Mechanize Versions Save

2.10.0 / 2024-01-22

• Add nkf and base64 as explicit dependencies, since they are being unbundled in Ruby 3.4. (#634) @flavorjones

2.9.2 / 2024-01-15

• Correct spelling errors in documentation. (#631) @p-linnane
• Updated User-Agent strings to represent modern browser versions. (#632) @takatea

2.9.1 / 2023-04-17

Update

• Updated User-Agent strings to represent modern browser versions. (#612) Thank you, @takatea!

2.9.0 / 2023-04-07

Requirements

• Mechanize now requires Ruby 2.6 or newer.

Improvement

• Mechanize can now parse frozen strings. (#610)

2.8.5 / 2022-06-09

Security

Fixes low-severity CVE-2022-31033, "Authorization header leak on port redirect." See GHSA-64qm-hrgp-pgr9 for more details.

2.8.4 / 2022-01-17

Fix

• Mechanize::CookieJar#load calls Psych.safe_load when using Psych >= 3.1

2.8.3 / 2021-11-11

Update

• Update the "Linux Firefox" user agent string to rev94 (#587) Thank you, @ncs1!

2.8.2 / 2021-08-06

Dependencies

• Update dependency on Addressable from ~>2.7 to ~>2.8. (#584) @yidingww

2.8.1 / 2021-05-09

Fix

• Gracefully handle parsing errors that contain an invalid byte sequence. Previously, if libxml2 registered a parsing error that itself contained invalid encoding, an exception might be raised. (#553)

2.8.0 / 2021-04-01

• Requirements

  • Mechanize now requires Ruby 2.5 or newer.
  • Move from ntlm-http to rubyntlm gem. (#495, #574)

• New Features

  • Page::Link#uri now handles non-ASCII hrefs. (#569) @terryyin
  • FileConnection supports Windows drive letters (#483)
  • Credential headers 'Authorization' and 'Cookie' are deleted on cross-origin redirects. (#538) @kyoshidajp
  • ContentDispositionParser handles ISO8601 date headers, to be robust with websites that ignore RFC2183. (#554) @reitermarkus

• Bug fix

  • POST headers 'Content-Length', 'Content-MD5', and 'Content-Type' are deleted in a case-insensitive manner on redirects. Previously these headers were treated as case-sensitive.