4.0.0) redcarpet (3.6.0) - rexml (3.3.6) - strscan + rexml (3.3.9) ruby-enum (0.9.0) i18n rubypants (0.7.1) @@ -85,7 +84,6 @@ GEM crass (~> 1.0.2) nokogiri (>= 1.12.0) stringio (3.1.1) - strscan (3.1.0) tdiff (0.4.0) twitter-text (1.14.7) unf (~> 0.1.0) From 57e250f0fb775a154a0184702f310f954b3d5762 Mon Sep 17 00:00:00 2001 From: jmeridth Date: Sun, 3 Nov 2024 22:34:28 -0600 Subject: [PATCH 19/34] fix: stale issue/pr message Signed-off-by: jmeridth --- .github/workflows/stale.yml | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 6f52b5d0..fc5a93dc 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -1,27 +1,25 @@ -# This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time. -# -# You can adjust the behavior by modifying this file. -# For more information, see: -# https://github.com/actions/stale name: Mark stale issues and pull requests on: schedule: - - cron: '0 12 * * *' + - cron: "0 12 * * *" jobs: stale: - runs-on: ubuntu-latest permissions: issues: write pull-requests: write steps: - - uses: actions/stale@f7176fd3007623b69d27091f9b9d4ab7995f0a06 # v5 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - stale-issue-message: 'Stale issue message' - stale-pr-message: 'Stale pull request message' - stale-issue-label: 'no-issue-activity' - stale-pr-label: 'no-pr-activity' + - uses: actions/stale@f7176fd3007623b69d27091f9b9d4ab7995f0a06 # v5 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + stale-issue-message: > + This issue has been automatically marked as stale because it has not + had recent activity. It will be closed if no further activity occurs. + Thank you for your contributions. + stale-pr-message: > + This pull request has been automatically marked as stale because it has not + had recent activity. It will be closed if no further activity occurs. + Thank you for your contributions. From 371da086ed849e8a3b255eed932b040ef7ca2042 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 10:49:14 +0000 Subject: [PATCH 20/34] chore(deps): bump the dependencies group across 1 directory with 4 updates Bumps the dependencies group with 4 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [ruby/setup-ruby](https://github.com/ruby/setup-ruby), [actions/setup-python](https://github.com/actions/setup-python) and [actions/cache](https://github.com/actions/cache). Updates `actions/checkout` from 4.2.0 to 4.2.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/d632683dd7b4114ad314bca15554477dd762a938...11bd71901bbe5b1630ceea73d27597364c9af683) Updates `ruby/setup-ruby` from 1.194.0 to 1.199.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](https://github.com/ruby/setup-ruby/compare/c04af2bb7258bb6a03df1d3c1865998ac9390972...7d3497fd78c07c0d84ebafa58d8dac60cd1f0763) Updates `actions/setup-python` from 5.2.0 to 5.3.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/f677139bbe7f9c59b41e40162b753c062f5d49a3...0b93645e9fea7318ecaed2b359559ac225c90a2b) Updates `actions/cache` from 4.0.2 to 4.1.2 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/0c45773b623bea8c8e75f6c82b208c3cf94ea4f9...6849a6489940f00c2f30c0fb92c6274307ccb58a) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: ruby/setup-ruby dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index effc3f2a..0a661e9b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,21 +22,21 @@ jobs: steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 10 - - uses: ruby/setup-ruby@c04af2bb7258bb6a03df1d3c1865998ac9390972 # v1 + - uses: ruby/setup-ruby@7d3497fd78c07c0d84ebafa58d8dac60cd1f0763 # v1 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5 with: # This should match lib/github/markups.rb GitHub::Markups::MARKUP_RST python-version: '3.x' - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4 with: path: ~/.cache/pip key: ${{ runner.os }}-pip From 5767386b134d0b70634a2187001beadafaf39a3c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 10:49:47 +0000 Subject: [PATCH 21/34] chore(deps): bump the dependencies group across 1 directory with 6 updates Updates the requirements on [org-ruby](https://github.com/wallyqs/org-ruby), [creole](https://github.com/minad/creole), [activesupport](https://github.com/rails/rails), [minitest](https://github.com/minitest/minitest), [sanitize](https://github.com/rgrove/sanitize) and [nokogiri](https://github.com/sparklemotion/nokogiri) to permit the latest version. Updates `org-ruby` from 0.9.9 to 0.9.12 - [Changelog](https://github.com/wallyqs/org-ruby/blob/master/History.org) - [Commits](https://github.com/wallyqs/org-ruby/compare/version-0.9.9...version-0.9.12) Updates `creole` from 0.3.8 to 0.5.0 - [Changelog](https://github.com/minad/creole/blob/master/CHANGES) - [Commits](https://github.com/minad/creole/compare/0.3.8...v0.5.0) Updates `activesupport` from 7.1.3.4 to 7.1.5 - [Release notes](https://github.com/rails/rails/releases) - [Changelog](https://github.com/rails/rails/blob/v7.2.2/activesupport/CHANGELOG.md) - [Commits](https://github.com/rails/rails/compare/v7.1.3.4...v7.1.5) Updates `minitest` from 5.23.1 to 5.25.1 - [Changelog](https://github.com/minitest/minitest/blob/master/History.rdoc) - [Commits](https://github.com/minitest/minitest/compare/v5.23.1...v5.25.1) Updates `sanitize` from 6.1.1 to 6.1.3 - [Release notes](https://github.com/rgrove/sanitize/releases) - [Changelog](https://github.com/rgrove/sanitize/blob/main/HISTORY.md) - [Commits](https://github.com/rgrove/sanitize/compare/v6.1.1...v6.1.3) Updates `nokogiri` from 1.16.6 to 1.16.7 - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.16.6...v1.16.7) --- updated-dependencies: - dependency-name: org-ruby dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: creole dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: activesupport dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: minitest dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: sanitize dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: nokogiri dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- Gemfile | 4 ++-- Gemfile.lock | 40 +++++++++++++++++++++++----------------- github-markup.gemspec | 2 +- 3 files changed, 26 insertions(+), 20 deletions(-) diff --git a/Gemfile b/Gemfile index 9b317555..b2983b9b 100644 --- a/Gemfile +++ b/Gemfile @@ -8,8 +8,8 @@ gem "RedCloth" # however we want to bump up to this version since this has a security patch gem "commonmarker", git: "https://github.com/gjtorikian/commonmarker.git", tag: "v0.18.3" gem "rdoc", "~> 6.7.0" -gem "org-ruby", "= 0.9.9" -gem "creole", "~>0.3.6" +gem "org-ruby", "0.9.12" +gem "creole", "~>0.5.0" gem "wikicloth", "=0.8.3" gem "twitter-text", "~> 1.14" gem "asciidoctor", "~> 2.0.5" diff --git a/Gemfile.lock b/Gemfile.lock index 761f6cc0..5912d3b1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -15,26 +15,30 @@ GEM remote: https://rubygems.org/ specs: RedCloth (4.3.4) - activesupport (7.1.3.4) + activesupport (7.1.5) base64 + benchmark (>= 0.3) bigdecimal concurrent-ruby (~> 1.0, >= 1.0.2) connection_pool (>= 2.2.5) drb i18n (>= 1.6, < 2) + logger (>= 1.4.2) minitest (>= 5.1) mutex_m + securerandom (>= 0.3) tzinfo (~> 2.0) asciidoctor (2.0.23) base64 (0.2.0) + benchmark (0.3.0) bigdecimal (3.1.8) builder (3.3.0) cgi (0.4.1) charlock_holmes (0.7.7) - concurrent-ruby (1.3.3) + concurrent-ruby (1.3.4) connection_pool (2.4.1) crass (1.0.6) - creole (0.3.8) + creole (0.5.0) drb (2.2.1) expression_parser (0.9.0) github-linguist (7.30.0) @@ -46,31 +50,32 @@ GEM activesupport (>= 2) nokogiri (~> 1.4) htmlentities (4.3.4) - i18n (1.14.5) + i18n (1.14.6) concurrent-ruby (~> 1.0) + logger (1.6.1) mini_mime (1.1.5) - minitest (5.23.1) + minitest (5.25.1) mutex_m (0.2.0) - nokogiri (1.16.6-aarch64-linux) + nokogiri (1.16.7-aarch64-linux) racc (~> 1.4) - nokogiri (1.16.6-arm-linux) + nokogiri (1.16.7-arm-linux) racc (~> 1.4) - nokogiri (1.16.6-arm64-darwin) + nokogiri (1.16.7-arm64-darwin) racc (~> 1.4) - nokogiri (1.16.6-x86-linux) + nokogiri (1.16.7-x86-linux) racc (~> 1.4) - nokogiri (1.16.6-x86_64-darwin) + nokogiri (1.16.7-x86_64-darwin) racc (~> 1.4) - nokogiri (1.16.6-x86_64-linux) + nokogiri (1.16.7-x86_64-linux) racc (~> 1.4) nokogiri-diff (0.3.0) nokogiri (~> 1.5) tdiff (~> 0.4) - org-ruby (0.9.9) + org-ruby (0.9.12) rubypants (~> 0.2) psych (5.1.2) stringio - racc (1.8.0) + racc (1.8.1) rake (13.2.1) rdoc (6.7.0) psych (>= 4.0.0) @@ -80,9 +85,10 @@ GEM i18n rubypants (0.7.1) rugged (1.7.2) - sanitize (6.1.1) + sanitize (6.1.3) crass (~> 1.0.2) nokogiri (>= 1.12.0) + securerandom (0.3.1) stringio (3.1.1) tdiff (0.4.0) twitter-text (1.14.7) @@ -109,10 +115,10 @@ PLATFORMS DEPENDENCIES RedCloth - activesupport (~> 7.1.3.4) + activesupport (~> 7.1.5) asciidoctor (~> 2.0.5) commonmarker! - creole (~> 0.3.6) + creole (~> 0.5.0) github-linguist (>= 7.1.3) github-markup! html-pipeline (~> 1.0) @@ -120,7 +126,7 @@ DEPENDENCIES minitest (~> 5.4, >= 5.4.3) nokogiri (~> 1.16.5) nokogiri-diff (~> 0.3.0) - org-ruby (= 0.9.9) + org-ruby (= 0.9.12) rake rdoc (~> 6.7.0) redcarpet diff --git a/github-markup.gemspec b/github-markup.gemspec index 260df18c..ccf5908a 100644 --- a/github-markup.gemspec +++ b/github-markup.gemspec @@ -21,7 +21,7 @@ Gem::Specification.new do |s| s.require_paths = %w[lib] s.add_development_dependency 'rake', '~> 12' - s.add_development_dependency 'activesupport', '~> 7.1.3.4' + s.add_development_dependency 'activesupport', '~> 7.1.5' s.add_development_dependency 'minitest', '~> 5.4', '>= 5.4.3' s.add_development_dependency 'html-pipeline', '~> 1.0' s.add_development_dependency 'sanitize', '>= 4.6.3' From cec16df50930cfd7870f6addab2e0acdaedb41f1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Nov 2024 10:28:29 +0000 Subject: [PATCH 22/34] chore(deps): bump ruby/setup-ruby in the dependencies group Bumps the dependencies group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby). Updates `ruby/setup-ruby` from 1.199.0 to 1.202.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](https://github.com/ruby/setup-ruby/compare/7d3497fd78c07c0d84ebafa58d8dac60cd1f0763...a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0a661e9b..b2c0469c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,7 +26,7 @@ jobs: with: fetch-depth: 10 - - uses: ruby/setup-ruby@7d3497fd78c07c0d84ebafa58d8dac60cd1f0763 # v1 + - uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc # v1 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true From eed8f53691db84d1788fd142c9235bb6b8379b76 Mon Sep 17 00:00:00 2001 From: jmeridth Date: Mon, 18 Nov 2024 09:10:32 -0600 Subject: [PATCH 23/34] chore: add keep label to mark issues/prs from being marked as stale - [x] added keep label to repo - [x] add `exempt-issue-labels` and `exempt-pre-labels` to stale config Signed-off-by: jmeridth --- .github/workflows/stale.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index fc5a93dc..ef40f1b0 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -23,3 +23,5 @@ jobs: This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. + exempt-issue-labels: keep + exempt-pr-labels: keep From 9362a5204fd1551e692b5d9c7a44b70b9e5d4374 Mon Sep 17 00:00:00 2001 From: jmeridth Date: Mon, 18 Nov 2024 09:31:19 -0600 Subject: [PATCH 24/34] fix: switch from shas to tags for immutable actions closes 4 security warnings Signed-off-by: jmeridth --- .github/workflows/ci.yml | 8 ++++---- .github/workflows/stale.yml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b2c0469c..0eb7e108 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@v4.2.2 with: fetch-depth: 10 @@ -31,12 +31,12 @@ jobs: ruby-version: ${{ matrix.ruby }} bundler-cache: true - - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5 + - uses: actions/setup-python@v5.3.0 with: # This should match lib/github/markups.rb GitHub::Markups::MARKUP_RST - python-version: '3.x' + python-version: "3.x" - - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4 + - uses: actions/cache@v4.1.2 with: path: ~/.cache/pip key: ${{ runner.os }}-pip diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index ef40f1b0..2ef91e16 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -12,7 +12,7 @@ jobs: pull-requests: write steps: - - uses: actions/stale@f7176fd3007623b69d27091f9b9d4ab7995f0a06 # v5 + - uses: actions/stale@v9.0.