mechanize 2.7.3 → 2.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: c12fbfdafc2cf8b5e94edf3db704c3ed421331f9
-  data.tar.gz: 0993d3a38d4241baa07167ba77a74cdd378e58fd
+SHA256:
+  metadata.gz: d7df2fdd2030e028d6107b3b54f94f788deba04b9615cb719ef2113291270d1c
+  data.tar.gz: ab12e971c446e5977662076f39711298b5311ef12fe54612855433e5e926fa46
 SHA512:
-  metadata.gz: 3f07973adedd7639b1dd91e37c91ec7d74a1d5ad85ff87b2668f7ecedd30c0e12d6a954b3fe3634764a29f745cec6084eb83b795fd9ee46203d8b8653d0f3cb1
-  data.tar.gz: a89b922deb0fd98ba15d35a7a130e28b373082d3a9505885594bb8c4689b5014cbf6a46238385bd9d046ce8f6ba42abc552c2cf97f90acc2b6521722463f3b3e
+  metadata.gz: 50f065469eb756a860e5c02b6e2d31cd5f25e0da2db9c4e9dddd018a96fb8fe4bb209ffd70c0e51c777ede12245faff86568a9e9044dd006d61d3514cd35660c
+  data.tar.gz: 6db1eaffd62dc89449721ad9d06dbc5d0f8d15f24b49cf9be84a3f88dc1bd91a41e1774aef12bdc9933e3b8e0d5b0050cf4dbaa675db6131f7723b3713921630

data/.github/workflows/ci-test.yml

@@ -0,0 +1,45 @@
+name: "ci"
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    types: [opened, synchronize]
+    branches:
+      - main
+
+jobs:
+  test:
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby-version: ["2.5", "2.6", "2.7", "3.0", "jruby"]
+
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true
+    - name: Run tests
+      run: bundle exec rake
+
+  test-platform:
+    strategy:
+      fail-fast: false
+      matrix:
+        platform: ["windows-latest", "macos-latest"]
+
+    runs-on: ${{ matrix.platform }}
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 3.0
+        bundler-cache: true
+    - name: Run tests
+      run: bundle exec rake

data/.gitignore

@@ -0,0 +1,15 @@
+*.swp
+*.gem
+*.rbc
+/.bundle
+/.config
+/Gemfile.lock
+/TAGS
+/pkg
+/tags
+/.rvmrc
+digest.htpasswd
+doc
+rdoc
+.yardoc
+_yardoc

data/.yardopts

@@ -0,0 +1,8 @@
+--main=README.md
+lib/**/*.rb
+-
+README.md
+LICENSE.txt
+CHANGELOG.md
+GUIDE.rdoc
+EXAMPLES.rdoc

