🚨 [security] Update rails-mermaid_erd 0.5.0 → 0.6.0 (major)

[depfu]

---

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

---

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ rails-mermaid_erd (0.5.0 → 0.6.0) · Repo · Changelog

Release Notes

0.6.0

What's Changed

• Release/v0.5.1 by @unchidev in #127
• Migrate to Docker Compose V2 by @unchidev in #136
• Add zoom and drag mouse controls by @unchidev in #138
• Bump rails-html-sanitizer from 1.6.0 to 1.6.1 by @dependabot in #133
• Bump actionpack from 7.1.4.1 to 7.1.5.1 by @dependabot in #137
• Bump pg from 1.5.8 to 1.5.9 by @dependabot in #130
• Bump standard from 1.42.1 to 1.43.0 by @dependabot in #134
• Bump rails from 7.1.4.1 to 8.0.1 by @dependabot in #135

Full Changelog: v0.5.1...v0.6.0

0.5.1

What's Changed

• Release/v0.5.0 by @unchidev in #96
• Bump github/codeql-action from 2 to 3 by @dependabot in #102
• Bump tzinfo-data from 1.2023.3 to 1.2024.2 by @dependabot in #115
• Bump rexml from 3.3.0 to 3.3.9 by @dependabot in #119
• Bump webrick from 1.8.1 to 1.8.2 by @dependabot in #122
• Bump actionmailer from 7.1.3.4 to 7.1.4.1 by @dependabot in #120
• Bump actions/cache from 3 to 4 by @dependabot in #103
• Bump rake from 13.0.6 to 13.2.1 by @dependabot in #100
• Bump standard from 1.39.0 to 1.42.1 by @dependabot in #125
• Avoid unnecessary loading on Rails boot by @r7kamura in #112
• Bump pg from 1.5.4 to 1.5.8 by @dependabot in #114
• Bump rspec-rails from 6.0.3 to 7.1.0 by @dependabot in #126

New Contributors

• @r7kamura made their first contribution in #112

Full Changelog: v0.5.0...v0.5.1

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 50 commits:

• v0.6.0
• Merge pull request #135 from koedame/dependabot/bundler/rails-8.0.1
• Bump rails from 7.1.4.1 to 8.0.1
• Merge pull request #134 from koedame/dependabot/bundler/standard-1.43.0
• Bump standard from 1.42.1 to 1.43.0
• Merge pull request #130 from koedame/dependabot/bundler/pg-1.5.9
• Merge pull request #137 from koedame/dependabot/bundler/actionpack-7.1.5.1
• Bump actionpack from 7.1.4.1 to 7.1.5.1
• Merge pull request #133 from koedame/dependabot/bundler/rails-html-sanitizer-1.6.1
• Merge pull request #138 from koedame/feature/improve-erd-viewer-operation
• Add control hints
• Add zoom and drag mouse controls
• Bump rails-html-sanitizer from 1.6.0 to 1.6.1
• Bump pg from 1.5.8 to 1.5.9
• Merge pull request #136 from koedame/feature/modernize-docker-compose
• docs: add language convention to development documentation
• Fix coding style
• Update nio4r to version 2.7.0
• Remove .devcontainer
• Add development documentation
• Update GitHub Actions workflows for Docker Compose V2
• Rename compose files for Docker Compose V2
• Merge pull request #127 from koedame/release/v0.5.1
• Support Apple Silicon (ARM64)
• update RELEASE.md
• v0.5.1
• Support Apple Silicon (ARM64)
• Merge pull request #126 from koedame/dependabot/bundler/rspec-rails-7.1.0
• Bump rspec-rails from 6.0.3 to 7.1.0
• Merge pull request #114 from koedame/dependabot/bundler/pg-1.5.8
• Merge pull request #112 from r7kamura/readme-require-false
• Merge pull request #125 from koedame/dependabot/bundler/standard-1.42.1
• Bump standard from 1.39.0 to 1.42.1
• Merge pull request #100 from koedame/dependabot/bundler/rake-13.2.1
• Merge pull request #103 from koedame/dependabot/github_actions/actions/cache-4
• Merge pull request #120 from koedame/dependabot/bundler/actionmailer-7.1.4.1
• Merge pull request #122 from koedame/dependabot/bundler/webrick-1.8.2
• Merge pull request #119 from koedame/dependabot/bundler/rexml-3.3.9
• Merge pull request #115 from koedame/dependabot/bundler/tzinfo-data-1.2024.2
• Bump tzinfo-data from 1.2023.3 to 1.2024.2
• Bump webrick from 1.8.1 to 1.8.2
• Bump actionmailer from 7.1.3.4 to 7.1.4.1
• Bump rexml from 3.3.0 to 3.3.9
• Merge pull request #102 from koedame/dependabot/github_actions/github/codeql-action-3
• Bump github/codeql-action from 2 to 3
• Bump pg from 1.5.4 to 1.5.8
• Avoid unnecessary loading on Rails boot
• Bump actions/cache from 3 to 4
• Bump rake from 13.0.6 to 13.2.1
• Merge pull request #96 from koedame/release/v0.5.0

