mechanize 2.7.6 → 2.12.2

data/{CHANGELOG.rdoc → CHANGELOG.md}

@@ -1,6 +1,142 @@
-= Mechanize CHANGELOG
+# Mechanize CHANGELOG
 
-=== 2.7.6
+## 2.12.2 / 2023-10-02
+
+* Quash warnings from `Mime::Type.new` in `mime-types` v3.6.0. (#655) @avk
+
+
+## 2.12.1 / 2024-08-21
+
+* Introduce experimental support for handling Zstd-compressed responses (CRuby only). (#652) @adrianodennanni
+
+
+## 2.12.0 / 2024-07-29
+
+* Introduce experimental support for handling Brotli-compressed responses (CRuby only). (#650) @weshatheleopard
+
+
+## 2.11.0 / 2024-07-18
+
+* The `accept-charset` header is no longer sent. In early versions of Mechanize, circa 2007, this was a common header but now no modern browser sends it, and servers are instructed to ignore it. See #646 for an example of a server that is confused by its presence. (#647) @flavorjones
+
+
+## 2.10.1 / 2024-06-12
+
+* Improve page encoding error recovery on pages with broken encoding when used with libxml2 >= 2.12.0. (#644) @flavorjones
+
+
+## 2.10.0 / 2024-01-22
+
+* Add `nkf` and `base64` as explicit dependencies, since they are being unbundled in Ruby 3.4. (#634) @flavorjones
+
+
+## 2.9.2 / 2024-01-15
+
+* Correct spelling errors in documentation. (#631) @p-linnane
+* Updated User-Agent strings to represent modern browser versions. (#632) @takatea
+
+
+## 2.9.1 / 2023-04-17
+
+### Update
+
+* Updated User-Agent strings to represent modern browser versions. (#612) Thank you, @takatea!
+
+
+## 2.9.0 / 2023-04-07
+
+### Requirements
+
+* Mechanize now requires Ruby 2.6 or newer.
+
+
+### Improvement
+
+* Mechanize can now parse frozen strings. (#610)
+
+
+## 2.8.5 / 2022-06-09
+
+### Security
+
+Fixes low-severity CVE-2022-31033, "Authorization header leak on port redirect." See [GHSA-64qm-hrgp-pgr9](https://github.com/sparklemotion/mechanize/security/advisories/GHSA-64qm-hrgp-pgr9) for more details.
+
+
+## 2.8.4 / 2022-01-17
+
+### Fix
+
+* `Mechanize::CookieJar#load` calls `Psych.safe_load` when using Psych >= 3.1
+
+
+## 2.8.3 / 2021-11-11
+
+### Update
+
+* Update the "Linux Firefox" user agent string to rev94 (#587) Thank you, @ncs1!
+
+
+## 2.8.2 / 2021-08-06
+
+### Dependencies
+
+* Update dependency on Addressable from `~>2.7` to `~>2.8`. (#584) @yidingww
+
+
+## 2.8.1 / 2021-05-09
+
+### Fix
+
+* Gracefully handle parsing errors that contain an invalid byte sequence. Previously, if libxml2 registered a parsing error that itself contained invalid encoding, an exception might be raised. (#553)
+
+
+## 2.8.0 / 2021-04-01
+
+### Requirements
+
+* Mechanize now requires Ruby 2.5 or newer.
+* Move from `ntlm-http` to `rubyntlm` gem. (#495, #574)
+
+### New Features
+
+* Page::Link#uri now handles non-ASCII `href`s. (#569) @terryyin
+* FileConnection supports Windows drive letters (#483)
+* Credential headers 'Authorization' and 'Cookie' are deleted on cross-origin redirects. (#538) @kyoshidajp
+* ContentDispositionParser handles ISO8601 date headers, to be robust with websites that ignore RFC2183. (#554) @reitermarkus
+
+### Bug fix
+
+* POST headers 'Content-Length', 'Content-MD5', and 'Content-Type' are deleted in a case-insensitive manner on redirects. Previously these headers were treated as case-sensitive.
+
+
+## 2.7.7 / 2021-02-01
+
+* Security fixes for CVE-2021-21289
+
+  Mechanize `>= v2.0`, `< v2.7.7` allows for OS commands to be injected into several classes'
+  methods via implicit use of Ruby's `Kernel.open` method. Exploitation is possible only if
+  untrusted input is used as a local filename and passed to any of these calls:
+
+  - `Mechanize::CookieJar#load`: since v2.0 (see 208e3ed)
+  - `Mechanize::CookieJar#save_as`: since v2.0 (see 5b776a4)
+  - `Mechanize#download`: since v2.2 (see dc91667)
+  - `Mechanize::Download#save` and `#save!` since v2.1 (see 98b2f51, bd62ff0)
+  - `Mechanize::File#save` and `#save_as`: since v2.1 (see 2bf7519)
+  - `Mechanize::FileResponse#read_body`: since v2.0 (see 01039f5)
+
+  See https://github.com/sparklemotion/mechanize/security/advisories/GHSA-qrqm-fpv6-6r8g for more
+  information.
+
+  Also see #547, #548. Thank you, @kyoshidajp!
+
+* New Features
+  * Support for Ruby 3.0 by adding `webrick` as a runtime dependency. (#557) @pvalena
+
+* Bug fix
+  * Ignore input fields with blank names (#542, #536)
+
+
+## 2.7.6
 