data/{CHANGELOG.rdoc → CHANGELOG.md}

@@ -1,6 +1,93 @@
-= Mechanize CHANGELOG
+# Mechanize CHANGELOG
 
-=== 2.7.3
+## 2.8.0 / 2021-04-01
+
+* Requirements
+  * Mechanize now requires Ruby 2.5 or newer.
+  * Move from `ntlm-http` to `rubyntlm` gem. (#495, #574)
+
+* New Features
+  * Page::Link#uri now handles non-ASCII `href`s. (#569) @terryyin
+  * FileConnection supports Windows drive letters (#483)
+  * Credential headers 'Authorization' and 'Cookie' are deleted on cross-origin redirects. (#538) @kyoshidajp
+  * ContentDispositionParser handles ISO8601 date headers, to be robust with websites that ignore RFC2183. (#554) @reitermarkus
+
+* Bug fix
+  * POST headers 'Content-Length', 'Content-MD5', and 'Content-Type' are deleted in a case-insensitive manner on redirects. Previously these headers were treated as case-sensitive.
+
+## 2.7.7 / 2021-02-01
+
+* Security fixes for CVE-2021-21289
+
+  Mechanize `>= v2.0`, `< v2.7.7` allows for OS commands to be injected into several classes'
+  methods via implicit use of Ruby's `Kernel.open` method. Exploitation is possible only if
+  untrusted input is used as a local filename and passed to any of these calls:
+
+  - `Mechanize::CookieJar#load`: since v2.0 (see 208e3ed)
+  - `Mechanize::CookieJar#save_as`: since v2.0 (see 5b776a4)
+  - `Mechanize#download`: since v2.2 (see dc91667)
+  - `Mechanize::Download#save` and `#save!` since v2.1 (see 98b2f51, bd62ff0)
+  - `Mechanize::File#save` and `#save_as`: since v2.1 (see 2bf7519)
+  - `Mechanize::FileResponse#read_body`: since v2.0 (see 01039f5)
+
+  See https://github.com/sparklemotion/mechanize/security/advisories/GHSA-qrqm-fpv6-6r8g for more
+  information.
+
+  Also see #547, #548. Thank you, @kyoshidajp!
+
+* New Features
+  * Support for Ruby 3.0 by adding `webrick` as a runtime dependency. (#557) @pvalena
+
+* Bug fix
+  * Ignore input fields with blank names (#542, #536)
+
+
+## 2.7.6
+
+* New Features
+  * Mechanize#set_proxy accepts an HTTP URL/URI. (#513)
+
+* Bug fix
+  * Fix element(s)_with(search: selector) methods not working for forms, form fields and frames. (#444)
+  * Improve the filename parser for the `Content-Disposition` header. (#496, #517)
+  * Accept `Content-Encoding: identity`. (#515)
+  * Mechanize::Page#title no longer picks a title in an embeded SVG/RDF element. (#503)
+  * Make Mechanize::Form#has_field? boolean. (#501)
+
+## 2.7.5
+
+* New Features
+  * All 4xx responses and RedirectLimitReachedError when fetching robots.txt are treated as full allow just like Googlebot does.
+  * Enable support for mime-types > 3.
+
+* Bug fix
+  * Don't cause infinite loop when `GET /robots.txt` redirects. (#457)
+  * Fix basic authentication for a realm that contains uppercase characters. (#458, #459)
+  * Fix encoding error when uploading a file which name is non-ASCII. (#333)
+
+## 2.7.4
+
+* New Features
+  * Accept array-like and hash-like values as query/parameter value.
+    A new utility method Mechanize::Util.each_parameter is added, and Mechanize::Util.build_query_string is enhanced
+    for this feature.
+  * Allow passing a `Form::FileUpload` instance to `#post`. #350 by Sam
+    Rawlins.
+  * Capture link when scheme is unsupported. #362 by Jon Rowe.
+  * Pre-defined User-Agent stings are updated to those of more recent versions, and new aliases for IE 10/11 and Edge are added.
+  * Support for mime-types 1.x is restored while keeping compatible with mime-types 2.x.
+  * Mechanize::Page now responds to #xpath, #css, #at_xpath, #at_css, and #%.
+  * element(s)_with methods now accept :xpath and :css options for doing xpath/css
+    selector searching.
+  * Pass URI information to Nokogiri where applicable. #405 @lulalala
+
+* Bug fix
+  * Don't raise an exception if a connection has set a {read,open}_timeout and
+    a `file://` request is made. (#397)
+  * Fix whitespace bug in WWW-Authenticate. #451, #450, by Rasmus Bergholdt
+  * Don't allow redirect from a non-file URL to a file URL for security reasons. (#455)
+
+## 2.7.3
 
 * New Features
   * Allow net-http-persistent instance to be named. #324, John Weir.
@@ -11,20 +98,20 @@
   * Ensure Download#save! defaults back to original filename if
     none is provided (#300)
 
-=== 2.7.2
+## 2.7.2
 
 * Bug fix
   * API compatibility issues with Mechanize::CookieJar cookies has been
     addressed.  https://github.com/sparklemotion/http-cookie/issues/2 #326
 
-=== 2.7.1
+## 2.7.1
 
 * Bug fix
   * Ensure images with no "src" attribute still return correct URLs. #317
   * Fixes Mechanize::Parser#extract_filename where an empty string filename
     in the response caused unhandled exception. #318
 
-=== 2.7.0
+## 2.7.0
 
 * New Features
   * Mechanize::Agent#response_read will now raise a
@@ -38,7 +125,7 @@
   * Ensure page URLs with whitespace in them are escaped #313 @pacop.
   * Added a workaround for a bug of URI#+ that led to failure in resolving a relative path containing double slash like "/../http://.../". #304
 
-=== 2.6.0
+## 2.6.0
 
 * New Features
   * Mechanize#start and Mechanize#shutdown (Thanks, Damian Janowski!)
@@ -72,7 +159,7 @@
   * Mechanize now writes cookiestxt with a prefixed dot for wildcard domain
     handling. #295 by Mike Morearty.
 