✳️ net-imap (0.5.1 → 0.5.4) · Repo

Release Notes

0.5.4

What's Changed

Added

• ✨ Add support for PARTIAL extension (RFC9394) by @nevans in #367

Fixed

• 🐛 Fix partial-range encoding of exclusive ranges by @nevans in #370

Documentation

• 📚 Fix documentation for #fetch by @nevans in #369

Full Changelog: v0.5.3...v0.5.4

0.5.3

What's Changed

Added

• ✨ Add support for VANISHED responses by @nevans in #329

Documentation

• 📚 Fix rdoc issues by @nevans in #365

Full Changelog: v0.5.2...v0.5.3

0.5.2

What's Changed

Added

• 🥅 Raise ArgumentError on multiple search charset args by @nevans in #363
• ✨ Add keyword argument for search charset by @nevans in #364
• ✨ Add basic ESEARCH support (RFC4466, RFC4731) by @nevans in #333

Fixed

• 🐛 Return empty SearchResult for no search result by @nevans in #362

Documentation

• 📚 Fix README example by @nevans in #354
• 📦📚 Add release.yml for better release note generation by @nevans in #355
• 📚💄 Fix rdoc 6.8 CSS styles by @nevans in #356
• 📚 Update IMAP#search docs (again) by @nevans in #360
• 📚 Consistent heading levels inside method rdoc by @nevans in #361

Other Changes

• ✨ Add Data polyfill for ruby 3.1 by @nevans in #352
• ♻️ Refactor internal command data classes by @nevans in #358

Miscellaneous

• 🔥 Drop YAML.unsafe_load_file refinement (tests only) by @nevans in #353
• ⬆️ Bump step-security/harden-runner from 2.10.1 to 2.10.2 by @dependabot in #357
• Enabled windows-latest on GHA by @hsbt in #359

Full Changelog: v0.5.1...v0.5.2

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 43 commits:

• 🔖 Bump version to 0.5.4
• 🔀 Merge pull request #367 from ruby/RFC9394-PARTIAL
• 📚 Document support for the `PARTIAL` extension
• ✨ Add `partial` fetch modifier to uid_fetch
• ✨ Add support for `PARTIAL` esearch result
• 📚 Update `#search` rdoc (again!)
• 🐛 Fix partial-range encoding of exclusive ranges
• 📚 Fix documentation for `#fetch`
• 🔖 Bump version to 0.5.3
• 🔀 Merge pull request #329 from nevans/vanished
• ✨ Support VANISHED response to #expunge
• ✨ Add support for VANISHED responses
• 🔀 Merge pull request #365 from ruby/fix-rdoc-issues
• 📚 Fix rdoc-ref link syntax in `#search`
• 📚 Fix rdoc method source styles
• 🔖 Bump version to 0.5.2
• 🔀 Merge pull request #333 from nevans/basic-esearch-support
• 🥅 Workaround https://bugs.ruby-lang.org/issues/20956
• ✨ Convert symbols & ranges in search return opts
• ✨ Add keyword param for search `return` options
• ✨ Gather ESEARCH response to #search/#uid_search
• ✨ Parsing ESEARCH, with examples from RFC9051
• ✅ Copy `assert_pattern` from minitest
• ✨ Add keyword argument for search charset
• 🔀 Merge pull request #363 from ruby/search-charset-conflict-raise-argument_error
• 🥅 Raise ArgumentError on multiple search charset args
• ♻️ Extract search_args from search_internal
• ✅ Add some test coverage for search charset
• ✨ Return empty SearchResult for no search result
• ♻️ Extract superclass for (internal) command data
• 📚 Consistent heading levels inside method rdoc
• ✨ Add Data polyfill for ruby 3.1
• 📚 Update IMAP#search docs again
• 🔀 Merge pull request #359 from ruby/enable-windows-test
• Skip test_starttls_unknown_ca with Windows
• Enabled windows-latest on GHA
• ⬆️ Bump step-security/harden-runner from 2.10.1 to 2.10.2 (#357)
• 📚💄 Fix rdoc 6.8 CSS styles
• 📦 Add release.yml
• 🔀 Merge pull request #354 from ruby/fix-README-example
• 📚 Update README example to use MOVE extension
• 📚 Fix broken example in README.md
• 🔥 Drop YAML.unsafe_load_file refinement (tests only)

✳️ rails (7.0.8.6 → 7.0.8.7) · Repo

Release Notes

7.0.8.7

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Add validation to content security policies to disallow spaces and semicolons.
  Developers should use multiple arguments, and different directive methods instead.

  [CVE-2024-54133]

  Gannon McGibbon

Active Job

• No changes.

Action Mailer

• No changes.

Action Cable

• No changes.

Active Storage

• No changes.

Action Mailbox

• No changes.

Action Text

• Update vendored trix version to 1.3.4

  John Hawthorn

Railties

• No changes.

Guides

• No changes.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 3 commits:

• Preparing for 7.0.8.7 release
• Update vendored trix version to 1.3.4
• Add CSP directive validation

↗️ actioncable (indirect, 7.0.8.6 → 7.0.8.7) · Repo · Changelog

Release Notes

7.0.8.7 (from changelog)

• No changes.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 3 commits:

• Preparing for 7.0.8.7 release
• Update vendored trix version to 1.3.4
• Add CSP directive validation

↗️ actionmailbox (indirect, 7.0.8.6 → 7.0.8.7) · Repo · Changelog

↗️ actionmailer (indirect, 7.0.8.6 → 7.0.8.7) · Repo · Changelog

Release Notes

7.0.8.7 (from changelog)

• No changes.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 3 commits:

• Preparing for 7.0.8.7 release
• Update vendored trix version to 1.3.4
• Add CSP directive validation

↗️ actionpack (indirect, 7.0.8.6 → 7.0.8.7) · Repo · Changelog

Security Advisories 🚨

🚨 Possible Content Security Policy bypass in Action Dispatch

There is a possible Cross Site Scripting (XSS) vulnerability in the content_security_policy helper in Action Pack.

Impact

Applications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP. This could lead to a bypass of the CSP and its protection against XSS and other attacks.

Releases

The fixed releases are available at the normal locations.

Workarounds

Applications can avoid setting CSP headers dynamically from untrusted input, or can validate/sanitize that input.

Credits

Thanks to ryotak for the report!

Release Notes

7.0.8.7 (from changelog)

• Add validation to content security policies to disallow spaces and semicolons. Developers should use multiple arguments, and different directive methods instead.

