mechanize 2.7.6 → 2.8.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 7e684f2f1ceb7fca81909282b30a28c04272caef
-  data.tar.gz: c08ef7e0f2aefd788f9808175afb4f97bce60b3f
+SHA256:
+  metadata.gz: 98e75d76ae1e421fbdb7f7ff435759e0799612f41d55918cf82bd77e689399bb
+  data.tar.gz: 439d3bf9e35c76a8f8e80daff1e76ad89c8fe3a1b9fd436f6274d1f7f4d1c2f4
 SHA512:
-  metadata.gz: fed2bde694313e6ddae6d44bbbf0ac90aa6b651ab7027628125b2095b33a73dc3fdaf8481335197ab0cf9cbea7c9dfa9396f4e3c4199cdc3563f76b20728f18c
-  data.tar.gz: a547f0f8d1c6f8d0b7c8ff580e487b64b79fbec3cca64a514407243529248e6892f66d9af746bc6c429458750e7b5782510cb3e8180f8464f08c8c0c0c0351b9
+  metadata.gz: da510c4185aea0860d0b48b37c78d69db0b399374d1b79a4d54c8eb6748f8b9d9b4a946e050b673467ee5b808ecb298d13fb8e4dc0f41d4c62afdea8a8da4acc
+  data.tar.gz: 571af8b0552b726c32dbf4c9818fba409011c633cf0eed3e355ab6f63b605d7a8d1313ab638ee474933115e9415d046ac95595cb1ac37dfa4a49aeb69698149a

data/.github/dependabot.yml

@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "bundler"
+    directory: "/"
+    schedule:
+      interval: "weekly"

data/.github/workflows/ci-test.yml

@@ -0,0 +1,53 @@
+name: "ci"
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    types: [opened, synchronize]
+    branches:
+      - main
+
+jobs:
+  rubocop:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: "3.0"
+        bundler-cache: true
+    - run: bundle exec rake rubocop
+
+  test:
+    needs: ["rubocop"]
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby-version: ["2.5", "2.6", "2.7", "3.0", "jruby", "truffleruby-head"]
+
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{matrix.ruby-version}}
+        bundler-cache: true
+    - run: bundle exec rake test
+
+  test-platform:
+    needs: ["rubocop"]
+    strategy:
+      fail-fast: false
+      matrix:
+        platform: ["windows-latest", "macos-latest"]
+
+    runs-on: ${{matrix.platform}}
+    steps:
+    - uses: actions/checkout@v2
+    - uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: "3.0"
+        bundler-cache: true
+    - run: bundle exec rake test

data/.yardopts

@@ -0,0 +1,8 @@
+--main=README.md
+lib/**/*.rb
+-
+README.md
+LICENSE.txt
+CHANGELOG.md
+GUIDE.rdoc
+EXAMPLES.rdoc