-=== 2.5.2
+## 2.5.2
 
 * New Features
   * Mechanize::CookieJar#save_as takes a keyword option "session" to say
@@ -91,13 +178,13 @@
   * Fixed Content-Disposition parameter parser to be case insensitive. #233
   * Fixed redirection counting in following meta refresh. #240
 
-=== 2.5.1
+## 2.5.1
 
 * Bug fix
   * Mechanize no longer copies POST requests during a redirect which was
     introduced by #215.  Pull request #229 by Godfrey Chan.
 
-=== 2.5
+## 2.5
 
 * Minor enhancements
   * Added Mechanize#ignore_bad_chunking for working around servers that don't
@@ -123,7 +210,7 @@
   * Worked around ruby 1.8 run with -Ku and ISO-8859-1 encoded characters in
     URIs.  Issue #228 by Stanislav O.Pogrebnyak
 
-=== 2.4
+## 2.4
 
 * Security fix:
 
@@ -146,7 +233,7 @@
   * Improved exception messages for 401 Unauthorized responses.  Mechanize now
     tells you if you were missing credentials, had an incorrect password, etc.
 
-=== 2.3 / 2012-02-20
+## 2.3 / 2012-02-20
 
 * Minor enhancements
   * Add support for the Max-Age attribute in the Set-Cookie header.
@@ -166,14 +253,14 @@
   * Cookies with an empty Expires attribute value were stored as session
     cookies but cookies without the Expires attribute were not.  Issue #78
 
-=== 2.2.1 / 2012-02-13
+## 2.2.1 / 2012-02-13
 
 * Bug fixes
   * Add missing file to the gem, ensure that missing files won't cause
     failures again.  Issue #201 by Alex
   * Fix minor grammar issue in README.  Issue #200 by Shane Becker.
 
-=== 2.2 / 2012-02-12
+## 2.2 / 2012-02-12
 
 * API changes
   * MetaRefresh#href is not normalized to an absolute URL, but set to the
@@ -208,7 +295,7 @@
   * A link with an empty href is now resolved correctly where previously the
     query part was dropped.
 
-=== 2.1.1 / 2012-02-03
+## 2.1.1 / 2012-02-03
 
 * Bug fixes
   * Set missing idle_timeout default.  Issue #196
@@ -236,7 +323,7 @@
   * Documented how to convert a Mechanize::ResponseReadError into a File or
     Page, along with a new method #force_parse.  Issue #176
 
-=== 2.1 / 2011-12-20
+## 2.1 / 2011-12-20
 
 * Deprecations
   * Mechanize#get no longer accepts an options hash.
@@ -319,7 +406,7 @@
     #129 by kitamomonga
   * Fixed proxy example in EXAMPLE.  Issue #146 by NielsKSchjoedt
 
-=== 2.0.1 / 2011-06-28
+## 2.0.1 / 2011-06-28
 
 Mechanize now uses minitest to avoid 1.9 vs 1.8 assertion availability in
 test/unit
@@ -330,7 +417,7 @@ test/unit
   * Mechanize#keep_alive_time no longer crashes but does nothing as
     net-http-persistent does not support HTTP/1.0 keep-alive extensions.
 
-=== 2.0 / 2011-06-27
+## 2.0 / 2011-06-27
 
 Mechanize is now under the MIT license
 
@@ -438,7 +525,7 @@ Mechanize is now under the MIT license
   * Mechanize::Page::Link#uri now handles both escaped and unescaped hrefs.
     GH #107
 
-=== 1.0.0
+## 1.0.0
 
 * New Features:
 
@@ -456,7 +543,7 @@ Mechanize is now under the MIT license
   * Fixing default values with serialized cookies. GH #3
   * Checkboxes and fields are sorted by page appearance before submitting. #11
 
-=== 0.9.3
+## 0.9.3
 
 * Bug Fixes:
 