 * New Features
   * Mechanize#set_proxy accepts an HTTP URL/URI. (#513)
@@ -9,10 +145,10 @@
   * Fix element(s)_with(search: selector) methods not working for forms, form fields and frames. (#444)
   * Improve the filename parser for the `Content-Disposition` header. (#496, #517)
   * Accept `Content-Encoding: identity`. (#515)
-  * Mechanize::Page#title no longer picks a title in an embeded SVG/RDF element. (#503)
+  * Mechanize::Page#title no longer picks a title in an embedded SVG/RDF element. (#503)
   * Make Mechanize::Form#has_field? boolean. (#501)
 
-=== 2.7.5
+## 2.7.5
 
 * New Features
   * All 4xx responses and RedirectLimitReachedError when fetching robots.txt are treated as full allow just like Googlebot does.
@@ -23,7 +159,7 @@
   * Fix basic authentication for a realm that contains uppercase characters. (#458, #459)
   * Fix encoding error when uploading a file which name is non-ASCII. (#333)
 
-=== 2.7.4
+## 2.7.4
 
 * New Features
   * Accept array-like and hash-like values as query/parameter value.
@@ -45,7 +181,7 @@
   * Fix whitespace bug in WWW-Authenticate. #451, #450, by Rasmus Bergholdt
   * Don't allow redirect from a non-file URL to a file URL for security reasons. (#455)
 
-=== 2.7.3
+## 2.7.3
 
 * New Features
   * Allow net-http-persistent instance to be named. #324, John Weir.
@@ -56,34 +192,33 @@
   * Ensure Download#save! defaults back to original filename if
     none is provided (#300)
 
-=== 2.7.2
+## 2.7.2
 
 * Bug fix
   * API compatibility issues with Mechanize::CookieJar cookies has been
     addressed.  https://github.com/sparklemotion/http-cookie/issues/2 #326
 
-=== 2.7.1
+## 2.7.1
 
 * Bug fix
   * Ensure images with no "src" attribute still return correct URLs. #317
   * Fixes Mechanize::Parser#extract_filename where an empty string filename
     in the response caused unhandled exception. #318
 
-=== 2.7.0
+## 2.7.0
 
 * New Features
   * Mechanize::Agent#response_read will now raise a
     Mechanize::ResponseReadError instead of an EOFError and avoid losing
     requested content. #296.
-  * Depend on http-cookie, add backwards compatible deprecations.
-    #257 Akinori MUSHA.
+  * Depend on http-cookie, add backwards compatible deprecations. #257 Akinori MUSHA.
   * Added `Download#save!` for overwriting existing files. #300 Sean Kim.
 