data/{CHANGELOG.rdoc → CHANGELOG.md}

@@ -1,6 +1,66 @@
-= Mechanize CHANGELOG
+# Mechanize CHANGELOG
 
-=== 2.7.6
+## 2.8.2 / 2021-08-06
+
+### Dependencies
+
+* Update dependency on Addressable from `~>2.7` to `~>2.8`. (#584) @yidingww
+
+
+## 2.8.1 / 2021-05-09
+
+### Fix
+
+* Gracefully handle parsing errors that contain an invalid byte sequence. Previously, if libxml2 registered a parsing error that itself contained invalid encoding, an exception might be raised. (#553)
+
+
+## 2.8.0 / 2021-04-01
+
+### Requirements
+
+* Mechanize now requires Ruby 2.5 or newer.
+* Move from `ntlm-http` to `rubyntlm` gem. (#495, #574)
+
+### New Features
+
+* Page::Link#uri now handles non-ASCII `href`s. (#569) @terryyin
+* FileConnection supports Windows drive letters (#483)
+* Credential headers 'Authorization' and 'Cookie' are deleted on cross-origin redirects. (#538) @kyoshidajp
+* ContentDispositionParser handles ISO8601 date headers, to be robust with websites that ignore RFC2183. (#554) @reitermarkus
+
+### Bug fix
+
+* POST headers 'Content-Length', 'Content-MD5', and 'Content-Type' are deleted in a case-insensitive manner on redirects. Previously these headers were treated as case-sensitive.
+
+
+## 2.7.7 / 2021-02-01
+
+* Security fixes for CVE-2021-21289
+
+  Mechanize `>= v2.0`, `< v2.7.7` allows for OS commands to be injected into several classes'
+  methods via implicit use of Ruby's `Kernel.open` method. Exploitation is possible only if
+  untrusted input is used as a local filename and passed to any of these calls:
+
+  - `Mechanize::CookieJar#load`: since v2.0 (see 208e3ed)
+  - `Mechanize::CookieJar#save_as`: since v2.0 (see 5b776a4)
+  - `Mechanize#download`: since v2.2 (see dc91667)
+  - `Mechanize::Download#save` and `#save!` since v2.1 (see 98b2f51, bd62ff0)
+  - `Mechanize::File#save` and `#save_as`: since v2.1 (see 2bf7519)
+  - `Mechanize::FileResponse#read_body`: since v2.0 (see 01039f5)
+
+  See https://github.com/sparklemotion/mechanize/security/advisories/GHSA-qrqm-fpv6-6r8g for more
+  information.
+
+  Also see #547, #548. Thank you, @kyoshidajp!
+
+* New Features
+  * Support for Ruby 3.0 by adding `webrick` as a runtime dependency. (#557) @pvalena
+
+* Bug fix
+  * Ignore input fields with blank names (#542, #536)
+
+
+## 2.7.6
 
 * New Features
   * Mechanize#set_proxy accepts an HTTP URL/URI. (#513)
@@ -12,7 +72,7 @@
   * Mechanize::Page#title no longer picks a title in an embeded SVG/RDF element. (#503)
   * Make Mechanize::Form#has_field? boolean. (#501)
 
-=== 2.7.5
+## 2.7.5
 
 * New Features
   * All 4xx responses and RedirectLimitReachedError when fetching robots.txt are treated as full allow just like Googlebot does.
@@ -23,7 +83,7 @@
   * Fix basic authentication for a realm that contains uppercase characters. (#458, #459)
   * Fix encoding error when uploading a file which name is non-ASCII. (#333)
 
-=== 2.7.4
+## 2.7.4
 
 * New Features
   * Accept array-like and hash-like values as query/parameter value.
@@ -45,7 +105,7 @@
   * Fix whitespace bug in WWW-Authenticate. #451, #450, by Rasmus Bergholdt
   * Don't allow redirect from a non-file URL to a file URL for security reasons. (#455)
 
-=== 2.7.3
+## 2.7.3
 
 * New Features
   * Allow net-http-persistent instance to be named. #324, John Weir.
@@ -56,34 +116,33 @@
   * Ensure Download#save! defaults back to original filename if
     none is provided (#300)
 
-=== 2.7.2
+## 2.7.2
 
 * Bug fix
   * API compatibility issues with Mechanize::CookieJar cookies has been
     addressed.  https://github.com/sparklemotion/http-cookie/issues/2 #326
 
-=== 2.7.1
+## 2.7.1
 
 * Bug fix
   * Ensure images with no "src" attribute still return correct URLs. #317
   * Fixes Mechanize::Parser#extract_filename where an empty string filename
     in the response caused unhandled exception. #318
 
-=== 2.7.0
+## 2.7.0
 
 * New Features
   * Mechanize::Agent#response_read will now raise a
     Mechanize::ResponseReadError instead of an EOFError and avoid losing
     requested content. #296.
-  * Depend on http-cookie, add backwards compatible deprecations.
-    #257 Akinori MUSHA.
+  * Depend on http-cookie, add backwards compatible deprecations. #257 Akinori MUSHA.
   * Added `Download#save!` for overwriting existing files. #300 Sean Kim.
 
 * Bug fix
   * Ensure page URLs with whitespace in them are escaped #313 @pacop.
   * Added a workaround for a bug of URI#+ that led to failure in resolving a relative path containing double slash like "/../http://.../". #304
 
-=== 2.6.0
+## 2.6.0
 
 * New Features
   * Mechanize#start and Mechanize#shutdown (Thanks, Damian Janowski!)
@@ -105,19 +164,16 @@
   * Added iPad and Android user agents.  #277 by sambit, #278 by seansay.
 
