Created by: dependabot[bot]
Bumps nokogiri from 1.13.3 to 1.13.4.
Release notes
Sourced from nokogiri's releases.
1.13.4 / 2022-04-11
Security
- Address CVE-2022-24836, a regular expression denial-of-service vulnerability. See GHSA-crjr-9rc5-ghw8 for more information.
- [CRuby] Vendored zlib is updated to address CVE-2018-25032. See GHSA-v6gp-9mmm-c6p5 for more information.
- [JRuby] Vendored Xerces-J (
xerces:xercesImpl
) is updated to address CVE-2022-23437. See GHSA-xxx9-3xcr-gjj3 for more information.- [JRuby] Vendored nekohtml (
org.cyberneko.html
) is updated to address CVE-2022-24839. See GHSA-gx8x-g87m-h5q6 for more information.Dependencies
- [CRuby] Vendored zlib is updated from 1.2.11 to 1.2.12. (See LICENSE-DEPENDENCIES.md for details on which packages redistribute this library.)
- [JRuby] Vendored Xerces-J (
xerces:xercesImpl
) is updated from 2.12.0 to 2.12.2.- [JRuby] Vendored nekohtml (
org.cyberneko.html
) is updated from a fork of 1.9.21 to 1.9.22.noko2. This fork is now publicly developed at https://github.com/sparklemotion/nekohtml
sha256sum:
095ff1995ed3dda3ea98a5f08bdc54bef02be1ce4e7c81034c4812e5e7c6e7e3 nokogiri-1.13.4-aarch64-linux.gem 7ebfc7415c819bcd4e849627e879cef2fb328bec90e802e50d74ccd13a60ec75 nokogiri-1.13.4-arm64-darwin.gem 41efd87c121991de26ef0393ac713d687e539813c3b79e454a2e3ffeecd107ea nokogiri-1.13.4-java.gem ab547504692ada0cec9d2e4e15afab659677c3f4c1ac3ea639bf5212b65246a1 nokogiri-1.13.4-x64-mingw-ucrt.gem fa5c64cfdb71642ed647428e4d0d75ee0f4d189cfb63560c66fd8bdf99eb146b nokogiri-1.13.4-x64-mingw32.gem d6f07cbcbc28b75e8ac5d6e729ffba3602dffa0ad16ffac2322c9b4eb9b971fc nokogiri-1.13.4-x86-linux.gem 0f7a4fd13e25abe3f98663fef0d115d58fdeff62cf23fef12d368e42adad2ce6 nokogiri-1.13.4-x86-mingw32.gem 3eef282f00ad360304fbcd5d72eb1710ff41138efda9513bb49eec832db5fa3e nokogiri-1.13.4-x86_64-darwin.gem 3978610354ec67b59c128d23259c87b18374ee1f61cb9ed99de7143a88e70204 nokogiri-1.13.4-x86_64-linux.gem 0d46044eb39271e3360dae95ed6061ce17bc0028d475651dc48db393488c83bc nokogiri-1.13.4.gem
Changelog
Sourced from nokogiri's changelog.
1.13.4 / 2022-04-11
Security
- Address CVE-2022-24836, a regular expression denial-of-service vulnerability. See GHSA-crjr-9rc5-ghw8 for more information.
- [CRuby] Vendored zlib is updated to address CVE-2018-25032. See GHSA-v6gp-9mmm-c6p5 for more information.
- [JRuby] Vendored Xerces-J (
xerces:xercesImpl
) is updated to address CVE-2022-23437. See GHSA-xxx9-3xcr-gjj3 for more information.- [JRuby] Vendored nekohtml (
org.cyberneko.html
) is updated to address CVE-2022-24839. See GHSA-gx8x-g87m-h5q6 for more information.Dependencies
- [CRuby] Vendored zlib is updated from 1.2.11 to 1.2.12. (See LICENSE-DEPENDENCIES.md for details on which packages redistribute this library.)
- [JRuby] Vendored Xerces-J (
xerces:xercesImpl
) is updated from 2.12.0 to 2.12.2.- [JRuby] Vendored nekohtml (
org.cyberneko.html
) is updated from a fork of 1.9.21 to 1.9.22.noko2. This fork is now publicly developed at https://github.com/sparklemotion/nekohtml
Commits
-
4e2c4b2
version bump to v1.13.4 -
6a20ee4
Merge pull request #2510 from sparklemotion/flavorjones-encoding-reader-perfo... -
b848031
Merge pull request #2509 from sparklemotion/flavorjones-parse-processing-inst... -
c0ecf3b
test: pend the LIBXML_LOADED_VERSION test on freebsd -
e444525
fix(perf): HTML4::EncodingReader detection -
1eb5580
style(rubocop): allow intentional use of empty initializer -
0feac5a
fix(dep): HTML parsing of processing instructions -
db72b90
test: recent nekohtml versions do not consider 'a' to be inline -
2af2a87
style(rubocop): allow intentional use of empty initializer -
ba7a28c
Merge pull request #2499 from sparklemotion/2441-xerces-2.12.2-backport-v1.13.x - Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.