 * Bug fix
   * Ensure page URLs with whitespace in them are escaped #313 @pacop.
   * Added a workaround for a bug of URI#+ that led to failure in resolving a relative path containing double slash like "/../http://.../". #304
 
-=== 2.6.0
+## 2.6.0
 
 * New Features
   * Mechanize#start and Mechanize#shutdown (Thanks, Damian Janowski!)
@@ -105,19 +240,16 @@
   * Added iPad and Android user agents.  #277 by sambit, #278 by seansay.
 
 * Bug fix
-  * Mechanize#cert and Mechanize#key now return the values set by
-    #cert= and #key=. #244, #245 (Thanks, Robert Gogolok!)
-  * Mechanize no longer submits disabled form fields.  #276 by Bogdan Gusiev,
-    #279 by Ricardo Valeriano.
+  * Mechanize#cert and Mechanize#key now return the values set by #cert= and #key=. #244, #245 (Thanks, Robert Gogolok!)
+  * Mechanize no longer submits disabled form fields.  #276 by Bogdan Gusiev, #279 by Ricardo Valeriano.
   * Mechanize::File#save now behaves like Mechanize::Download#save in
-    that it will create the parent directory before saving.
-    #272, #280 by Ryan Kowalick
+    that it will create the parent directory before saving. #272, #280 by Ryan Kowalick
   * Ensure `application/xml` is registered as an XML parser in
     `PluggableParser`, not just `text/xml`. #266 James Gregory
   * Mechanize now writes cookiestxt with a prefixed dot for wildcard domain
     handling. #295 by Mike Morearty.
 
-=== 2.5.2
+## 2.5.2
 
 * New Features
   * Mechanize::CookieJar#save_as takes a keyword option "session" to say
@@ -131,18 +263,17 @@
     In mechanize 3 the old "Mac FireFox" user-agent alias will be removed.
     Pull request #231 by Gavin Miller.
   * Mechanize now authenticates using the raw challenge, not a reconstructed
-    one, to avoid dealing with quoting rules of RFC 2617.  Fixes failures in
-    #231 due to net-http-digest_auth 1.2.1
+    one, to avoid dealing with quoting rules of RFC 2617.  Fixes failures in #231 due to net-http-digest_auth 1.2.1
   * Fixed Content-Disposition parameter parser to be case insensitive. #233
   * Fixed redirection counting in following meta refresh. #240
 
-=== 2.5.1
+## 2.5.1
 
 * Bug fix
   * Mechanize no longer copies POST requests during a redirect which was
     introduced by #215.  Pull request #229 by Godfrey Chan.
 
-=== 2.5
+## 2.5
 
 * Minor enhancements
   * Added Mechanize#ignore_bad_chunking for working around servers that don't
@@ -163,12 +294,11 @@
     terminate chunked transfer-encoding properly.  Issue #116
   * Mechanize no longer raises an exception when multiple identical
     radiobuttons are checked.  Issue #214 by Matthias Guenther
-  * Fixed documentation for pre_connect_hooks and post_connect_hooks.  Issue
-    #226 by Robert Poor
+  * Fixed documentation for pre_connect_hooks and post_connect_hooks.  Issue #226 by Robert Poor
   * Worked around ruby 1.8 run with -Ku and ISO-8859-1 encoded characters in
     URIs.  Issue #228 by Stanislav O.Pogrebnyak
 
-=== 2.4
+## 2.4
 
 * Security fix:
 
@@ -191,7 +321,7 @@
   * Improved exception messages for 401 Unauthorized responses.  Mechanize now
     tells you if you were missing credentials, had an incorrect password, etc.
 
-=== 2.3 / 2012-02-20
+## 2.3 / 2012-02-20
 
 * Minor enhancements
   * Add support for the Max-Age attribute in the Set-Cookie header.
@@ -211,14 +341,14 @@
   * Cookies with an empty Expires attribute value were stored as session
     cookies but cookies without the Expires attribute were not.  Issue #78
 
-=== 2.2.1 / 2012-02-13
+## 2.2.1 / 2012-02-13
 
 * Bug fixes
   * Add missing file to the gem, ensure that missing files won't cause
     failures again.  Issue #201 by Alex
   * Fix minor grammar issue in README.  Issue #200 by Shane Becker.
 