 * Bug fix
-  * Mechanize#cert and Mechanize#key now return the values set by
-    #cert= and #key=. #244, #245 (Thanks, Robert Gogolok!)
-  * Mechanize no longer submits disabled form fields.  #276 by Bogdan Gusiev,
-    #279 by Ricardo Valeriano.
+  * Mechanize#cert and Mechanize#key now return the values set by #cert= and #key=. #244, #245 (Thanks, Robert Gogolok!)
+  * Mechanize no longer submits disabled form fields.  #276 by Bogdan Gusiev, #279 by Ricardo Valeriano.
   * Mechanize::File#save now behaves like Mechanize::Download#save in
-    that it will create the parent directory before saving.
-    #272, #280 by Ryan Kowalick
+    that it will create the parent directory before saving. #272, #280 by Ryan Kowalick
   * Ensure `application/xml` is registered as an XML parser in
     `PluggableParser`, not just `text/xml`. #266 James Gregory
   * Mechanize now writes cookiestxt with a prefixed dot for wildcard domain
     handling. #295 by Mike Morearty.
 
-=== 2.5.2
+## 2.5.2
 
 * New Features
   * Mechanize::CookieJar#save_as takes a keyword option "session" to say
@@ -131,18 +187,17 @@
     In mechanize 3 the old "Mac FireFox" user-agent alias will be removed.
     Pull request #231 by Gavin Miller.
   * Mechanize now authenticates using the raw challenge, not a reconstructed
-    one, to avoid dealing with quoting rules of RFC 2617.  Fixes failures in
-    #231 due to net-http-digest_auth 1.2.1
+    one, to avoid dealing with quoting rules of RFC 2617.  Fixes failures in #231 due to net-http-digest_auth 1.2.1
   * Fixed Content-Disposition parameter parser to be case insensitive. #233
   * Fixed redirection counting in following meta refresh. #240
 
-=== 2.5.1
+## 2.5.1
 
 * Bug fix
   * Mechanize no longer copies POST requests during a redirect which was
     introduced by #215.  Pull request #229 by Godfrey Chan.
 
-=== 2.5
+## 2.5
 
 * Minor enhancements
   * Added Mechanize#ignore_bad_chunking for working around servers that don't
@@ -163,12 +218,11 @@
     terminate chunked transfer-encoding properly.  Issue #116
   * Mechanize no longer raises an exception when multiple identical
     radiobuttons are checked.  Issue #214 by Matthias Guenther
-  * Fixed documentation for pre_connect_hooks and post_connect_hooks.  Issue
-    #226 by Robert Poor
+  * Fixed documentation for pre_connect_hooks and post_connect_hooks.  Issue #226 by Robert Poor
   * Worked around ruby 1.8 run with -Ku and ISO-8859-1 encoded characters in
     URIs.  Issue #228 by Stanislav O.Pogrebnyak
 
-=== 2.4
+## 2.4
 
 * Security fix:
 
@@ -191,7 +245,7 @@
   * Improved exception messages for 401 Unauthorized responses.  Mechanize now
     tells you if you were missing credentials, had an incorrect password, etc.
 
-=== 2.3 / 2012-02-20
+## 2.3 / 2012-02-20
 
 * Minor enhancements
   * Add support for the Max-Age attribute in the Set-Cookie header.
@@ -211,14 +265,14 @@
   * Cookies with an empty Expires attribute value were stored as session
     cookies but cookies without the Expires attribute were not.  Issue #78
 
-=== 2.2.1 / 2012-02-13
+## 2.2.1 / 2012-02-13
 
 * Bug fixes
   * Add missing file to the gem, ensure that missing files won't cause
     failures again.  Issue #201 by Alex
   * Fix minor grammar issue in README.  Issue #200 by Shane Becker.
 
-=== 2.2 / 2012-02-12
+## 2.2 / 2012-02-12
 
 * API changes
   * MetaRefresh#href is not normalized to an absolute URL, but set to the
@@ -230,8 +284,7 @@
   * SSL parameters and proxy may now be set at any time.  Issue #194 by
     dsisnero.
   * Improved Mechanize::Page with #image_with and #images_with and
-    Mechanize::Page::Image various img element attribute accessors, #caption,
-    #extname, #mime_type and #fetch.  Pull request #173 by kitamomonga
+    Mechanize::Page::Image various img element attribute accessors, #caption, #extname, #mime_type and #fetch.  Pull request #173 by kitamomonga
   * Added MIME type parsing for content-types in Mechanize::PluggableParser
     for fine-grained parser choices.  Parsers will be chosen based on exact
     match, simplified type or media type in that order.  See
@@ -253,7 +306,7 @@
   * A link with an empty href is now resolved correctly where previously the
     query part was dropped.
 
