mechanize 2.7.4 → 2.8.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: f74b81c4883e990cd6360ee0294a3ff1ae1c8d59
-  data.tar.gz: 872ab6eeda86c290a94105a730bfec64ee819493
+SHA256:
+  metadata.gz: 53105ca453eb763c9cb80bea61508bbc08e500f96aceae911191490e4bb03af5
+  data.tar.gz: f5e0f84257bc299060775ce26d52b80d89153db95d3bfa98d8bfbdc1c3cb5fce
 SHA512:
-  metadata.gz: 96dc6beaa52babf27369eb8548733298782a2409f7a2bb43c9a5e9241445d96e117c54ad5b8c3e445b6b4c4ea1edb37f8b223b0513916f8be7b591fa3e29c598
-  data.tar.gz: 95e653b7705518a33aa5bbb765be7ddc4603756e0ee24bd5ab6c2979d039ea5b29e94ae9a2b8e478ceaa993b165d83a65d695212fa271ab59889fe7c811c876d
+  metadata.gz: 4a55d7aedbc2e81ed13d073c6ff63b60fb4ad060c771589c0024abb3b02c55ee5be54fa5c44b60c78dc3d201e31358c1f9a4922befff223c5f68befb462a4a6a
+  data.tar.gz: cf5967ce52c29e352dc820d5fd943434d37fe279a2ae957531f88f96a23ce7b7c206066c236e5308b912c6757ca8e130e354d26f7dd90ed529522aa7cc8be24a

data/.github/workflows/ci-test.yml

@@ -0,0 +1,45 @@
+name: "ci"
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    types: [opened, synchronize]
+    branches:
+      - main
+
+jobs:
+  test:
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby-version: ["2.5", "2.6", "2.7", "3.0", "jruby", "truffleruby-head"]
+
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true
+    - name: Run tests
+      run: bundle exec rake
+
+  test-platform:
+    strategy:
+      fail-fast: false
+      matrix:
+        platform: ["windows-latest", "macos-latest"]
+
+    runs-on: ${{ matrix.platform }}
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 3.0
+        bundler-cache: true
+    - name: Run tests
+      run: bundle exec rake

data/.yardopts

@@ -0,0 +1,8 @@
+--main=README.md
+lib/**/*.rb
+-
+README.md
+LICENSE.txt
+CHANGELOG.md
+GUIDE.rdoc
+EXAMPLES.rdoc