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: > From 70055d6c111806adef3090f1d8210c7888bcfa65 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Mar 2025 10:54:07 +0000 Subject: [PATCH 25/34] chore(deps): bump the dependencies group across 1 directory with 4 updates Bumps the dependencies group with 4 updates in the / directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby), [actions/setup-python](https://github.com/actions/setup-python), [actions/cache](https://github.com/actions/cache) and [actions/stale](https://github.com/actions/stale). Updates `ruby/setup-ruby` from 1.202.0 to 1.222.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](https://github.com/ruby/setup-ruby/compare/a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc...277ba2a127aba66d45bad0fa2dc56f80dbfedffa) Updates `actions/setup-python` from 5.3.0 to 5.4.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v5.3.0...v5.4.0) Updates `actions/cache` from 4.1.2 to 4.2.2 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v4.1.2...v4.2.2) Updates `actions/stale` from 9.0.0 to 9.1.0 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/v9.0.0...v9.1.0) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 6 +++--- .github/workflows/stale.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0eb7e108..65a1cf08 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,17 +26,17 @@ jobs: with: fetch-depth: 10 - - uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc # v1 + - uses: ruby/setup-ruby@277ba2a127aba66d45bad0fa2dc56f80dbfedffa # v1 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true - - uses: actions/setup-python@v5.3.0 + - uses: actions/setup-python@v5.4.0 with: # This should match lib/github/markups.rb GitHub::Markups::MARKUP_RST python-version: "3.x" - - uses: actions/cache@v4.1.2 + - uses: actions/cache@v4.2.2 with: path: ~/.cache/pip key: ${{ runner.os }}-pip diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 2ef91e16..84cbf0ed 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -12,7 +12,7 @@ jobs: pull-requests: write steps: - - uses: actions/stale@v9.0.0 + - uses: actions/stale@v9.1.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: > From 9831835518ebb07419678300f6ec01870b73d0c1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 28 Mar 2025 21:05:33 +0000 Subject: [PATCH 26/34] chore(deps): bump the dependencies group with 5 updates Updates the requirements on [redcarpet](https://github.com/vmg/redcarpet), [rdoc](https://github.com/ruby/rdoc), [rexml](https://github.com/ruby/rexml), [minitest](https://github.com/minitest/minitest) and [nokogiri](https://github.com/sparklemotion/nokogiri) to permit the latest version. Updates `redcarpet` from 3.6.0 to 3.6.1 - [Release notes](https://github.com/vmg/redcarpet/releases) - [Changelog](https://github.com/vmg/redcarpet/blob/master/CHANGELOG.md) - [Commits](https://github.com/vmg/redcarpet/compare/v3.6.0...v3.6.1) Updates `rdoc` from 6.7.0 to 6.12.0 - [Release notes](https://github.com/ruby/rdoc/releases) - [Changelog](https://github.com/ruby/rdoc/blob/master/History.rdoc) - [Commits](https://github.com/ruby/rdoc/compare/v6.7.0...v6.12.0) Updates `rexml` from 3.3.9 to 3.4.1 - [Release notes](https://github.com/ruby/rexml/releases) - [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md) - [Commits](https://github.com/ruby/rexml/compare/v3.3.9...v3.4.1) Updates `minitest` from 5.25.1 to 5.25.4 - [Changelog](https://github.com/minitest/minitest/blob/master/History.rdoc) - [Commits](https://github.com/minitest/minitest/compare/v5.25.1...v5.25.4) Updates `nokogiri` from 1.16.7 to 1.17.2 - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.16.7...v1.17.2) --- updated-dependencies: - dependency-name: redcarpet dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: rdoc dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: rexml dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: minitest dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: nokogiri dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- Gemfile | 2 +- Gemfile.lock | 30 ++++++++++++++++-------------- github-markup.gemspec | 2 +- 3 files changed, 18 insertions(+), 16 deletions(-) diff --git a/Gemfile b/Gemfile index b2983b9b..be52c0a6 100644 --- a/Gemfile +++ b/Gemfile @@ -7,7 +7,7 @@ gem "RedCloth" # using a tag version here because 0.18.3 was not published by the author to encourage users to upgrade. # however we want to bump up to this version since this has a security patch gem "commonmarker", git: "https://github.com/gjtorikian/commonmarker.git", tag: "v0.18.3" -gem "rdoc", "~> 6.7.0" +gem "rdoc", "~> 6.13.0" gem "org-ruby", "0.9.12" gem "creole", "~>0.5.0" gem "wikicloth", "=0.8.3" diff --git a/Gemfile.lock b/Gemfile.lock index 5912d3b1..ba36467a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -39,6 +39,7 @@ GEM connection_pool (2.4.1) crass (1.0.6) creole (0.5.0) + date (3.4.1) drb (2.2.1) expression_parser (0.9.0) github-linguist (7.30.0) @@ -54,33 +55,34 @@ GEM concurrent-ruby (~> 1.0) logger (1.6.1) mini_mime (1.1.5) - minitest (5.25.1) + minitest (5.25.5) mutex_m (0.2.0) - nokogiri (1.16.7-aarch64-linux) + nokogiri (1.17.2-aarch64-linux) racc (~> 1.4) - nokogiri (1.16.7-arm-linux) + nokogiri (1.17.2-arm-linux) racc (~> 1.4) - nokogiri (1.16.7-arm64-darwin) + nokogiri (1.17.2-arm64-darwin) racc (~> 1.4) - nokogiri (1.16.7-x86-linux) + nokogiri (1.17.2-x86-linux) racc (~> 1.4) - nokogiri (1.16.7-x86_64-darwin) + nokogiri (1.17.2-x86_64-darwin) racc (~> 1.4) - nokogiri (1.16.7-x86_64-linux) + nokogiri (1.17.2-x86_64-linux) racc (~> 1.4) nokogiri-diff (0.3.0) nokogiri (~> 1.5) tdiff (~> 0.4) org-ruby (0.9.12) rubypants (~> 0.2) - psych (5.1.2) + psych (5.2.3) + date stringio racc (1.8.1) rake (13.2.1) - rdoc (6.7.0) + rdoc (6.13.0) psych (>= 4.0.0) - redcarpet (3.6.0) - rexml (3.3.9) + redcarpet (3.6.1) + rexml (3.4.1) ruby-enum (0.9.0) i18n rubypants (0.7.1) @@ -89,7 +91,7 @@ GEM crass (~> 1.0.2) nokogiri (>= 1.12.0) securerandom (0.3.1) - stringio (3.1.1) + stringio (3.1.6) tdiff (0.4.0) twitter-text (1.14.7) unf (~> 0.1.0) @@ -124,11 +126,11 @@ DEPENDENCIES html-pipeline (~> 1.0) kramdown minitest (~> 5.4, >= 5.4.3) - nokogiri (~> 1.16.5) + nokogiri (~> 1.17.2) nokogiri-diff (~> 0.3.0) org-ruby (= 0.9.12) rake - rdoc (~> 6.7.0) + rdoc (~> 6.13.0) redcarpet rexml sanitize (>= 4.6.3) diff --git a/github-markup.gemspec b/github-markup.gemspec index ccf5908a..ddd4635f 100644 --- a/github-markup.gemspec +++ b/github-markup.gemspec @@ -25,7 +25,7 @@ Gem::Specification.new do |s| s.add_development_dependency 'minitest', '~> 5.4', '>= 5.4.3' s.add_development_dependency 'html-pipeline', '~> 1.0' s.add_development_dependency 'sanitize', '>= 4.6.3' - s.add_development_dependency 'nokogiri', '~> 1.16.5' + s.add_development_dependency 'nokogiri', '~> 1.17.2' s.add_development_dependency 'nokogiri-diff', '~> 0.3.0' s.add_development_dependency "github-linguist", ">= 7.1.3" end From b88ec4392314d5f873ea0adea9e4ff526ab2ff04 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 28 Mar 2025 21:17:51 +0000 Subject: [PATCH 27/34] chore(deps): bump activesupport from 7.1.5 to 7.1.5.1 Bumps [activesupport](https://github.com/rails/rails) from 7.1.5 to 7.1.5.1. - [Release notes](https://github.com/rails/rails/releases) - [Changelog](https://github.com/rails/rails/blob/v8.0.1/activesupport/CHANGELOG.md) - [Commits](https://github.com/rails/rails/compare/v7.1.5...v7.1.5.1) --- updated-dependencies: - dependency-name: activesupport dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index ba36467a..38813bb1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -15,7 +15,7 @@ GEM remote: https://rubygems.org/ specs: RedCloth (4.3.4) - activesupport (7.1.5) + activesupport (7.1.5.1) base64 benchmark (>= 0.3) bigdecimal @@ -30,13 +30,13 @@ GEM tzinfo (~> 2.0) asciidoctor (2.0.23) base64 (0.2.0) - benchmark (0.3.0) - bigdecimal (3.1.8) + benchmark (0.4.0) + bigdecimal (3.1.9) builder (3.3.0) cgi (0.4.1) charlock_holmes (0.7.7) - concurrent-ruby (1.3.4) - connection_pool (2.4.1) + concurrent-ruby (1.3.5) + connection_pool (2.5.0) crass (1.0.6) creole (0.5.0) date (3.4.1) @@ -51,12 +51,12 @@ GEM activesupport (>= 2) nokogiri (~> 1.4) htmlentities (4.3.4) - i18n (1.14.6) + i18n (1.14.7) concurrent-ruby (~> 1.0) - logger (1.6.1) + logger (1.7.0) mini_mime (1.1.5) minitest (5.25.5) - mutex_m (0.2.0) + mutex_m (0.3.0) nokogiri (1.17.2-aarch64-linux) racc (~> 1.4) nokogiri (1.17.2-arm-linux) @@ -90,7 +90,7 @@ GEM sanitize (6.1.3) crass (~> 1.0.2) nokogiri (>= 1.12.0) - securerandom (0.3.1) + securerandom (0.3.2) stringio (3.1.6) tdiff (0.4.0) twitter-text (1.14.7) From 0f6838c1f8110cb2ee005cb74a5392c4dbb48881 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Mar 2025 10:48:59 +0000 Subject: [PATCH 28/34] chore(deps): bump rdoc from 6.13.0 to 6.13.1 in the dependencies group Bumps the dependencies group with 1 update: [rdoc](https://github.com/ruby/rdoc). Updates `rdoc` from 6.13.0 to 6.13.1 - [Release notes](https://github.com/ruby/rdoc/releases) - [Changelog](https://github.com/ruby/rdoc/blob/master/History.rdoc) - [Commits](https://github.com/ruby/rdoc/compare/v6.13.0...v6.13.1) --- updated-dependencies: - dependency-name: rdoc dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index be52c0a6..e2c29f9c 100644 --- a/Gemfile +++ b/Gemfile @@ -7,7 +7,7 @@ gem "RedCloth" # using a tag version here because 0.18.3 was not published by the author to encourage users to upgrade. # however we want to bump up to this version since this has a security patch gem "commonmarker", git: "https://github.com/gjtorikian/commonmarker.git", tag: "v0.18.3" -gem "rdoc", "~> 6.13.0" +gem "rdoc", "~> 6.13.1" gem "org-ruby", "0.9.12" gem "creole", "~>0.5.0" gem "wikicloth", "=0.8.3" diff --git a/Gemfile.lock b/Gemfile.lock index ba36467a..2f72687c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -79,7 +79,7 @@ GEM stringio racc (1.8.1) rake (13.2.1) - rdoc (6.13.0) + rdoc (6.13.1) psych (>= 4.0.0) redcarpet (3.6.1) rexml (3.4.1) @@ -130,7 +130,7 @@ DEPENDENCIES nokogiri-diff (~> 0.3.0) org-ruby (= 0.9.12) rake - rdoc (~> 6.13.0) + rdoc (~> 6.13.1) redcarpet rexml sanitize (>= 4.6.3) From 1ba0b17f610f4cdf6cf33ec7bc2c618f8b0f9208 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Mar 2025 11:04:59 +0000 Subject: [PATCH 29/34] chore(deps): bump the dependencies group with 3 updates Bumps the dependencies group with 3 updates: [ruby/setup-ruby](https://github.com/ruby/setup-ruby), [actions/setup-python](https://github.com/actions/setup-python) and [actions/cache](https://github.com/actions/cache). Updates `ruby/setup-ruby` from 1.222.0 to 1.229.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](https://github.com/ruby/setup-ruby/compare/277ba2a127aba66d45bad0fa2dc56f80dbfedffa...354a1ad156761f5ee2b7b13fa8e09943a5e8d252) Updates `actions/setup-python` from 5.4.0 to 5.5.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v5.4.0...v5.5.0) Updates `actions/cache` from 4.2.2 to 4.2.3 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v4.2.2...v4.2.3) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 65a1cf08..f313947e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,17 +26,17 @@ jobs: with: fetch-depth: 10 - - uses: ruby/setup-ruby@277ba2a127aba66d45bad0fa2dc56f80dbfedffa # v1 + - uses: ruby/setup-ruby@354a1ad156761f5ee2b7b13fa8e09943a5e8d252 # v1 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true - - uses: actions/setup-python@v5.4.0 + - uses: actions/setup-python@v5.5.0 with: # This should match lib/github/markups.rb GitHub::Markups::MARKUP_RST python-version: "3.x" - - uses: actions/cache@v4.2.2 + - uses: actions/cache@v4.2.3 with: path: ~/.cache/pip key: ${{ runner.os }}-pip From 63895bf131f69398fab9beaa0d9839c79ceeddfd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Mar 2025 14:39:39 +0000 Subject: [PATCH 30/34] chore(deps): bump cgi from 0.4.1 to 0.4.2 in the bundler group Bumps the bundler group with 1 update: [cgi](https://github.com/ruby/cgi). Updates `cgi` from 0.4.1 to 0.4.2 - [Release