Update capybara: 3.16.1 → 3.29.0 (minor)

[depfu]

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ capybara (3.16.1 → 3.29.0) · Repo · Changelog

Release Notes

3.29.0 (from changelog)

Release date: Unreleased

Added

• Allow clicking on file input when using the block version of attach_file with Chrome and Firefox
• Spatial filters (left_of, right_of, above, below, near)
• rack_test driver now supports clicking on details elements to open/close them

Fixed

• rack_test driver correctly determines visibility for open details elements descendants

Changed

• Results will now be lazily evaluated when using JRuby >= 9.2.8.0

3.28.0 (from changelog)

Release date: 2019-08-03

Added

• Allow forcing HTML5 or legacy dragging via the :html5 option to drag_to when using Selenium with Chrome or Firefox
• Autodetection of drag type interprets not seeing the mousedown event as legacy.
• HTML5 form validation :valid node filter added to :field and :fillable_field selectors
• When using Capybara registered :puma server - patches Puma 4.0.x to fix SSL connection behavior. Removes default queue_requests setting - Issue #2227

3.27.0 (from changelog)

Release date: 2019-07-28

Added

• Allow to use chromedriver/geckodriver native is_element_displayed endpoint via Selenium driver native_displayed option for performance reasons. Disabled by default due to endpoints currently not handling <details> element descendants visibility correctly.

Fixed

• Ignore negative lookahead/lookbehind regex when performing initial XPath text matching
• Reloading of elements found via ancestor and sibling
• Only default puma settings to queue_requests: false when using SSL
• Visibility of descendants of <details> elements is correctly determined when using rack_test and the selenium driver with Capybara optimized atoms
• local/session storage clearance in Chrome when clearing only one of them - Issue #2233

3.26.0 (from changelog)

Release date: 2019-07-15

Added

• w3c_click_offset configuration option applies to right_click and double_click as well as click
• Warning when passing nil to the text/content assertions/expectations
• Session#server_url returns the base url the AUT is being run at (when controlled by Capybara)
• option selector type accepts an integer as locator

Fixed

• Default puma server registration now specifies queue_requests: false - Issue #2227
• Workaround issue with FF 68 and hanging during reset if a system modal is visible
• Don't expand file path if it's already absolute - Issue #2228

3.25.0 (from changelog)

Release date: 2019-06-27

Added

• Animation disabler also disables before and after pseudoelements - Issue #2221 [Daniel Heath]
• w3c_click_offset configuration option to determine whether click offsets are calculated from element center or top left corner

Fixed

• Woraround issue with chromedriver 76/77 in W3C mode losing mouse state during legacy drag. Only fixed if both source and target are simultaenously inside the viewport - Issue #2223
• Negative ancestor expectations/predicates were incorrectly checking siblings rather than ancestors

3.24.0 (from changelog)

Release date: 2019-06-13

Added

• Log access when using the Selenium driver with Chrome 75 in W3C mode has been reenabled.

Changed

• Selenium driver now selects all current content and then sends keys rather than clearing field by JS and then sending keys when setting values to text inputs in order to more closely simulate user behavior

Fixed

• Relative paths passed to attach_file will be assumed to be relative to the current working directory when using the Selenium driver

3.23.0 (from changelog)

Release date: 2019-06-10

Added

• Improved error message when using Chrome in W3C mode and attempting to access logs
• Support driver specific options for Element#drag_to
• Support setting <input type="color"> elements with the selenium driver

Fixed

• Tightened conditions when in expression text option matching will be used
• Improved Selenium drivers HTML5 drag and drop emulation compatibility with SortableJS library (and others)

3.22.0 (from changelog)

Release date: 2019-05-29

Added

• ancestor/sibling assertions and matchers added
• Documentation Updates and Fixes - Many thanks again to Masafumi Koba! [Masafumi Koba]
• Added :with alias for :option filter on :checkbox and :radio_button selectors

Changed

• Selenium driver with Chrome >= 73 now resets cookies and local/session storage after navigating to 'about:blank' when possible to minimize potential race condition

3.21.0 (from changelog)

Release date: 2019-05-24

Added

• Element#drop - Chrome and Firefox, via the selenium driver, support dropping files/data on elements
• Default CSS used for attach_file make_visible: true now includes auto for height and width to handle more ways of hiding the file input element
• Documentation Updates and Fixes - Many thanks to Masafumi Koba! [Masafumi Koba]

Changed

• Deprecate support for CSS locator being a Symbol

3.20.2 (from changelog)

Release date: 2019-05-19

Fixed

• Move uglifier from runtime to development dependency [miyucy]

Not all release notes shown. View the full release notes

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ addressable (indirect, 2.6.0 → 2.7.0) · Repo · Changelog

Release Notes

2.7.0 (from changelog)

• added :compacted flag to normalized_query
• heuristic_parse handles mailto: more intuitively
• refactored validation to use a prepended module
• dropped explicit support for JRuby 9.0.5.0
• compatibility w/ public_suffix 4.x
• performance improvements

Does any of this look wrong? Please let us know.