-=== 2.2 / 2012-02-12
+## 2.2 / 2012-02-12
 
 * API changes
   * MetaRefresh#href is not normalized to an absolute URL, but set to the
@@ -230,8 +360,7 @@
   * SSL parameters and proxy may now be set at any time.  Issue #194 by
     dsisnero.
   * Improved Mechanize::Page with #image_with and #images_with and
-    Mechanize::Page::Image various img element attribute accessors, #caption,
-    #extname, #mime_type and #fetch.  Pull request #173 by kitamomonga
+    Mechanize::Page::Image various img element attribute accessors, #caption, #extname, #mime_type and #fetch.  Pull request #173 by kitamomonga
   * Added MIME type parsing for content-types in Mechanize::PluggableParser
     for fine-grained parser choices.  Parsers will be chosen based on exact
     match, simplified type or media type in that order.  See
@@ -253,7 +382,7 @@
   * A link with an empty href is now resolved correctly where previously the
     query part was dropped.
 
-=== 2.1.1 / 2012-02-03
+## 2.1.1 / 2012-02-03
 
 * Bug fixes
   * Set missing idle_timeout default.  Issue #196
@@ -281,7 +410,7 @@
   * Documented how to convert a Mechanize::ResponseReadError into a File or
     Page, along with a new method #force_parse.  Issue #176
 
-=== 2.1 / 2011-12-20
+## 2.1 / 2011-12-20
 
 * Deprecations
   * Mechanize#get no longer accepts an options hash.
@@ -294,8 +423,7 @@
   * SSL connections will be verified against the system certificate store by
     default.
   * Added Mechanize#retry_change_requests to allow mechanize to retry POST and
-    other non-idempotent requests when you know it is safe to do so.  Issue
-    #123
+    other non-idempotent requests when you know it is safe to do so.  Issue #123
   * Mechanize can now stream files directly to disk without loading them into
     memory first through Mechanize::Download, a pluggable parser for
     downloading files.
@@ -310,8 +438,7 @@
       agent.pluggable_parser.default = Mechanize::Download
   * Added Mechanize#content_encoding_hooks which allow handling of
     non-standard content encodings like "agzip".  Patch #125 by kitamomonga
-  * Added dom_class to elements and the element matcher like dom_id.  Patch
-    #156 by Dan Hansen.
+  * Added dom_class to elements and the element matcher like dom_id.  Patch #156 by Dan Hansen.
   * Added support for the HTML5 keygen form element.  See
     http://dev.w3.org/html5/spec/Overview.html#the-keygen-element  Patch #157
     by Victor Costan.
@@ -324,8 +451,8 @@
   * When given multiple HTTP authentication options mechanize now picks the
     strongest method.
   * Improvements to HTTP authorization:
-    * mechanize raises Mechanize::UnathorizedError for 401 responses which is
-      a sublcass of Mechanize::ResponseCodeError.
+    * mechanize raises Mechanize::UnauthorizedError for 401 responses which is
+      a subclass of Mechanize::ResponseCodeError.
     * Added support for NTLM authentication, but this has not been tested.
   * Mechanize::Cookie.new accepts attributes in a hash.
   * Mechanize::CookieJar#<<(cookie) (alias: add!) is added.  Issue #139
@@ -360,11 +487,10 @@
   * The original Referer value persists on redirection.  Issue #150
   * Do not send a referer on a Refresh header based redirection.
   * Fixed encoding error in tests when LANG=C.  Patch #142 by jinschoi.
-  * The order of items in a form submission now match the DOM order.  Patch
-    #129 by kitamomonga
+  * The order of items in a form submission now match the DOM order.  Patch #129 by kitamomonga
   * Fixed proxy example in EXAMPLE.  Issue #146 by NielsKSchjoedt
 
-=== 2.0.1 / 2011-06-28
+## 2.0.1 / 2011-06-28
 
 Mechanize now uses minitest to avoid 1.9 vs 1.8 assertion availability in
 test/unit
@@ -375,7 +501,7 @@ test/unit
   * Mechanize#keep_alive_time no longer crashes but does nothing as
     net-http-persistent does not support HTTP/1.0 keep-alive extensions.
 