notes](https://github.com/ruby/cgi/releases) - [Commits](https://github.com/ruby/cgi/compare/v0.4.1...v0.4.2) --- updated-dependencies: - dependency-name: cgi dependency-type: indirect dependency-group: bundler ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index ba36467a..84f33bdf 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -33,7 +33,7 @@ GEM benchmark (0.3.0) bigdecimal (3.1.8) builder (3.3.0) - cgi (0.4.1) + cgi (0.4.2) charlock_holmes (0.7.7) concurrent-ruby (1.3.4) connection_pool (2.4.1) From ead5ff8f21d0db8d672a7283a6afec24cbfee3ea Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Mar 2025 15:05:35 +0000 Subject: [PATCH 31/34] chore(deps): bump github-linguist from 7.30.0 to 9.1.0 Bumps [github-linguist](https://github.com/github-linguist/linguist) from 7.30.0 to 9.1.0. - [Release notes](https://github.com/github-linguist/linguist/releases) - [Commits](https://github.com/github-linguist/linguist/compare/v7.30.0...v9.1.0) --- updated-dependencies: - dependency-name: github-linguist dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index c8c61181..1ebd7841 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -34,7 +34,7 @@ GEM bigdecimal (3.1.9) builder (3.3.0) cgi (0.4.2) - charlock_holmes (0.7.7) + charlock_holmes (0.7.9) concurrent-ruby (1.3.5) connection_pool (2.5.0) crass (1.0.6) @@ -42,7 +42,7 @@ GEM date (3.4.1) drb (2.2.1) expression_parser (0.9.0) - github-linguist (7.30.0) + github-linguist (9.1.0) cgi charlock_holmes (~> 0.7.7) mini_mime (~> 1.0) @@ -86,7 +86,7 @@ GEM ruby-enum (0.9.0) i18n rubypants (0.7.1) - rugged (1.7.2) + rugged (1.9.0) sanitize (6.1.3) crass (~> 1.0.2) nokogiri (>= 1.12.0) From 92a2ed2692f9b162e7008820f32d226bb99f88e8 Mon Sep 17 00:00:00 2001 From: Max Beizer Date: Tue, 1 Apr 2025 14:34:59 +0000 Subject: [PATCH 32/34] Bump nokogiri to 1.18, require at least Ruby 3.1 --- .github/workflows/ci.yml | 2 +- Gemfile | 1 + Gemfile.lock | 16 +++++++++------- github-markup.gemspec | 4 ++-- 4 files changed, 13 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f313947e..50ccc50b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,10 +14,10 @@ jobs: strategy: matrix: ruby: - - "3.0" - "3.1" - "3.2" - "3.3" + - "3.4" fail-fast: false steps: diff --git a/Gemfile b/Gemfile index e2c29f9c..bcd13f88 100644 --- a/Gemfile +++ b/Gemfile @@ -15,3 +15,4 @@ gem "twitter-text", "~> 1.14" gem "asciidoctor", "~> 2.0.5" gem "rake" gem "rexml" +gem "nokogiri", "~> 1.18.4" diff --git a/Gemfile.lock b/Gemfile.lock index 1ebd7841..7e738e4d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -55,19 +55,21 @@ GEM concurrent-ruby (~> 1.0) logger (1.7.0) mini_mime (1.1.5) + mini_portile2 (2.8.8) minitest (5.25.5) mutex_m (0.3.0) - nokogiri (1.17.2-aarch64-linux) + nokogiri (1.18.7) + mini_portile2 (~> 2.8.2) racc (~> 1.4) - nokogiri (1.17.2-arm-linux) + nokogiri (1.18.7-aarch64-linux-gnu) racc (~> 1.4) - nokogiri (1.17.2-arm64-darwin) + nokogiri (1.18.7-arm-linux-gnu) racc (~> 1.4) - nokogiri (1.17.2-x86-linux) + nokogiri (1.18.7-arm64-darwin) racc (~> 1.4) - nokogiri (1.17.2-x86_64-darwin) + nokogiri (1.18.7-x86_64-darwin) racc (~> 1.4) - nokogiri (1.17.2-x86_64-linux) + nokogiri (1.18.7-x86_64-linux-gnu) racc (~> 1.4) nokogiri-diff (0.3.0) nokogiri (~> 1.5) @@ -126,7 +128,7 @@ DEPENDENCIES html-pipeline (~> 1.0) kramdown minitest (~> 5.4, >= 5.4.3) - nokogiri (~> 1.17.2) + nokogiri (~> 1.18.4) nokogiri-diff (~> 0.3.0) org-ruby (= 0.9.12) rake diff --git a/github-markup.gemspec b/github-markup.gemspec index ddd4635f..4329a901 100644 --- a/github-markup.gemspec +++ b/github-markup.gemspec @@ -13,7 +13,7 @@ Gem::Specification.new do |s| s.homepage = "https://github.com/github/markup" s.license = "MIT" - s.required_ruby_version = '>= 3.0.0' + s.required_ruby_version = '>= 3.1.0' s.files = `git ls-files`.split($\) s.executables = s.files.grep(%r{^bin/}).map{ |f| File.basename(f) } @@ -25,7 +25,7 @@ Gem::Specification.new do |s| s.add_development_dependency 'minitest', '~> 5.4', '>= 5.4.3' s.add_development_dependency 'html-pipeline', '~> 1.0' s.add_development_dependency 