-=== 2.1.1 / 2012-02-03
+## 2.1.1 / 2012-02-03
 
 * Bug fixes
   * Set missing idle_timeout default.  Issue #196
@@ -281,7 +334,7 @@
   * Documented how to convert a Mechanize::ResponseReadError into a File or
     Page, along with a new method #force_parse.  Issue #176
 
-=== 2.1 / 2011-12-20
+## 2.1 / 2011-12-20
 
 * Deprecations
   * Mechanize#get no longer accepts an options hash.
@@ -294,8 +347,7 @@
   * SSL connections will be verified against the system certificate store by
     default.
   * Added Mechanize#retry_change_requests to allow mechanize to retry POST and
-    other non-idempotent requests when you know it is safe to do so.  Issue
-    #123
+    other non-idempotent requests when you know it is safe to do so.  Issue #123
   * Mechanize can now stream files directly to disk without loading them into
     memory first through Mechanize::Download, a pluggable parser for
     downloading files.
@@ -310,8 +362,7 @@
       agent.pluggable_parser.default = Mechanize::Download
   * Added Mechanize#content_encoding_hooks which allow handling of
     non-standard content encodings like "agzip".  Patch #125 by kitamomonga
-  * Added dom_class to elements and the element matcher like dom_id.  Patch
-    #156 by Dan Hansen.
+  * Added dom_class to elements and the element matcher like dom_id.  Patch #156 by Dan Hansen.
   * Added support for the HTML5 keygen form element.  See
     http://dev.w3.org/html5/spec/Overview.html#the-keygen-element  Patch #157
     by Victor Costan.
@@ -360,11 +411,10 @@
   * The original Referer value persists on redirection.  Issue #150
   * Do not send a referer on a Refresh header based redirection.
   * Fixed encoding error in tests when LANG=C.  Patch #142 by jinschoi.
-  * The order of items in a form submission now match the DOM order.  Patch
-    #129 by kitamomonga
+  * The order of items in a form submission now match the DOM order.  Patch #129 by kitamomonga
   * Fixed proxy example in EXAMPLE.  Issue #146 by NielsKSchjoedt
 
-=== 2.0.1 / 2011-06-28
+## 2.0.1 / 2011-06-28
 
 Mechanize now uses minitest to avoid 1.9 vs 1.8 assertion availability in
 test/unit
@@ -375,7 +425,7 @@ test/unit
   * Mechanize#keep_alive_time no longer crashes but does nothing as
     net-http-persistent does not support HTTP/1.0 keep-alive extensions.
 
-=== 2.0 / 2011-06-27
+## 2.0 / 2011-06-27
 
 Mechanize is now under the MIT license
 
@@ -429,8 +479,7 @@ Mechanize is now under the MIT license
   * Mechanize now implements session cookies.  GH #78
   * Mechanize now implements deflate decoding.  GH #40
   * Mechanize now allows a certificate and key to be passed directly.  GH #71
-  * Mechanize::Form::MultiSelectList now implements #option_with and
-    #options_with.  GH #42
+  * Mechanize::Form::MultiSelectList now implements #option_with and #options_with.  GH #42
   * Add Mechanize::Page::Link#rel and #rel?(kind) to read and test the rel
     attribute.
   * Add Mechanize::Page#canonical_uri to read a </tt><link
@@ -483,7 +532,7 @@ Mechanize is now under the MIT license
   * Mechanize::Page::Link#uri now handles both escaped and unescaped hrefs.
     GH #107
 
-=== 1.0.0
+## 1.0.0
 
 * New Features:
 
@@ -501,7 +550,7 @@ Mechanize is now under the MIT license
   * Fixing default values with serialized cookies. GH #3
   * Checkboxes and fields are sorted by page appearance before submitting. #11
 
-=== 0.9.3
+## 0.9.3
 
 * Bug Fixes:
 