-=== 2.0 / 2011-06-27
+## 2.0 / 2011-06-27
 
 Mechanize is now under the MIT license
 
@@ -417,7 +543,7 @@ Mechanize is now under the MIT license
 
 * New Features
 
-  * Add header reference methods to Mechanize::File so that a reponse
+  * Add header reference methods to Mechanize::File so that a response
     object gets compatible with Net::HTTPResponse.
   * Mechanize#click accepts a regexp or string to click a button/link in the
     current page. It works as expected when not passed a string or regexp.
@@ -429,8 +555,7 @@ Mechanize is now under the MIT license
   * Mechanize now implements session cookies.  GH #78
   * Mechanize now implements deflate decoding.  GH #40
   * Mechanize now allows a certificate and key to be passed directly.  GH #71
-  * Mechanize::Form::MultiSelectList now implements #option_with and
-    #options_with.  GH #42
+  * Mechanize::Form::MultiSelectList now implements #option_with and #options_with.  GH #42
   * Add Mechanize::Page::Link#rel and #rel?(kind) to read and test the rel
     attribute.
   * Add Mechanize::Page#canonical_uri to read a </tt><link
@@ -483,7 +608,7 @@ Mechanize is now under the MIT license
   * Mechanize::Page::Link#uri now handles both escaped and unescaped hrefs.
     GH #107
 
-=== 1.0.0
+## 1.0.0
 
 * New Features:
 
@@ -501,7 +626,7 @@ Mechanize is now under the MIT license
   * Fixing default values with serialized cookies. GH #3
   * Checkboxes and fields are sorted by page appearance before submitting. #11
 
-=== 0.9.3
+## 0.9.3
 
 * Bug Fixes:
 
@@ -519,7 +644,7 @@ Mechanize is now under the MIT license
   * Fixed a bug with double semi-colons in Content-Disposition headers
   * Properly handling cookies that specify a path.  RF #25259
 
-=== 0.9.2 / 2009/03/05
+## 0.9.2 / 2009/03/05
 
 * New Features:
   * Mechanize#submit and Form#submit take arbitrary headers(thanks penguincoder)
@@ -532,7 +657,7 @@ Mechanize is now under the MIT license
   * Made Content-Type match case insensitive (Thanks Kelly Reynolds)
   * Non-string form parameters work
 
-=== 0.9.1 2009/02/23
+## 0.9.1 2009/02/23
 
 * New Features:
   * Encoding may be specified for a page: Page#encoding=
@@ -548,7 +673,7 @@ Mechanize is now under the MIT license
   * WAP content types will now be parsed
   * Rescued poorly formatted cookies.  Thanks Kelley Reynolds!
 
-=== 0.9.0
+## 0.9.0
 
 * Deprecations
   * WWW::Mechanize::List is gone!
@@ -558,7 +683,7 @@ Mechanize is now under the MIT license
 * Bug Fixes:
   * Nil check on page when base tag is used #23021
 
-=== 0.8.5
+## 0.8.5
 
 * Deprecations
   * WWW::Mechanize::List will be deprecated in 0.9.0, and warnings have
@@ -582,28 +707,28 @@ Mechanize is now under the MIT license
   * Mechanize#get requests no longer send a referer unless they are relative
     requests.
 
-=== 0.8.4
+## 0.8.4
 
 * Bug Fixes:
   * Setting the port number on the host header.
   * Fixing Authorization headers for picky servers
 
-=== 0.8.3
+## 0.8.3
 
 * Bug Fixes:
   * Making sure logger is set during SSL connections.
 