  [CVE-2024-54133]

  Gannon McGibbon

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 3 commits:

• Preparing for 7.0.8.7 release
• Update vendored trix version to 1.3.4
• Add CSP directive validation

↗️ actiontext (indirect, 7.0.8.6 → 7.0.8.7) · Repo · Changelog

Release Notes

7.0.8.7 (from changelog)

• Update vendored trix version to 1.3.4

  John Hawthorn

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 3 commits:

• Preparing for 7.0.8.7 release
• Update vendored trix version to 1.3.4
• Add CSP directive validation

↗️ actionview (indirect, 7.0.8.6 → 7.0.8.7) · Repo · Changelog

Release Notes

7.0.8.7 (from changelog)

• No changes.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 3 commits:

• Preparing for 7.0.8.7 release
• Update vendored trix version to 1.3.4
• Add CSP directive validation

↗️ activejob (indirect, 7.0.8.6 → 7.0.8.7) · Repo · Changelog

Release Notes

7.0.8.7 (from changelog)

• No changes.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 3 commits:

• Preparing for 7.0.8.7 release
• Update vendored trix version to 1.3.4
• Add CSP directive validation

↗️ activemodel (indirect, 7.0.8.6 → 7.0.8.7) · Repo · Changelog

Release Notes

7.0.8.7 (from changelog)

• No changes.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 3 commits:

• Preparing for 7.0.8.7 release
• Update vendored trix version to 1.3.4
• Add CSP directive validation

↗️ activerecord (indirect, 7.0.8.6 → 7.0.8.7) · Repo · Changelog

Release Notes

7.0.8.7 (from changelog)

• No changes.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 3 commits:

• Preparing for 7.0.8.7 release
• Update vendored trix version to 1.3.4
• Add CSP directive validation

↗️ activestorage (indirect, 7.0.8.6 → 7.0.8.7) · Repo · Changelog

Release Notes

7.0.8.7 (from changelog)

• No changes.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 3 commits:

• Preparing for 7.0.8.7 release
• Update vendored trix version to 1.3.4
• Add CSP directive validation

↗️ activesupport (indirect, 7.0.8.6 → 7.0.8.7) · Repo · Changelog

Release Notes

7.0.8.7 (from changelog)

• No changes.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 3 commits:

• Preparing for 7.0.8.7 release
• Update vendored trix version to 1.3.4
• Add CSP directive validation

↗️ erubi (indirect, 1.13.0 → 1.13.1) · Repo · Changelog

Release Notes

1.13.1 (from changelog)

* Avoid spurious frozen string literal warnings for chilled strings when using Ruby 3.4 (jeremyevans)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 3 commits:

• Bump version to 1.13.1
• Use -W:strict_unused_block when running tests on Ruby 3.4+
• Avoid spurious frozen string literal warnings on Ruby 3.4.0-preview2

↗️ nokogiri (indirect, 1.17.1 → 1.18.0) · Repo · Changelog

Release Notes

1.18.0

v1.18.0 / 2024-12-25

Notable Changes

Ruby

This release introduces native gem support for Ruby 3.4.

This release ends support for Ruby 3.0, for which upstream support ended 2024-04-23.

This release ships separate precompiled GNU and Musl gems for all linux platforms. Previously both GNU and Musl target systems could use and install the same gem, e.g., the platform gem for x86_64-linux. Now, however, the precompiled gem platforms would be x86_64-linux-gnu and x86_64-linux-musl. So long as you're on bundler >= 2.5.6 this should be seamless other than perhaps needing to update the platforms in your "Gemfile.lock".