@@ -519,7 +568,7 @@ Mechanize is now under the MIT license
   * Fixed a bug with double semi-colons in Content-Disposition headers
   * Properly handling cookies that specify a path.  RF #25259
 
-=== 0.9.2 / 2009/03/05
+## 0.9.2 / 2009/03/05
 
 * New Features:
   * Mechanize#submit and Form#submit take arbitrary headers(thanks penguincoder)
@@ -532,7 +581,7 @@ Mechanize is now under the MIT license
   * Made Content-Type match case insensitive (Thanks Kelly Reynolds)
   * Non-string form parameters work
 
-=== 0.9.1 2009/02/23
+## 0.9.1 2009/02/23
 
 * New Features:
   * Encoding may be specified for a page: Page#encoding=
@@ -548,7 +597,7 @@ Mechanize is now under the MIT license
   * WAP content types will now be parsed
   * Rescued poorly formatted cookies.  Thanks Kelley Reynolds!
 
-=== 0.9.0
+## 0.9.0
 
 * Deprecations
   * WWW::Mechanize::List is gone!
@@ -558,7 +607,7 @@ Mechanize is now under the MIT license
 * Bug Fixes:
   * Nil check on page when base tag is used #23021
 
-=== 0.8.5
+## 0.8.5
 
 * Deprecations
   * WWW::Mechanize::List will be deprecated in 0.9.0, and warnings have
@@ -582,28 +631,28 @@ Mechanize is now under the MIT license
   * Mechanize#get requests no longer send a referer unless they are relative
     requests.
 
-=== 0.8.4
+## 0.8.4
 
 * Bug Fixes:
   * Setting the port number on the host header.
   * Fixing Authorization headers for picky servers
 
-=== 0.8.3
+## 0.8.3
 
 * Bug Fixes:
   * Making sure logger is set during SSL connections.
 
-=== 0.8.2
+## 0.8.2
 
 * Bug Fixes:
   * Doh!  I was accidentally setting headers twice.
 
-=== 0.8.1
+## 0.8.1
 
 * Bug Fixes:
   * Fixed problem with nil pointer when logger is set
 
-=== 0.8.0
+## 0.8.0
 
 * New Features:
   * Lifecycle hooks.  Mechanize#pre_connect_hooks, Mechanize#post_connect_hooks
@@ -617,7 +666,7 @@ Mechanize is now under the MIT license
   * Only setting headers once
   * Adding IIS authentication support
 
-=== 0.7.8
+## 0.7.8
 
 * Bug Fixes:
   * Fixed bug when receiving a 304 response (HTTPNotModified) on a page not
@@ -625,7 +674,7 @@ Mechanize is now under the MIT license
   * #21428 Default to HTML parser for 'application/xhtml+xml' content-type.
   * Fixed an issue where redirects were resending posted data
 
-=== 0.7.7
+## 0.7.7
 
 * New Features:
   * Page#form_with takes a +criteria+ hash.
@@ -646,7 +695,7 @@ Mechanize is now under the MIT license
   * #21233 Smarter multipart boundry. Thanks Todd Willey!
   * #20097 Supporting meta tag cookies.
 
-=== 0.7.6
+## 0.7.6
 
 * New Features:
   * Added support for reading Mozilla cookie jars.  Thanks Chris Riddoch!
@@ -669,32 +718,32 @@ Mechanize is now under the MIT license
   * Supporting blank strings for option values.
     http://rubyforge.org/tracker/index.php?func=detail&aid=19975&group_id=1453&atid=5709
 
-=== 0.7.5
+## 0.7.5
 
 * Fixed a bug when fetching files and not pages.  Thanks Mat Schaffer!
 
-=== 0.7.4
+## 0.7.4
 
 * doh!
 
-=== 0.7.3
+## 0.7.3
 
 * Pages are now yielded to a blocks given to WWW::Mechanize#get
 * WWW::Mechanize#get now takes hash arguments for uri parameters.
 * WWW::Mechanize#post takes an IO object as a parameter and posts correctly.
 * Fixing a strange zlib inflate problem on windows
 
-=== 0.7.2
+## 0.7.2
 
 * Handling gzipped responses with no Content-Length header
 
-=== 0.7.1
+## 0.7.1
 
 * Added iPhone to the user agent aliases. [#17572]
 * Fixed a bug with EOF errors in net/http.  [#17570]
 * Handling 0 length gzipped responses. [#17471]
 
-=== 0.7.0
+## 0.7.0
 
 * Removed Ruby 1.8.2 support
 * Changed parser to lazily parse links
@@ -702,7 +751,7 @@ Mechanize is now under the MIT license
 * Adding verify_callback for SSL requests.  Thanks Mike Dalessio!
 * Fixed a bug with Accept-Language header.  Thanks Bill Siggelkow.
 