data/{CHANGELOG.rdoc → CHANGELOG.md}

@@ -1,6 +1,82 @@
-= Mechanize CHANGELOG
+# Mechanize CHANGELOG
 
-=== 2.7.4
+## 2.8.1 / 2021-05-09
+
+### Fix
+
+* Gracefully handle parsing errors that contain an invalid byte sequence. Previously, if libxml2 registered a parsing error that itself contained invalid encoding, an exception might be raised. (#553)
+
+
+## 2.8.0 / 2021-04-01
+
+### Requirements
+
+* Mechanize now requires Ruby 2.5 or newer.
+* Move from `ntlm-http` to `rubyntlm` gem. (#495, #574)
+
+### New Features
+
+* Page::Link#uri now handles non-ASCII `href`s. (#569) @terryyin
+* FileConnection supports Windows drive letters (#483)
+* Credential headers 'Authorization' and 'Cookie' are deleted on cross-origin redirects. (#538) @kyoshidajp
+* ContentDispositionParser handles ISO8601 date headers, to be robust with websites that ignore RFC2183. (#554) @reitermarkus
+
+### Bug fix
+
+* POST headers 'Content-Length', 'Content-MD5', and 'Content-Type' are deleted in a case-insensitive manner on redirects. Previously these headers were treated as case-sensitive.
+
+
+## 2.7.7 / 2021-02-01
+
+* Security fixes for CVE-2021-21289
+
+  Mechanize `>= v2.0`, `< v2.7.7` allows for OS commands to be injected into several classes'
+  methods via implicit use of Ruby's `Kernel.open` method. Exploitation is possible only if
+  untrusted input is used as a local filename and passed to any of these calls:
+
+  - `Mechanize::CookieJar#load`: since v2.0 (see 208e3ed)
+  - `Mechanize::CookieJar#save_as`: since v2.0 (see 5b776a4)
+  - `Mechanize#download`: since v2.2 (see dc91667)
+  - `Mechanize::Download#save` and `#save!` since v2.1 (see 98b2f51, bd62ff0)
+  - `Mechanize::File#save` and `#save_as`: since v2.1 (see 2bf7519)
+  - `Mechanize::FileResponse#read_body`: since v2.0 (see 01039f5)
+
+  See https://github.com/sparklemotion/mechanize/security/advisories/GHSA-qrqm-fpv6-6r8g for more
+  information.
+
+  Also see #547, #548. Thank you, @kyoshidajp!
+
+* New Features
+  * Support for Ruby 3.0 by adding `webrick` as a runtime dependency. (#557) @pvalena
+
+* Bug fix
+  * Ignore input fields with blank names (#542, #536)
+
+
+## 2.7.6
+
+* New Features
+  * Mechanize#set_proxy accepts an HTTP URL/URI. (#513)
+
+* Bug fix
+  * Fix element(s)_with(search: selector) methods not working for forms, form fields and frames. (#444)
+  * Improve the filename parser for the `Content-Disposition` header. (#496, #517)
+  * Accept `Content-Encoding: identity`. (#515)
+  * Mechanize::Page#title no longer picks a title in an embeded SVG/RDF element. (#503)
+  * Make Mechanize::Form#has_field? boolean. (#501)
+
+## 2.7.5
+
+* New Features
+  * All 4xx responses and RedirectLimitReachedError when fetching robots.txt are treated as full allow just like Googlebot does.
+  * Enable support for mime-types > 3.
+
+* Bug fix
+  * Don't cause infinite loop when `GET /robots.txt` redirects. (#457)
+  * Fix basic authentication for a realm that contains uppercase characters. (#458, #459)
+  * Fix encoding error when uploading a file which name is non-ASCII. (#333)
+
+## 2.7.4
 
 * New Features
   * Accept array-like and hash-like values as query/parameter value.
@@ -10,7 +86,7 @@
     Rawlins.
   * Capture link when scheme is unsupported. #362 by Jon Rowe.
   * Pre-defined User-Agent stings are updated to those of more recent versions, and new aliases for IE 10/11 and Edge are added.
-  * Support for mime-types 1.x is restored while keeping compatible with mime-types 2.x and adding support for 3.0.
+  * Support for mime-types 1.x is restored while keeping compatible with mime-types 2.x.
   * Mechanize::Page now responds to #xpath, #css, #at_xpath, #at_css, and #%.
   * element(s)_with methods now accept :xpath and :css options for doing xpath/css
     selector searching.
@@ -22,7 +98,7 @@
   * Fix whitespace bug in WWW-Authenticate. #451, #450, by Rasmus Bergholdt
   * Don't allow redirect from a non-file URL to a file URL for security reasons. (#455)
 
-=== 2.7.3
+## 2.7.3
 
 * New Features
   * Allow net-http-persistent instance to be named. #324, John Weir.
@@ -33,34 +109,33 @@
   * Ensure Download#save! defaults back to original filename if
     none is provided (#300)
 
-=== 2.7.2
+## 2.7.2
 
 * Bug fix
   * API compatibility issues with Mechanize::CookieJar cookies has been
     addressed.  https://github.com/sparklemotion/http-cookie/issues/2 #326
 
-=== 2.7.1
+## 2.7.1
 
 * Bug fix
   * Ensure images with no "src" attribute still return correct URLs. #317
   * Fixes Mechanize::Parser#extract_filename where an empty string filename
     in the response caused unhandled exception. #318
 
-=== 2.7.0
+## 2.7.0
 
 * New Features
   * Mechanize::Agent#response_read will now raise a
     Mechanize::ResponseReadError instead of an EOFError and avoid losing
     requested content. #296.
-  * Depend on http-cookie, add backwards compatible deprecations.
-    #257 Akinori MUSHA.
+  * Depend on http-cookie, add backwards compatible deprecations. #257 Akinori MUSHA.
   * Added `Download#save!` for overwriting existing files. #300 Sean Kim.
 
 * Bug fix
   * Ensure page URLs with whitespace in them are escaped #313 @pacop.
   * Added a workaround for a bug of URI#+ that led to failure in resolving a relative path containing double slash like "/../http://.../". #304
 
-=== 2.6.0
+## 2.6.0
 
 * New Features
   * Mechanize#start and Mechanize#shutdown (Thanks, Damian Janowski!)
@@ -82,19 +157,16 @@
   * Added iPad and Android user agents.  #277 by sambit, #278 by seansay.
 