@@ -474,7 +561,7 @@ Mechanize is now under the MIT license
   * Fixed a bug with double semi-colons in Content-Disposition headers
   * Properly handling cookies that specify a path.  RF #25259
 
-=== 0.9.2 / 2009/03/05
+## 0.9.2 / 2009/03/05
 
 * New Features:
   * Mechanize#submit and Form#submit take arbitrary headers(thanks penguincoder)
@@ -487,7 +574,7 @@ Mechanize is now under the MIT license
   * Made Content-Type match case insensitive (Thanks Kelly Reynolds)
   * Non-string form parameters work
 
-=== 0.9.1 2009/02/23
+## 0.9.1 2009/02/23
 
 * New Features:
   * Encoding may be specified for a page: Page#encoding=
@@ -503,7 +590,7 @@ Mechanize is now under the MIT license
   * WAP content types will now be parsed
   * Rescued poorly formatted cookies.  Thanks Kelley Reynolds!
 
-=== 0.9.0
+## 0.9.0
 
 * Deprecations
   * WWW::Mechanize::List is gone!
@@ -513,7 +600,7 @@ Mechanize is now under the MIT license
 * Bug Fixes:
   * Nil check on page when base tag is used #23021
 
-=== 0.8.5
+## 0.8.5
 
 * Deprecations
   * WWW::Mechanize::List will be deprecated in 0.9.0, and warnings have
@@ -537,28 +624,28 @@ Mechanize is now under the MIT license
   * Mechanize#get requests no longer send a referer unless they are relative
     requests.
 
-=== 0.8.4
+## 0.8.4
 
 * Bug Fixes:
   * Setting the port number on the host header.
   * Fixing Authorization headers for picky servers
 
-=== 0.8.3
+## 0.8.3
 
 * Bug Fixes:
   * Making sure logger is set during SSL connections.
 
-=== 0.8.2
+## 0.8.2
 
 * Bug Fixes:
   * Doh!  I was accidentally setting headers twice.
 
-=== 0.8.1
+## 0.8.1
 
 * Bug Fixes:
   * Fixed problem with nil pointer when logger is set
 
-=== 0.8.0
+## 0.8.0
 
 * New Features:
   * Lifecycle hooks.  Mechanize#pre_connect_hooks, Mechanize#post_connect_hooks
@@ -572,7 +659,7 @@ Mechanize is now under the MIT license
   * Only setting headers once
   * Adding IIS authentication support
 
-=== 0.7.8
+## 0.7.8
 
 * Bug Fixes:
   * Fixed bug when receiving a 304 response (HTTPNotModified) on a page not
@@ -580,7 +667,7 @@ Mechanize is now under the MIT license
   * #21428 Default to HTML parser for 'application/xhtml+xml' content-type.
   * Fixed an issue where redirects were resending posted data
 
-=== 0.7.7
+## 0.7.7
 
 * New Features:
   * Page#form_with takes a +criteria+ hash.
@@ -601,7 +688,7 @@ Mechanize is now under the MIT license
   * #21233 Smarter multipart boundry. Thanks Todd Willey!
   * #20097 Supporting meta tag cookies.
 
-=== 0.7.6
+## 0.7.6
 
 * New Features:
   * Added support for reading Mozilla cookie jars.  Thanks Chris Riddoch!
@@ -624,32 +711,32 @@ Mechanize is now under the MIT license
   * Supporting blank strings for option values.
     http://rubyforge.org/tracker/index.php?func=detail&aid=19975&group_id=1453&atid=5709
 
-=== 0.7.5
+## 0.7.5
 
 * Fixed a bug when fetching files and not pages.  Thanks Mat Schaffer!
 
-=== 0.7.4
+## 0.7.4
 
 * doh!
 
-=== 0.7.3
+## 0.7.3
 
 * Pages are now yielded to a blocks given to WWW::Mechanize#get
 * WWW::Mechanize#get now takes hash arguments for uri parameters.
 * WWW::Mechanize#post takes an IO object as a parameter and posts correctly.
 * Fixing a strange zlib inflate problem on windows
 
-=== 0.7.2
+## 0.7.2
 
 * Handling gzipped responses with no Content-Length header
 
-=== 0.7.1
+## 0.7.1
 
 * Added iPhone to the user agent aliases. [#17572]
 * Fixed a bug with EOF errors in net/http.  [#17570]
 * Handling 0 length gzipped responses. [#17471]
 
-=== 0.7.0
+## 0.7.0
 
 * Removed Ruby 1.8.2 support
 * Changed parser to lazily parse links
@@ -657,7 +744,7 @@ Mechanize is now under the MIT license
 * Adding verify_callback for SSL requests.  Thanks Mike Dalessio!
 * Fixed a bug with Accept-Language header.  Thanks Bill Siggelkow.
 