-=== 0.6.11
+## 0.6.11
 
 * Detecting single quotes in meta redirects.
 * Adding pretty inspect for ruby versions > 1.8.4 (Thanks Joel Kociolek)
@@ -713,7 +762,7 @@ Mechanize is now under the MIT license
 * Added a FAQ
   http://rubyforge.org/tracker/?func=detail&aid=15772&group_id=1453&atid=5709
 
-=== 0.6.10
+## 0.6.10
 
 * Made digest authentication work with POSTs.
 * Made sure page was HTML before following meta refreshes.
@@ -732,7 +781,7 @@ Mechanize is now under the MIT license
 * Aliasing inspect to pretty_inspect.  Thanks Eric Promislow.
   http://rubyforge.org/pipermail/mechanize-users/2007-July/000157.html
 
-=== 0.6.9
+## 0.6.9
 
 * Updating UTF-8 support for urls
 * Adding AREA tags to the links list.
@@ -744,7 +793,7 @@ Mechanize is now under the MIT license
 * Added Digest Authentication support.  Thanks to Ryan Davis and Eric Hodel,
   you get a gold star!
 
-=== 0.6.8
+## 0.6.8
 
 * Keep alive can be shut off now with WWW::Mechanize#keep_alive
 * Conditional requests can be shut off with WWW::Mechanize#conditional_requests
@@ -755,12 +804,12 @@ Mechanize is now under the MIT license
 * Updating compatability with hpricot
 * Added more unit tests
 
-=== 0.6.7
+## 0.6.7
 
 * Fixed a bug with keep-alive requests
 * [#9549] fixed problem with cookie paths
 
-=== 0.6.6
+## 0.6.6
 
 * Removing hpricot overrides
 * Fixed a bug where alt text can be nil.  Thanks Yannick!
@@ -770,7 +819,7 @@ Mechanize is now under the MIT license
 * [#9434] Fixed bug where html entities weren't decoded
 * [#9150] Updated mechanize history to deal with redirects
 
-=== 0.6.5
+## 0.6.5
 
 * Copying headers to a hash to prevent memory leaks
 * Speeding up page parsing
@@ -785,7 +834,7 @@ Mechanize is now under the MIT license
   http://rubyforge.org/tracker/?func=detail&aid=7563&group_id=1453&atid=5709
 * Added MSIE 7.0 user agent string
 
-=== 0.6.4
+## 0.6.4
 
 * Adding the "redirect_ok" method to Mechanize to stop mechanize from
   following redirects.
@@ -802,7 +851,7 @@ Mechanize is now under the MIT license
 * Fixed bug [#6548].  Input type of 'button' was not being added as a button.
 * Fixed bug [#7139]. REXML parser calls hpricot parser by accident
 
-=== 0.6.3
+## 0.6.3
 
 * Added keys and values methods to Form
 * Added has_value? to Form
@@ -817,7 +866,7 @@ Mechanize is now under the MIT license
 * Fixed a bug where '#' symbols are encoded
   http://rubyforge.org/forum/message.php?msg_id=14747
 
-=== 0.6.2
+## 0.6.2
 
 * Added a yield to Page#form so that dealing with forms can be more DSL like.
 * Added the parsed page to the ResponseCodeError so that the parsed results
@@ -825,7 +874,7 @@ Mechanize is now under the MIT license
   http://rubyforge.org/pipermail/mechanize-users/2006-September/000007.html
 * Updated documentation (Thanks to Paul Smith)
 
-=== 0.6.1
+## 0.6.1
 
 * Added a method to Form called "submit".  Now forms can be submitted by
   calling a method on the form.
@@ -843,7 +892,7 @@ Mechanize is now under the MIT license
 * Fixed a bug with loading text in to links.
   http://rubyforge.org/pipermail/mechanize-users/2006-September/000000.html
 