 * Bug fix
-  * Mechanize#cert and Mechanize#key now return the values set by
-    #cert= and #key=. #244, #245 (Thanks, Robert Gogolok!)
-  * Mechanize no longer submits disabled form fields.  #276 by Bogdan Gusiev,
-    #279 by Ricardo Valeriano.
+  * Mechanize#cert and Mechanize#key now return the values set by #cert= and #key=. #244, #245 (Thanks, Robert Gogolok!)
+  * Mechanize no longer submits disabled form fields.  #276 by Bogdan Gusiev, #279 by Ricardo Valeriano.
   * Mechanize::File#save now behaves like Mechanize::Download#save in
-    that it will create the parent directory before saving.
-    #272, #280 by Ryan Kowalick
+    that it will create the parent directory before saving. #272, #280 by Ryan Kowalick
   * Ensure `application/xml` is registered as an XML parser in
     `PluggableParser`, not just `text/xml`. #266 James Gregory
   * Mechanize now writes cookiestxt with a prefixed dot for wildcard domain
     handling. #295 by Mike Morearty.
 
-=== 2.5.2
+## 2.5.2
 
 * New Features
   * Mechanize::CookieJar#save_as takes a keyword option "session" to say
@@ -108,18 +180,17 @@
     In mechanize 3 the old "Mac FireFox" user-agent alias will be removed.
     Pull request #231 by Gavin Miller.
   * Mechanize now authenticates using the raw challenge, not a reconstructed
-    one, to avoid dealing with quoting rules of RFC 2617.  Fixes failures in
-    #231 due to net-http-digest_auth 1.2.1
+    one, to avoid dealing with quoting rules of RFC 2617.  Fixes failures in #231 due to net-http-digest_auth 1.2.1
   * Fixed Content-Disposition parameter parser to be case insensitive. #233
   * Fixed redirection counting in following meta refresh. #240
 
-=== 2.5.1
+## 2.5.1
 
 * Bug fix
   * Mechanize no longer copies POST requests during a redirect which was
     introduced by #215.  Pull request #229 by Godfrey Chan.
 
-=== 2.5
+## 2.5
 
 * Minor enhancements
   * Added Mechanize#ignore_bad_chunking for working around servers that don't
@@ -140,12 +211,11 @@
     terminate chunked transfer-encoding properly.  Issue #116
   * Mechanize no longer raises an exception when multiple identical
     radiobuttons are checked.  Issue #214 by Matthias Guenther
-  * Fixed documentation for pre_connect_hooks and post_connect_hooks.  Issue
-    #226 by Robert Poor
+  * Fixed documentation for pre_connect_hooks and post_connect_hooks.  Issue #226 by Robert Poor
   * Worked around ruby 1.8 run with -Ku and ISO-8859-1 encoded characters in
     URIs.  Issue #228 by Stanislav O.Pogrebnyak
 
-=== 2.4
+## 2.4
 
 * Security fix:
 
@@ -168,7 +238,7 @@
   * Improved exception messages for 401 Unauthorized responses.  Mechanize now
     tells you if you were missing credentials, had an incorrect password, etc.
 
-=== 2.3 / 2012-02-20
+## 2.3 / 2012-02-20
 
 * Minor enhancements
   * Add support for the Max-Age attribute in the Set-Cookie header.
@@ -188,14 +258,14 @@
   * Cookies with an empty Expires attribute value were stored as session
     cookies but cookies without the Expires attribute were not.  Issue #78
 
-=== 2.2.1 / 2012-02-13
+## 2.2.1 / 2012-02-13
 
 * Bug fixes
   * Add missing file to the gem, ensure that missing files won't cause
     failures again.  Issue #201 by Alex
   * Fix minor grammar issue in README.  Issue #200 by Shane Becker.
 