'sanitize', '>= 4.6.3' - s.add_development_dependency 'nokogiri', '~> 1.17.2' + s.add_development_dependency 'nokogiri', '~> 1.18.4' s.add_development_dependency 'nokogiri-diff', '~> 0.3.0' s.add_development_dependency "github-linguist", ">= 7.1.3" end From a732c1a614333efe7b6a367238ec1c278fcb3a30 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 22 Apr 2025 04:55:46 +0000 Subject: [PATCH 33/34] chore(deps): bump nokogiri from 1.18.7 to 1.18.8 in the bundler group Bumps the bundler group with 1 update: [nokogiri](https://github.com/sparklemotion/nokogiri). Updates `nokogiri` from 1.18.7 to 1.18.8 - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.18.7...v1.18.8) --- updated-dependencies: - dependency-name: nokogiri dependency-version: 1.18.8 dependency-type: direct:production dependency-group: bundler ... Signed-off-by: dependabot[bot] --- Gemfile | 2 +- Gemfile.lock | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Gemfile b/Gemfile index bcd13f88..60920bee 100644 --- a/Gemfile +++ b/Gemfile @@ -15,4 +15,4 @@ gem "twitter-text", "~> 1.14" gem "asciidoctor", "~> 2.0.5" gem "rake" gem "rexml" -gem "nokogiri", "~> 1.18.4" +gem "nokogiri", "~> 1.18.8" diff --git a/Gemfile.lock b/Gemfile.lock index 7e738e4d..9ee4b029 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -58,18 +58,18 @@ GEM mini_portile2 (2.8.8) minitest (5.25.5) mutex_m (0.3.0) - nokogiri (1.18.7) + nokogiri (1.18.8) mini_portile2 (~> 2.8.2) racc (~> 1.4) - nokogiri (1.18.7-aarch64-linux-gnu) + nokogiri (1.18.8-aarch64-linux-gnu) racc (~> 1.4) - nokogiri (1.18.7-arm-linux-gnu) + nokogiri (1.18.8-arm-linux-gnu) racc (~> 1.4) - nokogiri (1.18.7-arm64-darwin) + nokogiri (1.18.8-arm64-darwin) racc (~> 1.4) - nokogiri (1.18.7-x86_64-darwin) + nokogiri (1.18.8-x86_64-darwin) racc (~> 1.4) - nokogiri (1.18.7-x86_64-linux-gnu) + nokogiri (1.18.8-x86_64-linux-gnu) racc (~> 1.4) nokogiri-diff (0.3.0) nokogiri (~> 1.5) @@ -128,7 +128,7 @@ DEPENDENCIES html-pipeline (~> 1.0) kramdown minitest (~> 5.4, >= 5.4.3) - nokogiri (~> 1.18.4) + nokogiri (~> 1.18.8) nokogiri-diff (~> 0.3.0) org-ruby (= 0.9.12) rake From 86453b44896e453d0a758f000a555fbc4ba8f75a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 22 Jul 2025 04:43:57 +0000 Subject: [PATCH 34/34] chore(deps): bump nokogiri from 1.18.8 to 1.18.9 in the bundler group Bumps the bundler group with 1 update: [nokogiri](https://github.com/sparklemotion/nokogiri). Updates `nokogiri` from 1.18.8 to 1.18.9 - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.18.8...v1.18.9) --- updated-dependencies: - dependency-name: nokogiri dependency-version: 1.18.9 dependency-type: direct:production dependency-group: bundler ... Signed-off-by: dependabot[bot] --- Gemfile | 2 +- Gemfile.lock | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Gemfile b/Gemfile index 60920bee..bbb2290e 100644 --- a/Gemfile +++ b/Gemfile @@ -15,4 +15,4 @@ gem "twitter-text", "~> 1.14" gem "asciidoctor", "~> 2.0.5" gem "rake" gem "rexml" -gem "nokogiri", "~> 1.18.8" +gem "nokogiri", "~> 1.18.9" diff --git a/Gemfile.lock b/Gemfile.lock index 9ee4b029..9f63becf 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -55,21 +55,21 @@ GEM concurrent-ruby (~> 1.0) logger (1.7.0) mini_mime (1.1.5) - mini_portile2 (2.8.8) + mini_portile2 (2.8.9) minitest (5.25.5) mutex_m (0.3.0) - nokogiri (1.18.8) + nokogiri (1.18.9) mini_portile2 (~> 2.8.2) racc (~> 1.4) - nokogiri (1.18.8-aarch64-linux-gnu) + nokogiri (1.18.9-aarch64-linux-gnu) racc (~> 1.4) - nokogiri (1.18.8-arm-linux-gnu) + nokogiri (1.18.9-arm-linux-gnu) racc (~> 1.4) - nokogiri (1.18.8-arm64-darwin) + nokogiri (1.18.9-arm64-darwin) racc (~> 1.4) - nokogiri (1.18.8-x86_64-darwin) + nokogiri (1.18.9-x86_64-darwin) racc (~> 1.4) - nokogiri (1.18.8-x86_64-linux-gnu) + nokogiri (1.18.9-x86_64-linux-gnu) racc (~> 1.4) nokogiri-diff (0.3.0) nokogiri (~> 1.5) @@ -128,7 +128,7 @@ DEPENDENCIES html-pipeline (~> 1.0) kramdown minitest (~> 5.4, >= 5.4.3) - nokogiri (~> 1.18.8) + nokogiri (~> 1.18.9) nokogiri-diff (~> 0.3.0) org-ruby (= 0.9.12) rake