-=== 0.8.2
+## 0.8.2
 
 * Bug Fixes:
   * Doh!  I was accidentally setting headers twice.
 
-=== 0.8.1
+## 0.8.1
 
 * Bug Fixes:
   * Fixed problem with nil pointer when logger is set
 
-=== 0.8.0
+## 0.8.0
 
 * New Features:
   * Lifecycle hooks.  Mechanize#pre_connect_hooks, Mechanize#post_connect_hooks
@@ -617,7 +742,7 @@ Mechanize is now under the MIT license
   * Only setting headers once
   * Adding IIS authentication support
 
-=== 0.7.8
+## 0.7.8
 
 * Bug Fixes:
   * Fixed bug when receiving a 304 response (HTTPNotModified) on a page not
@@ -625,7 +750,7 @@ Mechanize is now under the MIT license
   * #21428 Default to HTML parser for 'application/xhtml+xml' content-type.
   * Fixed an issue where redirects were resending posted data
 
-=== 0.7.7
+## 0.7.7
 
 * New Features:
   * Page#form_with takes a +criteria+ hash.
@@ -643,10 +768,10 @@ Mechanize is now under the MIT license
     http://d.hatena.ne.jp/kitamomonga/20080410/ruby_mechanize_percent_url_bug
   * #21132 Not checking for EOF errors on redirect
   * Fixed a weird gzipping error.
-  * #21233 Smarter multipart boundry. Thanks Todd Willey!
+  * #21233 Smarter multipart boundary. Thanks Todd Willey!
   * #20097 Supporting meta tag cookies.
 
-=== 0.7.6
+## 0.7.6
 
 * New Features:
   * Added support for reading Mozilla cookie jars.  Thanks Chris Riddoch!
@@ -669,32 +794,32 @@ Mechanize is now under the MIT license
   * Supporting blank strings for option values.
     http://rubyforge.org/tracker/index.php?func=detail&aid=19975&group_id=1453&atid=5709
 
-=== 0.7.5
+## 0.7.5
 
 * Fixed a bug when fetching files and not pages.  Thanks Mat Schaffer!
 
-=== 0.7.4
+## 0.7.4
 
 * doh!
 
-=== 0.7.3
+## 0.7.3
 
 * Pages are now yielded to a blocks given to WWW::Mechanize#get
 * WWW::Mechanize#get now takes hash arguments for uri parameters.
 * WWW::Mechanize#post takes an IO object as a parameter and posts correctly.
 * Fixing a strange zlib inflate problem on windows
 
-=== 0.7.2
+## 0.7.2
 
 * Handling gzipped responses with no Content-Length header
 
-=== 0.7.1
+## 0.7.1
 
 * Added iPhone to the user agent aliases. [#17572]
 * Fixed a bug with EOF errors in net/http.  [#17570]
 * Handling 0 length gzipped responses. [#17471]
 
-=== 0.7.0
+## 0.7.0
 
 * Removed Ruby 1.8.2 support
 * Changed parser to lazily parse links
@@ -702,7 +827,7 @@ Mechanize is now under the MIT license
 * Adding verify_callback for SSL requests.  Thanks Mike Dalessio!
 * Fixed a bug with Accept-Language header.  Thanks Bill Siggelkow.
 
-=== 0.6.11
+## 0.6.11
 
 * Detecting single quotes in meta redirects.
 * Adding pretty inspect for ruby versions > 1.8.4 (Thanks Joel Kociolek)
@@ -713,7 +838,7 @@ Mechanize is now under the MIT license
 * Added a FAQ
   http://rubyforge.org/tracker/?func=detail&aid=15772&group_id=1453&atid=5709
 
-=== 0.6.10
+## 0.6.10
 
 * Made digest authentication work with POSTs.
 * Made sure page was HTML before following meta refreshes.
@@ -732,7 +857,7 @@ Mechanize is now under the MIT license
 * Aliasing inspect to pretty_inspect.  Thanks Eric Promislow.
   http://rubyforge.org/pipermail/mechanize-users/2007-July/000157.html
 
-=== 0.6.9
+## 0.6.9
 
 * Updating UTF-8 support for urls
 * Adding AREA tags to the links list.
@@ -744,7 +869,7 @@ Mechanize is now under the MIT license
 * Added Digest Authentication support.  Thanks to Ryan Davis and Eric Hodel,
   you get a gold star!
 