↗️ mini_mime (indirect, 1.0.1 → 1.0.2) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 13 commits:

• Changelog and prepare for release
• FEATURE: update for latest parity with mime types data
• Remove unsupported rubies from travis test matrix
• relax bundler version
• Update benchmark in readme
• Add gems to Gemfile for bench script
• Allow custom db paths
• Update benchmark
• Test on Ruby 2.5 and Ruby 2.6
• Merge pull request #16 from Aqualon/readme_improvements
• Fix some typos/whitespace
• Fix link to bench.rb
• bump cache on travis

↗️ nokogiri (indirect, 1.10.2 → 1.10.4) · Repo · Changelog

Release Notes

1.10.4

1.10.4 / 2019-08-11

Security

Address CVE-2019-5477 (#1915)

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being passed untrusted user input.

This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

This CVE's public notice is #1915

1.10.3

1.10.3 / 2019-04-22

Security Notes

[MRI] Pulled in upstream patch from libxslt that addresses CVE-2019-11068. Full details are available in #1892. Note that this patch is not yet (as of 2019-04-22) in an upstream release of libxslt.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 14 commits:

• version bump to v1.10.4
• Merge branch '1915-css-tokenizer-load-file-vulnerability_v1.10.x' into v1.10.x
• update CHANGELOG
• regenerate lexical scanner using rexical 1.0.7
• eliminate `eval` from Builder#initialize
• rufo formatting
• rubocop security scan is run as part of the `test` rake target
• add rubocop as a dev dependency
• adding a temporary pipeline for v1.10.x
• version bump to v1.10.3
• Merge pull request #1898 from sparklemotion/1892-libxslt-patch-for-usn-3947
• Backport libxslt patch for CVE-2019-11068
• Merge branch 'concourse-icons'
• ci: add icons to concourse resources

↗️ public_suffix (indirect, 3.0.3 → 4.0.1) · Repo · Changelog

Release Notes

4.0.1 (from changelog)

• CHANGED: Updated definitions.

4.0.0 (from changelog)

• CHANGED: Minimum Ruby version is 2.3

3.1.1 (from changelog)

• CHANGED: Updated definitions.
• CHANGED: Rolled back support for Ruby 2.3 (GH-161, GH-162)

IMPORTANT: 3.x is the latest version compatible with Ruby 2.1 and Ruby 2.2.

3.1.0 (from changelog)

• CHANGED: Updated definitions.
• CHANGED: Minimum Ruby version is 2.3
• CHANGED: Upgraded to Bundler 2.x

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 22 commits:

• Release 4.0.1
• Updated definitions
• Add Tidelift link
• Create FUNDING.yml
• Test Ruby 2.7
• Release 4.0.0
• Remove support for Ruby < 2.3 in major version
• Release 3.1.1
• Reinstate support to Ruby 2.1 and 2.2
• Update PSL
• Fix version in README
• Release 3.1.0
• Update definitions list (#160)
• Upgrade to Rubocop 0.70
• Fix version mismatch
• Minimum Ruby version is 2.3
• Upgrade Bundler
• Make Travis happy
• Fix typo in comment (#159)
• Fix offenses
• Switch to CodeCov
• Update .travis.yml

↗️ rack (indirect, 2.0.6 → 2.0.7) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 4 commits:

• Bumping to 2.0.7 for release
• Merge pull request #1343 from larsxschneider/ls/forward-fix
• Preserve forwarded IP address for trusted proxy chains
• Merge pull request #1201 from janko-m/make-multipart-parsing-work-for-chunked-requests

↗️ regexp_parser (indirect, 1.3.0 → 1.6.0) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by 34 commits:

• Release v1.6.0
• Update RPV dependency, add some unicode props
• Release v1.5.1
• Deprecate another legacy method
• Standardize parser specs, fix discovered option bug
• Standardize syntax specs
• Standardize scanner and lexer specs
• Standardize lexer specs
• Scanner cleanup - remove deducible ivars
• Standardize scanner specs; fix discovered ts/te bug for `-]`
• Remove more unreachable code, fix \M, \C edge cases
• Fix scan of empty backref/refcall raising ArgumentError
• Simplify options scanning, fix some edge cases
• Improve coverage
• Remove unreachable code
• Extract option shortcuts to own file
• Fix #match and #=~ not working with 1 arg
• Fix #options for some expression classes
• Release v1.5.0
• Update README
• Fix quantification of codepoint lists
• Remove some obsolete ruby version checks
• Fix #initialize_clone direction
• Add #repetitions, #match_length
• Fix Sequence#clone by removing #text -> #to_s circle
• Add #referenced_expression
• Merge pull request #60 from ammar/migrate_to_rspec
• Migrate to RSpec
• Release v1.4.0
• Travis: try using provided bundler
• Add latest unicode properties
• Test against Ruby 2.6
• Merge pull request #58 from amatsuda/https
• GitHub is https by default

---

👉 No CI detected

You don't seem to have any Continuous Integration service set up!

Without a service that will test the Depfu branches and pull requests, we can't inform you if incoming updates actually work with your app. We think that this degrades the service we're trying to provide down to a point where it is more or less meaningless.

This is fine if you just want to give Depfu a quick try. If you want to really let Depfu help you keep your app up-to-date, we recommend setting up a CI system:

• Circle CI, Semaphore and Travis-CI are all excellent options.
• If you use something like Jenkins, make sure that you're using the Github integration correctly so that it reports status data back to Github.
• If you have already set up a CI for this repository, you might need to check your configuration. Make sure it will run on all new branches. If you don’t want it to run on every branch, you can whitelist branches starting with depfu/.

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)