-=== 0.6.11
+## 0.6.11
 
 * Detecting single quotes in meta redirects.
 * Adding pretty inspect for ruby versions > 1.8.4 (Thanks Joel Kociolek)
@@ -668,7 +755,7 @@ Mechanize is now under the MIT license
 * Added a FAQ
   http://rubyforge.org/tracker/?func=detail&aid=15772&group_id=1453&atid=5709
 
-=== 0.6.10
+## 0.6.10
 
 * Made digest authentication work with POSTs.
 * Made sure page was HTML before following meta refreshes.
@@ -687,7 +774,7 @@ Mechanize is now under the MIT license
 * Aliasing inspect to pretty_inspect.  Thanks Eric Promislow.
   http://rubyforge.org/pipermail/mechanize-users/2007-July/000157.html
 
-=== 0.6.9
+## 0.6.9
 
 * Updating UTF-8 support for urls
 * Adding AREA tags to the links list.
@@ -699,7 +786,7 @@ Mechanize is now under the MIT license
 * Added Digest Authentication support.  Thanks to Ryan Davis and Eric Hodel,
   you get a gold star!
 
-=== 0.6.8
+## 0.6.8
 
 * Keep alive can be shut off now with WWW::Mechanize#keep_alive
 * Conditional requests can be shut off with WWW::Mechanize#conditional_requests
@@ -710,12 +797,12 @@ Mechanize is now under the MIT license
 * Updating compatability with hpricot
 * Added more unit tests
 
-=== 0.6.7
+## 0.6.7
 
 * Fixed a bug with keep-alive requests
 * [#9549] fixed problem with cookie paths
 
-=== 0.6.6
+## 0.6.6
 
 * Removing hpricot overrides
 * Fixed a bug where alt text can be nil.  Thanks Yannick!
@@ -725,7 +812,7 @@ Mechanize is now under the MIT license
 * [#9434] Fixed bug where html entities weren't decoded
 * [#9150] Updated mechanize history to deal with redirects
 
-=== 0.6.5
+## 0.6.5
 
 * Copying headers to a hash to prevent memory leaks
 * Speeding up page parsing
@@ -740,7 +827,7 @@ Mechanize is now under the MIT license
   http://rubyforge.org/tracker/?func=detail&aid=7563&group_id=1453&atid=5709
 * Added MSIE 7.0 user agent string
 
-=== 0.6.4
+## 0.6.4
 
 * Adding the "redirect_ok" method to Mechanize to stop mechanize from
   following redirects.
@@ -757,7 +844,7 @@ Mechanize is now under the MIT license
 * Fixed bug [#6548].  Input type of 'button' was not being added as a button.
 * Fixed bug [#7139]. REXML parser calls hpricot parser by accident
 
-=== 0.6.3
+## 0.6.3
 
 * Added keys and values methods to Form
 * Added has_value? to Form
@@ -772,7 +859,7 @@ Mechanize is now under the MIT license
 * Fixed a bug where '#' symbols are encoded
   http://rubyforge.org/forum/message.php?msg_id=14747
 
-=== 0.6.2
+## 0.6.2
 
 * Added a yield to Page#form so that dealing with forms can be more DSL like.
 * Added the parsed page to the ResponseCodeError so that the parsed results
@@ -780,7 +867,7 @@ Mechanize is now under the MIT license
   http://rubyforge.org/pipermail/mechanize-users/2006-September/000007.html
 * Updated documentation (Thanks to Paul Smith)
 
-=== 0.6.1
+## 0.6.1
 
 * Added a method to Form called "submit".  Now forms can be submitted by
   calling a method on the form.
@@ -798,7 +885,7 @@ Mechanize is now under the MIT license
 * Fixed a bug with loading text in to links.
   http://rubyforge.org/pipermail/mechanize-users/2006-September/000000.html
 