-=== 0.6.8
+## 0.6.8
 
 * Keep alive can be shut off now with WWW::Mechanize#keep_alive
 * Conditional requests can be shut off with WWW::Mechanize#conditional_requests
@@ -752,25 +877,25 @@ Mechanize is now under the MIT license
 * [#9877] Moved last request time.  Thanks Max Stepanov
 * Added WWW::Mechanize::File#save
 * Defaulting file name to URI or Content-Disposition
-* Updating compatability with hpricot
+* Updating compatibility with hpricot
 * Added more unit tests
 
-=== 0.6.7
+## 0.6.7
 
 * Fixed a bug with keep-alive requests
 * [#9549] fixed problem with cookie paths
 
-=== 0.6.6
+## 0.6.6
 
 * Removing hpricot overrides
 * Fixed a bug where alt text can be nil.  Thanks Yannick!
-* Unparseable expiration dates in cookies are now treated as session cookies
+* Unparsable expiration dates in cookies are now treated as session cookies
 * Caching connections
 * Requests now default to keep alive
 * [#9434] Fixed bug where html entities weren't decoded
 * [#9150] Updated mechanize history to deal with redirects
 
-=== 0.6.5
+## 0.6.5
 
 * Copying headers to a hash to prevent memory leaks
 * Speeding up page parsing
@@ -785,7 +910,7 @@ Mechanize is now under the MIT license
   http://rubyforge.org/tracker/?func=detail&aid=7563&group_id=1453&atid=5709
 * Added MSIE 7.0 user agent string
 
-=== 0.6.4
+## 0.6.4
 
 * Adding the "redirect_ok" method to Mechanize to stop mechanize from
   following redirects.
@@ -802,7 +927,7 @@ Mechanize is now under the MIT license
 * Fixed bug [#6548].  Input type of 'button' was not being added as a button.
 * Fixed bug [#7139]. REXML parser calls hpricot parser by accident
 
-=== 0.6.3
+## 0.6.3
 
 * Added keys and values methods to Form
 * Added has_value? to Form
@@ -817,7 +942,7 @@ Mechanize is now under the MIT license
 * Fixed a bug where '#' symbols are encoded
   http://rubyforge.org/forum/message.php?msg_id=14747
 
-=== 0.6.2
+## 0.6.2
 
 * Added a yield to Page#form so that dealing with forms can be more DSL like.
 * Added the parsed page to the ResponseCodeError so that the parsed results
@@ -825,12 +950,12 @@ Mechanize is now under the MIT license
   http://rubyforge.org/pipermail/mechanize-users/2006-September/000007.html
 * Updated documentation (Thanks to Paul Smith)
 
-=== 0.6.1
+## 0.6.1
 
 * Added a method to Form called "submit".  Now forms can be submitted by
   calling a method on the form.
 * Added a click method to links
-* Added an REXML pluggable parser for backwards compatability.  To use it,
+* Added an REXML pluggable parser for backwards compatibility.  To use it,
   just do this:
    agent.pluggable_parser.html = WWW::Mechanize::REXMLPage
 * Fixed a bug with referrers by adding a page attribute to forms and links.
@@ -843,7 +968,7 @@ Mechanize is now under the MIT license
 * Fixed a bug with loading text in to links.
   http://rubyforge.org/pipermail/mechanize-users/2006-September/000000.html
 
-=== 0.6.0
+## 0.6.0
 
 * Changed main parser to use hpricot
 * Made WWW::Mechanize::Page class searchable like hpricot
@@ -855,7 +980,7 @@ Mechanize is now under the MIT license
 * Removed REXML helper methods since the main parser is now hpricot
 * Overhauled cookie parser to use WEBrick::Cookie
 