-=== 0.6.0
+## 0.6.0
 
 * Changed main parser to use hpricot
 * Made WWW::Mechanize::Page class searchable like hpricot
@@ -855,7 +904,7 @@ Mechanize is now under the MIT license
 * Removed REXML helper methods since the main parser is now hpricot
 * Overhauled cookie parser to use WEBrick::Cookie
 
-=== 0.5.4
+## 0.5.4
 
 * Added WWW::Mechanize#trasact for saving history state between in a
   transaction.  See the EXAMPLES file.  Thanks Johan Kiviniemi.
@@ -870,7 +919,7 @@ Mechanize is now under the MIT license
 * Fixed a bug with saving files on windows
 * Fixed a bug with the filename being set in forms
 
-=== 0.5.3
+## 0.5.3
 
 * Mechanize#click will now act on the first element of an array.  So if an
   array of links is passed to WWW::Mechanize#click, the first link is clicked.
@@ -888,7 +937,7 @@ Mechanize is now under the MIT license
 * Updated log4r support for a speed increase.  Thanks Yinon Bentor
 * Added inspect methods and pretty printing
 
-=== 0.5.2
+## 0.5.2
 
 * Fixed a bug with input names that are nil
 * Added a warning when using attr_finder because attr_finder will be deprecated
@@ -905,12 +954,12 @@ Mechanize is now under the MIT license
   WWW::Mechanize::Form#set_fields.  Which can be used like so:
    form.set_fields( :foo => 'bar', :name => 'Aaron' )
 
-=== 0.5.1
+## 0.5.1
 
 * Fixed bug with file uploads
 * Added performance tweaks to the cookie class
 
-=== 0.5.0
+## 0.5.0
 
 * Added pluggable parsers. (Thanks to Eric Kolve for the idea)
 * Changed namespace so all classes are under WWW::Mechanize.
@@ -925,7 +974,7 @@ Mechanize is now under the MIT license
 * Removed support for body filters in favor of pluggable parsers.
 * Fixed cookie bug adding a '/' when the url is missing one (Thanks Nick Dainty)
 
-=== 0.4.7
+## 0.4.7
 
 * Fixed bug with no action in forms.  Thanks to Adam Wiggins
 * Setting a default user-agent string
@@ -934,7 +983,7 @@ Mechanize is now under the MIT license
   (thanks to Gregory Brown)
 * Added WWW::Mechanize#get_file for fetching non text/html files
 
-=== 0.4.6
+## 0.4.6
 
 * Added support for proxies
 * Added a uri field to WWW::Link
@@ -945,7 +994,7 @@ Mechanize is now under the MIT license
   allows syntax as such:    form.fields.name('q').value = 'xyz'
   Before it was like this:  form.fields.name('q').first.value = 'xyz'
 
-=== 0.4.5
+## 0.4.5
 
 * Added support for multiple values of the same name
 * Updated build_query_string to take an array of arrays (Thanks Michal Janeczek)
@@ -955,13 +1004,13 @@ Mechanize is now under the MIT license
 * Fixed a bug with empty select lists
 * Fixing a problem with cookies not handling no spaces after semicolons
 
-=== 0.4.4
+## 0.4.4
 
 * Fixed error in method signature, basic_authetication is now basic_auth
 * Fixed bug with encoding names in file uploads (Big thanks to Alex Young)
 * Added options to the select list
 
-=== 0.4.3
+## 0.4.3
 
 * Added syntactic sugar for finding things
 * Fixed bug with HttpOnly option in cookies
@@ -969,21 +1018,21 @@ Mechanize is now under the MIT license
 * Defaulted dropdown lists to the first element
 * Added unit tests
 
-=== 0.4.2
+## 0.4.2
 
 * Added support for iframes
 * Made mechanize dependant on ruby-web rather than narf
 * Added unit tests
 * Fixed a bunch of warnings
 
-=== 0.4.1
+## 0.4.1
 
 * Added support for file uploading
 * Added support for frames (Thanks Gabriel[mailto:leerbag@googlemail.com])
 * Added more unit tests
 * Fixed some bugs
 
-=== 0.4.0
+## 0.4.0
 
 * Added more unit tests
 * Added a cookie jar with better cookie support, included expiration of cookies