-=== 2.2 / 2012-02-12
+## 2.2 / 2012-02-12
 
 * API changes
   * MetaRefresh#href is not normalized to an absolute URL, but set to the
@@ -207,8 +277,7 @@
   * SSL parameters and proxy may now be set at any time.  Issue #194 by
     dsisnero.
   * Improved Mechanize::Page with #image_with and #images_with and
-    Mechanize::Page::Image various img element attribute accessors, #caption,
-    #extname, #mime_type and #fetch.  Pull request #173 by kitamomonga
+    Mechanize::Page::Image various img element attribute accessors, #caption, #extname, #mime_type and #fetch.  Pull request #173 by kitamomonga
   * Added MIME type parsing for content-types in Mechanize::PluggableParser
     for fine-grained parser choices.  Parsers will be chosen based on exact
     match, simplified type or media type in that order.  See
@@ -230,7 +299,7 @@
   * A link with an empty href is now resolved correctly where previously the
     query part was dropped.
 
-=== 2.1.1 / 2012-02-03
+## 2.1.1 / 2012-02-03
 
 * Bug fixes
   * Set missing idle_timeout default.  Issue #196
@@ -258,7 +327,7 @@
   * Documented how to convert a Mechanize::ResponseReadError into a File or
     Page, along with a new method #force_parse.  Issue #176
 
-=== 2.1 / 2011-12-20
+## 2.1 / 2011-12-20
 
 * Deprecations
   * Mechanize#get no longer accepts an options hash.
@@ -271,8 +340,7 @@
   * SSL connections will be verified against the system certificate store by
     default.
   * Added Mechanize#retry_change_requests to allow mechanize to retry POST and
-    other non-idempotent requests when you know it is safe to do so.  Issue
-    #123
+    other non-idempotent requests when you know it is safe to do so.  Issue #123
   * Mechanize can now stream files directly to disk without loading them into
     memory first through Mechanize::Download, a pluggable parser for
     downloading files.
@@ -287,8 +355,7 @@
       agent.pluggable_parser.default = Mechanize::Download
   * Added Mechanize#content_encoding_hooks which allow handling of
     non-standard content encodings like "agzip".  Patch #125 by kitamomonga
-  * Added dom_class to elements and the element matcher like dom_id.  Patch
-    #156 by Dan Hansen.
+  * Added dom_class to elements and the element matcher like dom_id.  Patch #156 by Dan Hansen.
   * Added support for the HTML5 keygen form element.  See
     http://dev.w3.org/html5/spec/Overview.html#the-keygen-element  Patch #157
     by Victor Costan.
@@ -337,11 +404,10 @@
   * The original Referer value persists on redirection.  Issue #150
   * Do not send a referer on a Refresh header based redirection.
   * Fixed encoding error in tests when LANG=C.  Patch #142 by jinschoi.
-  * The order of items in a form submission now match the DOM order.  Patch
-    #129 by kitamomonga
+  * The order of items in a form submission now match the DOM order.  Patch #129 by kitamomonga
   * Fixed proxy example in EXAMPLE.  Issue #146 by NielsKSchjoedt
 
-=== 2.0.1 / 2011-06-28
+## 2.0.1 / 2011-06-28
 
 Mechanize now uses minitest to avoid 1.9 vs 1.8 assertion availability in
 test/unit
@@ -352,7 +418,7 @@ test/unit
   * Mechanize#keep_alive_time no longer crashes but does nothing as
     net-http-persistent does not support HTTP/1.0 keep-alive extensions.
 
-=== 2.0 / 2011-06-27
+## 2.0 / 2011-06-27
 
 Mechanize is now under the MIT license
 
@@ -406,8 +472,7 @@ Mechanize is now under the MIT license
   * Mechanize now implements session cookies.  GH #78
   * Mechanize now implements deflate decoding.  GH #40
   * Mechanize now allows a certificate and key to be passed directly.  GH #71
-  * Mechanize::Form::MultiSelectList now implements #option_with and
-    #options_with.  GH #42
+  * Mechanize::Form::MultiSelectList now implements #option_with and #options_with.  GH #42
   * Add Mechanize::Page::Link#rel and #rel?(kind) to read and test the rel
     attribute.
   * Add Mechanize::Page#canonical_uri to read a </tt><link
@@ -460,7 +525,7 @@ Mechanize is now under the MIT license
   * Mechanize::Page::Link#uri now handles both escaped and unescaped hrefs.
     GH #107
 
-=== 1.0.0
+## 1.0.0
 
 * New Features:
 
@@ -478,7 +543,7 @@ Mechanize is now under the MIT license
   * Fixing default values with serialized cookies. GH #3
   * Checkboxes and fields are sorted by page appearance before submitting. #11
 