-=== 0.5.4
+## 0.5.4
 
 * Added WWW::Mechanize#trasact for saving history state between in a
   transaction.  See the EXAMPLES file.  Thanks Johan Kiviniemi.
@@ -870,7 +995,7 @@ Mechanize is now under the MIT license
 * Fixed a bug with saving files on windows
 * Fixed a bug with the filename being set in forms
 
-=== 0.5.3
+## 0.5.3
 
 * Mechanize#click will now act on the first element of an array.  So if an
   array of links is passed to WWW::Mechanize#click, the first link is clicked.
@@ -888,7 +1013,7 @@ Mechanize is now under the MIT license
 * Updated log4r support for a speed increase.  Thanks Yinon Bentor
 * Added inspect methods and pretty printing
 
-=== 0.5.2
+## 0.5.2
 
 * Fixed a bug with input names that are nil
 * Added a warning when using attr_finder because attr_finder will be deprecated
@@ -905,12 +1030,12 @@ Mechanize is now under the MIT license
   WWW::Mechanize::Form#set_fields.  Which can be used like so:
    form.set_fields( :foo => 'bar', :name => 'Aaron' )
 
-=== 0.5.1
+## 0.5.1
 
 * Fixed bug with file uploads
 * Added performance tweaks to the cookie class
 
-=== 0.5.0
+## 0.5.0
 
 * Added pluggable parsers. (Thanks to Eric Kolve for the idea)
 * Changed namespace so all classes are under WWW::Mechanize.
@@ -925,7 +1050,7 @@ Mechanize is now under the MIT license
 * Removed support for body filters in favor of pluggable parsers.
 * Fixed cookie bug adding a '/' when the url is missing one (Thanks Nick Dainty)
 
-=== 0.4.7
+## 0.4.7
 
 * Fixed bug with no action in forms.  Thanks to Adam Wiggins
 * Setting a default user-agent string
@@ -934,7 +1059,7 @@ Mechanize is now under the MIT license
   (thanks to Gregory Brown)
 * Added WWW::Mechanize#get_file for fetching non text/html files
 
-=== 0.4.6
+## 0.4.6
 
 * Added support for proxies
 * Added a uri field to WWW::Link
@@ -945,7 +1070,7 @@ Mechanize is now under the MIT license
   allows syntax as such:    form.fields.name('q').value = 'xyz'
   Before it was like this:  form.fields.name('q').first.value = 'xyz'
 
-=== 0.4.5
+## 0.4.5
 
 * Added support for multiple values of the same name
 * Updated build_query_string to take an array of arrays (Thanks Michal Janeczek)
@@ -955,13 +1080,13 @@ Mechanize is now under the MIT license
 * Fixed a bug with empty select lists
 * Fixing a problem with cookies not handling no spaces after semicolons
 
-=== 0.4.4
+## 0.4.4
 
-* Fixed error in method signature, basic_authetication is now basic_auth
+* Fixed error in method signature, basic_authentication is now basic_auth
 * Fixed bug with encoding names in file uploads (Big thanks to Alex Young)
 * Added options to the select list
 
-=== 0.4.3
+## 0.4.3
 
 * Added syntactic sugar for finding things
 * Fixed bug with HttpOnly option in cookies
@@ -969,21 +1094,21 @@ Mechanize is now under the MIT license
 * Defaulted dropdown lists to the first element
 * Added unit tests
 
-=== 0.4.2
+## 0.4.2
 
 * Added support for iframes
 * Made mechanize dependant on ruby-web rather than narf
 * Added unit tests
 * Fixed a bunch of warnings
 
-=== 0.4.1
+## 0.4.1
 
 * Added support for file uploading
 * Added support for frames (Thanks Gabriel[mailto:leerbag@googlemail.com])
 * Added more unit tests
 * Fixed some bugs
 
-=== 0.4.0
+## 0.4.0
 
 * Added more unit tests
 * Added a cookie jar with better cookie support, included expiration of cookies