This release drops precompiled native platform gems for x86-linux and x86-mingw32. These platforms are still supported. Users on these platforms must install the "ruby platform" gem which requires a compiler toolchain. See Installing the ruby platform gem in the installation docs. (#3369, #3081)

Improved

• [CRuby] CSS and XPath queries are faster now that Node#xpath, Node#css, and related functions are using a faster XPathContext initialization process. We benchmarked a 1.9x improvement for a 6kb file. Big thanks to @nwellnhof for helping with this one. (#3378, superseded by #3389) @flavorjones

sha256 checksums

a240b4183b7a12d82cdd46d7a77255d785e01198ffb0c52c8aee1197daf0b465  nokogiri-1.18.0-aarch64-linux-gnu.gem
a12b764089d9c0e60f4794b685d29a97a3e2952caa1c4c87473c771edb7e9db5  nokogiri-1.18.0-aarch64-linux-musl.gem
e6e75760aa66adf5ea0dccfba2516c111526ba50f6475426975532d1a134173c  nokogiri-1.18.0-arm64-darwin.gem
80e9534e153b141242864c7274605fcb8312860a16460bae796fa4490acca4e8  nokogiri-1.18.0-arm-linux-gnu.gem
0764082c12c01447a0e9b522d3d2cc91f384a683453c7a55842502d37b0180a8  nokogiri-1.18.0-arm-linux-musl.gem
119dea343386d88849f44dd8c36fb1cc36f4a4fe42cf4d60f26f4bac18b3a709  nokogiri-1.18.0.gem
432ecef3824ff23d38c897b4d08cddb5d10cf53838add84834349422038e4812  nokogiri-1.18.0-java.gem
ab1d35ce91ee9af7fbe45e97a6eca0e6b103b724a7b4712e6eeb7968ca9809eb  nokogiri-1.18.0-x64-mingw-ucrt.gem
4c27a29a3509f38caeec582feef381b07d1e80f56a622b3548be07271dc903b9  nokogiri-1.18.0-x86_64-darwin.gem
1232a310b8e186d402a5f3d0c06affafaf25b1c30b01aa797559ac7bd5851c92  nokogiri-1.18.0-x86_64-linux-gnu.gem
5ec8161e1a0799102227009122ef836824abfab693fd4b32cb252e2f34f300c2  nokogiri-1.18.0-x86_64-linux-musl.gem

1.17.2

v1.17.2 / 2024-12-12

Fixed

• [JRuby] Fixed an issue where Node#dup when called with the new_parent_doc parameter was not decorating the node with the document's Node decorators. [#3372] @flavorjones

sha256 checksums

585c8cac6380848b7973bacfd0584628d116810e5f209db25e22d0c32313e681  nokogiri-1.17.2-aarch64-linux.gem
0c5eb06ba1c112d33c2bb29973b07e2f21c4ddb66c67c9386fd97ff1c5d84686  nokogiri-1.17.2-arm64-darwin.gem
3d033ad9b09d5b8a203f0f2156053e93a9327a9c7887c0ceb9fa78c71d27280d  nokogiri-1.17.2-arm-linux.gem
75825401f59b1a8746ee8ce5d066c8f11e745642e36a4452e206730b03d1fd8c  nokogiri-1.17.2.gem
ffe1fc1353f831793260b3023f575b4ed2e6144404947c57ad37ad932f9adb94  nokogiri-1.17.2-java.gem
da29e3d6add44bfc0bec8b9d4c7c660b38c7fc16ef505313839e07c3358d1059  nokogiri-1.17.2-x64-mingw32.gem
2bb710109d52f1209ea013c1f9603cd24271a9f22d387c0c45fced62945b4a30  nokogiri-1.17.2-x64-mingw-ucrt.gem
dc5977eb3416e1d501b22b0ed4737bf7604121491405865b887975eacfb3e896  nokogiri-1.17.2-x86_64-darwin.gem
e8614ae8d776bd9adb535ca814375e7ae05d7cfa6aa01909e561484f6d70be0b  nokogiri-1.17.2-x86_64-linux.gem
8c4dd75e35810bdeb7c74943f383ca665baf6aed8fc2b78c1d305094a72794aa  nokogiri-1.17.2-x86-linux.gem
9038e8b59e2eb48feb18f0efb093bd21a19d0eb17eed822a155b2a6860381702  nokogiri-1.17.2-x86-mingw32.gem

