René's URL Explorer Experiment

Title: Bump nokogiri from 1.10.4 to 1.13.4 by dependabot[bot] · Pull Request #70 · nodegit/nodegit.github.com · GitHub

Open Graph Title: Bump nokogiri from 1.10.4 to 1.13.4 by dependabot[bot] · Pull Request #70 · nodegit/nodegit.github.com

X Title: Bump nokogiri from 1.10.4 to 1.13.4 by dependabot[bot] · Pull Request #70 · nodegit/nodegit.github.com

Description: Bumps nokogiri from 1.10.4 to 1.13.4. Release notes Sourced from nokogiri's releases. 1.13.4 / 2022-04-11 Security Address CVE-2022-24836, a regular expression denial-of-service vulnerability. See GHSA-crjr-9rc5-ghw8 for more information. [CRuby] Vendored zlib is updated to address CVE-2018-25032. See GHSA-v6gp-9mmm-c6p5 for more information. [JRuby] Vendored Xerces-J (xerces:xercesImpl) is updated to address CVE-2022-23437. See GHSA-xxx9-3xcr-gjj3 for more information. [JRuby] Vendored nekohtml (org.cyberneko.html) is updated to address CVE-2022-24839. See GHSA-gx8x-g87m-h5q6 for more information. Dependencies [CRuby] Vendored zlib is updated from 1.2.11 to 1.2.12. (See LICENSE-DEPENDENCIES.md for details on which packages redistribute this library.) [JRuby] Vendored Xerces-J (xerces:xercesImpl) is updated from 2.12.0 to 2.12.2. [JRuby] Vendored nekohtml (org.cyberneko.html) is updated from a fork of 1.9.21 to 1.9.22.noko2. This fork is now publicly developed at https://github.com/sparklemotion/nekohtml sha256sum: 095ff1995ed3dda3ea98a5f08bdc54bef02be1ce4e7c81034c4812e5e7c6e7e3 nokogiri-1.13.4-aarch64-linux.gem 7ebfc7415c819bcd4e849627e879cef2fb328bec90e802e50d74ccd13a60ec75 nokogiri-1.13.4-arm64-darwin.gem 41efd87c121991de26ef0393ac713d687e539813c3b79e454a2e3ffeecd107ea nokogiri-1.13.4-java.gem ab547504692ada0cec9d2e4e15afab659677c3f4c1ac3ea639bf5212b65246a1 nokogiri-1.13.4-x64-mingw-ucrt.gem fa5c64cfdb71642ed647428e4d0d75ee0f4d189cfb63560c66fd8bdf99eb146b nokogiri-1.13.4-x64-mingw32.gem d6f07cbcbc28b75e8ac5d6e729ffba3602dffa0ad16ffac2322c9b4eb9b971fc nokogiri-1.13.4-x86-linux.gem 0f7a4fd13e25abe3f98663fef0d115d58fdeff62cf23fef12d368e42adad2ce6 nokogiri-1.13.4-x86-mingw32.gem 3eef282f00ad360304fbcd5d72eb1710ff41138efda9513bb49eec832db5fa3e nokogiri-1.13.4-x86_64-darwin.gem 3978610354ec67b59c128d23259c87b18374ee1f61cb9ed99de7143a88e70204 nokogiri-1.13.4-x86_64-linux.gem 0d46044eb39271e3360dae95ed6061ce17bc0028d475651dc48db393488c83bc nokogiri-1.13.4.gem 1.13.3 / 2022-02-21 Fixed [CRuby] Revert a HTML4 parser bug in libxml 2.9.13 (introduced in Nokogiri v1.13.2). The bug causes libxml2's HTML4 parser to fail to recover when encountering a bare < character in some contexts. This version of Nokogiri restores the earlier behavior, which is to recover from the parse error and treat the < as normal character data (which will be serialized as < in a text node). The bug (and the fix) is only relevant when the RECOVER parse option is set, as it is by default. [#2461] SHA256 checksums: 025a4e333f6f903072a919f5f75b03a8f70e4969dab4280375b73f9d8ff8d2c0 nokogiri-1.13.3-aarch64-linux.gem b9cb59c6a6da8cf4dbee5dbb569c7cc95a6741392e69053544e0f40b15ab9ad5 nokogiri-1.13.3-arm64-darwin.gem e55d18cee64c19d51d35ad80634e465dbcdd46ac4233cb42c1e410307244ebae nokogiri-1.13.3-java.gem 53e2d68116cd00a873406b8bdb90c78a6f10e00df7ddf917a639ac137719b67b nokogiri-1.13.3-x64-mingw-ucrt.gem b5f39ebb662a1be7d1c61f8f0a2a683f1bb11690a6f00a99a1aa23a071f80145 nokogiri-1.13.3-x64-mingw32.gem 7c0de5863aace4bbbc73c4766cf084d1f0b7a495591e46d1666200cede404432 nokogiri-1.13.3-x86-linux.gem ... (truncated) Changelog Sourced from nokogiri's changelog. 