-=== 0.9.3
+## 0.9.3
 
 * Bug Fixes:
 
@@ -496,7 +561,7 @@ Mechanize is now under the MIT license
   * Fixed a bug with double semi-colons in Content-Disposition headers
   * Properly handling cookies that specify a path.  RF #25259
 
-=== 0.9.2 / 2009/03/05
+## 0.9.2 / 2009/03/05
 
 * New Features:
   * Mechanize#submit and Form#submit take arbitrary headers(thanks penguincoder)
@@ -509,7 +574,7 @@ Mechanize is now under the MIT license
   * Made Content-Type match case insensitive (Thanks Kelly Reynolds)
   * Non-string form parameters work
 
-=== 0.9.1 2009/02/23
+## 0.9.1 2009/02/23
 
 * New Features:
   * Encoding may be specified for a page: Page#encoding=
@@ -525,7 +590,7 @@ Mechanize is now under the MIT license
   * WAP content types will now be parsed
   * Rescued poorly formatted cookies.  Thanks Kelley Reynolds!
 
-=== 0.9.0
+## 0.9.0
 
 * Deprecations
   * WWW::Mechanize::List is gone!
@@ -535,7 +600,7 @@ Mechanize is now under the MIT license
 * Bug Fixes:
   * Nil check on page when base tag is used #23021
 
-=== 0.8.5
+## 0.8.5
 
 * Deprecations
   * WWW::Mechanize::List will be deprecated in 0.9.0, and warnings have
@@ -559,28 +624,28 @@ Mechanize is now under the MIT license
   * Mechanize#get requests no longer send a referer unless they are relative
     requests.
 
-=== 0.8.4
+## 0.8.4
 
 * Bug Fixes:
   * Setting the port number on the host header.
   * Fixing Authorization headers for picky servers
 
-=== 0.8.3
+## 0.8.3
 
 * Bug Fixes:
   * Making sure logger is set during SSL connections.
 
-=== 0.8.2
+## 0.8.2
 
 * Bug Fixes:
   * Doh!  I was accidentally setting headers twice.
 
-=== 0.8.1
+## 0.8.1
 
 * Bug Fixes:
   * Fixed problem with nil pointer when logger is set
 
-=== 0.8.0
+## 0.8.0
 
 * New Features:
   * Lifecycle hooks.  Mechanize#pre_connect_hooks, Mechanize#post_connect_hooks
@@ -594,7 +659,7 @@ Mechanize is now under the MIT license
   * Only setting headers once
   * Adding IIS authentication support
 
-=== 0.7.8
+## 0.7.8
 
 * Bug Fixes:
   * Fixed bug when receiving a 304 response (HTTPNotModified) on a page not
@@ -602,7 +667,7 @@ Mechanize is now under the MIT license
   * #21428 Default to HTML parser for 'application/xhtml+xml' content-type.
   * Fixed an issue where redirects were resending posted data
 
-=== 0.7.7
+## 0.7.7
 
 * New Features:
   * Page#form_with takes a +criteria+ hash.
@@ -623,7 +688,7 @@ Mechanize is now under the MIT license
   * #21233 Smarter multipart boundry. Thanks Todd Willey!
   * #20097 Supporting meta tag cookies.
 
-=== 0.7.6
+## 0.7.6
 
 * New Features:
   * Added support for reading Mozilla cookie jars.  Thanks Chris Riddoch!
@@ -646,32 +711,32 @@ Mechanize is now under the MIT license
   * Supporting blank strings for option values.
     http://rubyforge.org/tracker/index.php?func=detail&aid=19975&group_id=1453&atid=5709
 
-=== 0.7.5
+## 0.7.5
 
 * Fixed a bug when fetching files and not pages.  Thanks Mat Schaffer!
 
-=== 0.7.4
+## 0.7.4
 
 * doh!
 