-=== 0.6.0
+## 0.6.0
 
 * Changed main parser to use hpricot
 * Made WWW::Mechanize::Page class searchable like hpricot
@@ -810,7 +897,7 @@ Mechanize is now under the MIT license
 * Removed REXML helper methods since the main parser is now hpricot
 * Overhauled cookie parser to use WEBrick::Cookie
 
-=== 0.5.4
+## 0.5.4
 
 * Added WWW::Mechanize#trasact for saving history state between in a
   transaction.  See the EXAMPLES file.  Thanks Johan Kiviniemi.
@@ -825,7 +912,7 @@ Mechanize is now under the MIT license
 * Fixed a bug with saving files on windows
 * Fixed a bug with the filename being set in forms
 
-=== 0.5.3
+## 0.5.3
 
 * Mechanize#click will now act on the first element of an array.  So if an
   array of links is passed to WWW::Mechanize#click, the first link is clicked.
@@ -843,7 +930,7 @@ Mechanize is now under the MIT license
 * Updated log4r support for a speed increase.  Thanks Yinon Bentor
 * Added inspect methods and pretty printing
 
-=== 0.5.2
+## 0.5.2
 
 * Fixed a bug with input names that are nil
 * Added a warning when using attr_finder because attr_finder will be deprecated
@@ -860,12 +947,12 @@ Mechanize is now under the MIT license
   WWW::Mechanize::Form#set_fields.  Which can be used like so:
    form.set_fields( :foo => 'bar', :name => 'Aaron' )
 
-=== 0.5.1
+## 0.5.1
 
 * Fixed bug with file uploads
 * Added performance tweaks to the cookie class
 
-=== 0.5.0
+## 0.5.0
 
 * Added pluggable parsers. (Thanks to Eric Kolve for the idea)
 * Changed namespace so all classes are under WWW::Mechanize.
@@ -880,7 +967,7 @@ Mechanize is now under the MIT license
 * Removed support for body filters in favor of pluggable parsers.
 * Fixed cookie bug adding a '/' when the url is missing one (Thanks Nick Dainty)
 
-=== 0.4.7
+## 0.4.7
 
 * Fixed bug with no action in forms.  Thanks to Adam Wiggins
 * Setting a default user-agent string
@@ -889,7 +976,7 @@ Mechanize is now under the MIT license
   (thanks to Gregory Brown)
 * Added WWW::Mechanize#get_file for fetching non text/html files
 
-=== 0.4.6
+## 0.4.6
 
 * Added support for proxies
 * Added a uri field to WWW::Link
@@ -900,7 +987,7 @@ Mechanize is now under the MIT license
   allows syntax as such:    form.fields.name('q').value = 'xyz'
   Before it was like this:  form.fields.name('q').first.value = 'xyz'
 
-=== 0.4.5
+## 0.4.5
 
 * Added support for multiple values of the same name
 * Updated build_query_string to take an array of arrays (Thanks Michal Janeczek)
@@ -910,13 +997,13 @@ Mechanize is now under the MIT license
 * Fixed a bug with empty select lists
 * Fixing a problem with cookies not handling no spaces after semicolons
 
-=== 0.4.4
+## 0.4.4
 
 * Fixed error in method signature, basic_authetication is now basic_auth
 * Fixed bug with encoding names in file uploads (Big thanks to Alex Young)
 * Added options to the select list
 
-=== 0.4.3
+## 0.4.3
 
 * Added syntactic sugar for finding things
 * Fixed bug with HttpOnly option in cookies
@@ -924,21 +1011,21 @@ Mechanize is now under the MIT license
 * Defaulted dropdown lists to the first element
 * Added unit tests
 
-=== 0.4.2
+## 0.4.2
 
 * Added support for iframes
 * Made mechanize dependant on ruby-web rather than narf
 * Added unit tests
 * Fixed a bunch of warnings
 
-=== 0.4.1
+## 0.4.1
 
 * Added support for file uploading
 * Added support for frames (Thanks Gabriel[mailto:leerbag@googlemail.com])
 * Added more unit tests
 * Fixed some bugs
 
-=== 0.4.0
+## 0.4.0
 
 * Added more unit tests
 * Added a cookie jar with better cookie support, included expiration of cookies