1.13.4 / 2022-04-11 Security Address CVE-2022-24836, a regular expression denial-of-service vulnerability. See GHSA-crjr-9rc5-ghw8 for more information. [CRuby] Vendored zlib is updated to address CVE-2018-25032. See GHSA-v6gp-9mmm-c6p5 for more information. [JRuby] Vendored Xerces-J (xerces:xercesImpl) is updated to address CVE-2022-23437. See GHSA-xxx9-3xcr-gjj3 for more information. [JRuby] Vendored nekohtml (org.cyberneko.html) is updated to address CVE-2022-24839. See GHSA-gx8x-g87m-h5q6 for more information. Dependencies [CRuby] Vendored zlib is updated from 1.2.11 to 1.2.12. (See LICENSE-DEPENDENCIES.md for details on which packages redistribute this library.) [JRuby] Vendored Xerces-J (xerces:xercesImpl) is updated from 2.12.0 to 2.12.2. [JRuby] Vendored nekohtml (org.cyberneko.html) is updated from a fork of 1.9.21 to 1.9.22.noko2. This fork is now publicly developed at https://github.com/sparklemotion/nekohtml 1.13.3 / 2022-02-21 Fixed [CRuby] Revert a HTML4 parser bug in libxml 2.9.13 (introduced in Nokogiri v1.13.2). The bug causes libxml2's HTML4 parser to fail to recover when encountering a bare < character in some contexts. This version of Nokogiri restores the earlier behavior, which is to recover from the parse error and treat the < as normal character data (which will be serialized as < in a text node). The bug (and the fix) is only relevant when the RECOVER parse option is set, as it is by default. [#2461] 1.13.2 / 2022-02-21 Security [CRuby] Vendored libxml2 is updated from 2.9.12 to 2.9.13. This update addresses CVE-2022-23308. [CRuby] Vendored libxslt is updated from 1.1.34 to 1.1.35. This update addresses CVE-2021-30560. Please see GHSA-fq42-c5rg-92c2 for more information about these CVEs. Dependencies [CRuby] Vendored libxml2 is updated from 2.9.12 to 2.9.13. Full changelog is available at https://download.gnome.org/sources/libxml2/2.9/libxml2-2.9.13.news [CRuby] Vendored libxslt is updated from 1.1.34 to 1.1.35. Full changelog is available at https://download.gnome.org/sources/libxslt/1.1/libxslt-1.1.35.news 1.13.1 / 2022-01-13 Fixed Fix Nokogiri::XSLT.quote_params regression in v1.13.0 that raised an exception when non-string stylesheet parameters were passed. Non-string parameters (e.g., integers and symbols) are now explicitly supported and both keys and values will be stringified with #to_s. [#2418] Fix CSS selector query regression in v1.13.0 that raised an Nokogiri::XML::XPath::SyntaxError when parsing XPath attributes mixed into the CSS query. Although this mash-up of XPath and CSS syntax previously worked unintentionally, it is now an officially supported feature and is documented as such. [#2419] 1.13.0 / 2022-01-06 ... (truncated) Commits 4e2c4b2 version bump to v1.13.4 6a20ee4 Merge pull request #2510 from sparklemotion/flavorjones-encoding-reader-perfo... b848031 Merge pull request #2509 from sparklemotion/flavorjones-parse-processing-inst... c0ecf3b test: pend the LIBXML_LOADED_VERSION test on freebsd e444525 fix(perf): HTML4::EncodingReader detection 1eb5580 style(rubocop): allow intentional use of empty initializer 0feac5a fix(dep): HTML parsing of processing instructions db72b90 test: recent nekohtml versions do not consider 'a' to be inline 2af2a87 style(rubocop): allow intentional use of empty initializer ba7a28c Merge pull request #2499 from sparklemotion/2441-xerces-2.12.2-backport-v1.13.x Additional commits viewable in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot merge will merge this PR after your CI passes on it @dependabot squash and merge will squash and merge this PR after your CI passes on it @dependabot cancel merge will cancel a previously requested merge and block automerging @dependabot reopen will reopen this PR if it is closed @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) @dependabot use these labels will set the current labels as the default for future PRs for this repo and language @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the Security Alerts page.

Open Graph Description: Bumps nokogiri from 1.10.4 to 1.13.4. Release notes Sourced from nokogiri's releases. 1.13.4 / 2022-04-11 Security Address CVE-2022-24836, a regular expression denial-of-service vulnerabilit...

X Description: Bumps nokogiri from 1.10.4 to 1.13.4. Release notes Sourced from nokogiri&#39;s releases. 1.13.4 / 2022-04-11 Security Address CVE-2022-24836, a regular expression denial-of-service vulnerab...

Opengraph URL: https://github.com/nodegit/nodegit.github.com/pull/70

X: @github

direct link

Domain: github.com

Links:

Viewport: width=device-width