-=== 0.7.3
+## 0.7.3
 
 * Pages are now yielded to a blocks given to WWW::Mechanize#get
 * WWW::Mechanize#get now takes hash arguments for uri parameters.
 * WWW::Mechanize#post takes an IO object as a parameter and posts correctly.
 * Fixing a strange zlib inflate problem on windows
 
-=== 0.7.2
+## 0.7.2
 
 * Handling gzipped responses with no Content-Length header
 
-=== 0.7.1
+## 0.7.1
 
 * Added iPhone to the user agent aliases. [#17572]
 * Fixed a bug with EOF errors in net/http.  [#17570]
 * Handling 0 length gzipped responses. [#17471]
 
-=== 0.7.0
+## 0.7.0
 
 * Removed Ruby 1.8.2 support
 * Changed parser to lazily parse links
@@ -679,7 +744,7 @@ Mechanize is now under the MIT license
 * Adding verify_callback for SSL requests.  Thanks Mike Dalessio!
 * Fixed a bug with Accept-Language header.  Thanks Bill Siggelkow.
 
-=== 0.6.11
+## 0.6.11
 
 * Detecting single quotes in meta redirects.
 * Adding pretty inspect for ruby versions > 1.8.4 (Thanks Joel Kociolek)
@@ -690,7 +755,7 @@ Mechanize is now under the MIT license
 * Added a FAQ
   http://rubyforge.org/tracker/?func=detail&aid=15772&group_id=1453&atid=5709
 
-=== 0.6.10
+## 0.6.10
 
 * Made digest authentication work with POSTs.
 * Made sure page was HTML before following meta refreshes.
@@ -709,7 +774,7 @@ Mechanize is now under the MIT license
 * Aliasing inspect to pretty_inspect.  Thanks Eric Promislow.
   http://rubyforge.org/pipermail/mechanize-users/2007-July/000157.html
 
-=== 0.6.9
+## 0.6.9
 
 * Updating UTF-8 support for urls
 * Adding AREA tags to the links list.
@@ -721,7 +786,7 @@ Mechanize is now under the MIT license
 * Added Digest Authentication support.  Thanks to Ryan Davis and Eric Hodel,
   you get a gold star!
 
-=== 0.6.8
+## 0.6.8
 
 * Keep alive can be shut off now with WWW::Mechanize#keep_alive
 * Conditional requests can be shut off with WWW::Mechanize#conditional_requests
@@ -732,12 +797,12 @@ Mechanize is now under the MIT license
 * Updating compatability with hpricot
 * Added more unit tests
 
-=== 0.6.7
+## 0.6.7
 
 * Fixed a bug with keep-alive requests
 * [#9549] fixed problem with cookie paths
 
-=== 0.6.6
+## 0.6.6
 
 * Removing hpricot overrides
 * Fixed a bug where alt text can be nil.  Thanks Yannick!
@@ -747,7 +812,7 @@ Mechanize is now under the MIT license
 * [#9434] Fixed bug where html entities weren't decoded
 * [#9150] Updated mechanize history to deal with redirects
 
-=== 0.6.5
+## 0.6.5
 
 * Copying headers to a hash to prevent memory leaks
 * Speeding up page parsing
@@ -762,7 +827,7 @@ Mechanize is now under the MIT license
   http://rubyforge.org/tracker/?func=detail&aid=7563&group_id=1453&atid=5709
 * Added MSIE 7.0 user agent string
 
-=== 0.6.4
+## 0.6.4
 
 * Adding the "redirect_ok" method to Mechanize to stop mechanize from
   following redirects.
@@ -779,7 +844,7 @@ Mechanize is now under the MIT license
 * Fixed bug [#6548].  Input type of 'button' was not being added as a button.
 * Fixed bug [#7139]. REXML parser calls hpricot parser by accident
 
-=== 0.6.3
+## 0.6.3
 
 * Added keys and values methods to Form
 * Added has_value? to Form
@@ -794,7 +859,7 @@ Mechanize is now under the MIT license
 * Fixed a bug where '#' symbols are encoded
   http://rubyforge.org/forum/message.php?msg_id=14747
 
-=== 0.6.2
+## 0.6.2
 
 * Added a yield to Page#form so that dealing with forms can be more DSL like.
 * Added the parsed page to the ResponseCodeError so that the parsed results
@@ -802,7 +867,7 @@ Mechanize is now under the MIT license
   http://rubyforge.org/pipermail/mechanize-users/2006-September/000007.html
 * Updated documentation (Thanks to Paul Smith)
 
-=== 0.6.1
+## 0.6.1
 
 * Added a method to Form called "submit".  Now forms can be submitted by
   calling a method on the form.
@@ -820,7 +885,7 @@ Mechanize is now under the MIT license
 * Fixed a bug with loading text in to links.
   http://rubyforge.org/pipermail/mechanize-users/2006-September/000000.html
 