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ rack-test (indirect, 2.1.0 → 2.2.0) · Repo · Changelog

Release Notes

2.2.0 (from changelog)

• Bug fixes:

  • Rack::Test::Cookie now parses cookie parameters using a case-insensitive approach (Guillaume Malette #349)

• Minor enhancements:

  • Arrays of cookies containing a blank cookie are now handled correctly when processing responses. (Martin Emde #343)
  • Rack::Test::UploadedFile no longer uses a finalizer for named paths to close and unlink the created Tempfile. Tempfile itself uses a finalizer to close and unlink itself, so there is no reason for Rack::Test::UploadedFile to do so (Jeremy Evans #338)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 15 commits:

• Bump version to 2.2.0
• Update History for missed commit
• Remove unnecessary check for starting period in domain inside #valid?
• Use -W:strict_unused_block when running tests on Ruby 3.4+
• Fix spurious warnings in tests when using Rack 3.1
• Update History.md
• fix: cookie-av allows arbitrary casing
• Fix a couple spec failures on Ruby 3.4.0-preview2
• Fix array of cookies in response containing a blank cookie
• Add Ruby 3.3 to CI and bump actions/checkout to v4
• Remove use of finalizer in Rack::Test::UploadedFile (Fixes #338)
• Prefer Dir.glob with block
• Stop testing Ruby 2.2 in CI as it no longer works with ubuntu-latest
• Move to actions/checkout@v3
• Add README.md to doc

↗️ rails-html-sanitizer (indirect, 1.6.1 → 1.6.2) · Repo · Changelog

Release Notes

1.6.2

v1.6.2 / 2024-12-12

• PermitScrubber fully supports frozen "allowed tags".

  v1.6.1 introduced safety checks that may remove unsafe tags from the allowed list, which
  introduced a regression for applications passing a frozen array of allowed tags. Tags and
  attributes are now properly copied when they are passed to the scrubber.

  Fixes #195.

  Mike Dalessio

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 2 commits:

• version bump to v1.6.2
• fix: PermitScrubber accepts frozen tags

↗️ railties (indirect, 7.0.8.6 → 7.0.8.7) · Repo · Changelog

Release Notes

7.0.8.7 (from changelog)

• No changes.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 3 commits:

• Preparing for 7.0.8.7 release
• Update vendored trix version to 1.3.4
• Add CSP directive validation

↗️ timeout (indirect, 0.4.2 → 0.4.3) · Repo

Release Notes

0.4.3

What's Changed

• Bump rubygems/release-gem from 612653d273a73bdae1df8453e090060bb4db5f31 to 9e85cb11501bebc2ae661c1500176316d3987059 by @dependabot in #54
• Bump step-security/harden-runner from 2.10.1 to 2.10.2 by @dependabot in #55
• added the check for negative sec by @Cosmicoppai in #51

New Contributors

• @Cosmicoppai made their first contribution in #51

Full Changelog: v0.4.2...v0.4.3

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 9 commits:

• Bump up v0.4.3
• Merge pull request #51 from Cosmicoppai/co/timeout
• Fixed version number of rubygems/release-gem
• Merge pull request #55 from ruby/dependabot/github_actions/step-security/harden-runner-2.10.2
• Merge pull request #54 from ruby/dependabot/github_actions/rubygems/release-gem-9e85cb11501bebc2ae661c1500176316d3987059
• Bump step-security/harden-runner from 2.10.1 to 2.10.2
• Bump rubygems/release-gem
• removed the non numeric check
• updated doc string

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu cancel merge

Cancels automatic merging of this PR

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)

[coveralls]

coverage: 98.313%. remained the same
when pulling 1d83baf on depfu/update/rails-mermaid_erd-0.6.0
into fb03c2e on main.