-=== 0.6.0
+## 0.6.0
 
 * Changed main parser to use hpricot
 * Made WWW::Mechanize::Page class searchable like hpricot
@@ -832,7 +897,7 @@ Mechanize is now under the MIT license
 * Removed REXML helper methods since the main parser is now hpricot
 * Overhauled cookie parser to use WEBrick::Cookie
 
-=== 0.5.4
+## 0.5.4
 
 * Added WWW::Mechanize#trasact for saving history state between in a
   transaction.  See the EXAMPLES file.  Thanks Johan Kiviniemi.
@@ -847,7 +912,7 @@ Mechanize is now under the MIT license
 * Fixed a bug with saving files on windows
 * Fixed a bug with the filename being set in forms
 
-=== 0.5.3
+## 0.5.3
 
 * Mechanize#click will now act on the first element of an array.  So if an
   array of links is passed to WWW::Mechanize#click, the first link is clicked.
@@ -865,7 +930,7 @@ Mechanize is now under the MIT license
 * Updated log4r support for a speed increase.  Thanks Yinon Bentor
 * Added inspect methods and pretty printing
 
-=== 0.5.2
+## 0.5.2
 
 * Fixed a bug with input names that are nil
 * Added a warning when using attr_finder because attr_finder will be deprecated
@@ -882,12 +947,12 @@ Mechanize is now under the MIT license
   WWW::Mechanize::Form#set_fields.  Which can be used like so:
    form.set_fields( :foo => 'bar', :name => 'Aaron' )
 
-=== 0.5.1
+## 0.5.1
 
 * Fixed bug with file uploads
 * Added performance tweaks to the cookie class
 
-=== 0.5.0
+## 0.5.0
 
 * Added pluggable parsers. (Thanks to Eric Kolve for the idea)
 * Changed namespace so all classes are under WWW::Mechanize.
@@ -902,7 +967,7 @@ Mechanize is now under the MIT license
 * Removed support for body filters in favor of pluggable parsers.
 * Fixed cookie bug adding a '/' when the url is missing one (Thanks Nick Dainty)
 
-=== 0.4.7
+## 0.4.7
 
 * Fixed bug with no action in forms.  Thanks to Adam Wiggins
 * Setting a default user-agent string
@@ -911,7 +976,7 @@ Mechanize is now under the MIT license
   (thanks to Gregory Brown)
 * Added WWW::Mechanize#get_file for fetching non text/html files
 
-=== 0.4.6
+## 0.4.6
 
 * Added support for proxies
 * Added a uri field to WWW::Link
@@ -922,7 +987,7 @@ Mechanize is now under the MIT license
   allows syntax as such:    form.fields.name('q').value = 'xyz'
   Before it was like this:  form.fields.name('q').first.value = 'xyz'
 
-=== 0.4.5
+## 0.4.5
 
 * Added support for multiple values of the same name
 * Updated build_query_string to take an array of arrays (Thanks Michal Janeczek)
@@ -932,13 +997,13 @@ Mechanize is now under the MIT license
 * Fixed a bug with empty select lists
 * Fixing a problem with cookies not handling no spaces after semicolons
 
-=== 0.4.4
+## 0.4.4
 
 * Fixed error in method signature, basic_authetication is now basic_auth
 * Fixed bug with encoding names in file uploads (Big thanks to Alex Young)
 * Added options to the select list
 
-=== 0.4.3
+## 0.4.3
 
 * Added syntactic sugar for finding things
 * Fixed bug with HttpOnly option in cookies
@@ -946,21 +1011,21 @@ Mechanize is now under the MIT license
 * Defaulted dropdown lists to the first element
 * Added unit tests
 
-=== 0.4.2
+## 0.4.2
 
 * Added support for iframes
 * Made mechanize dependant on ruby-web rather than narf
 * Added unit tests
 * Fixed a bunch of warnings
 
-=== 0.4.1
+## 0.4.1
 
 * Added support for file uploading
 * Added support for frames (Thanks Gabriel[mailto:leerbag@googlemail.com])
 * Added more unit tests
 * Fixed some bugs
 
-=== 0.4.0
+## 0.4.0
 
 * Added more unit tests
 * Added a cookie jar with better cookie support, included expiration of cookies