blog
blog copied to clipboard
Published
20 hours ago •
kubeflow
kubeflow
Bump nokogiri from 1.11.2 to 1.16.4
Bumps nokogiri from 1.11.2 to 1.16.4.
Release notes
Sourced from nokogiri's releases.
v1.16.4 / 2024-04-10
Dependencies
- [CRuby] Vendored zlib in the precompiled native gems is updated to v1.3.1 from v1.3. Nokogiri is not affected by the minizip CVE patched in this version, but this update may satisfy some security scanners. Related, see this discussion about removing the compression libraries altogether in a future version of Nokogiri.
sha256 checksums:
bdb1dc4378ebcf3ade8f440c7df68f6d76946a1a96c4823a2b4c53c01a320cd5 nokogiri-1.16.4-aarch64-linux.gem 0c994b9996d5576eddcc3201a94ef2bff6fc3627c4ae4d2708b0ec9b9743ec6a nokogiri-1.16.4-arm-linux.gem 8e86abb64c93c06d3c588042a0e757279e8f1dc88b5210a00be892a9a7a27196 nokogiri-1.16.4-arm64-darwin.gem bf84fa28be4943692bd64772186e0832fb1061f80714ccb93e111e9d72b1cadc nokogiri-1.16.4-java.gem a46808467c1f63a2031e1ca0715cd5336bb4ec759e9c0e2f4c951c1cc30994ae nokogiri-1.16.4-x64-mingw-ucrt.gem 4cdf64bc5e9443ec3e0b595347ecc8affe21968d9ae934c0825d26630ef96468 nokogiri-1.16.4-x64-mingw32.gem d86d21bae47dd9f6f5223055e45d33fae08b0b89aad94cbc0ece4f4274fa7af5 nokogiri-1.16.4-x86-linux.gem d488b872884844686780fda7cf5da44ee884d32faa713a55aeb4736d76718168 nokogiri-1.16.4-x86-mingw32.gem a896e52a56951ffb0e6a9279afbf485d683e357a053d27f4cfcb2a73b0824628 nokogiri-1.16.4-x86_64-darwin.gem 92ff4f09910255fec84b3bc4c4b182e94cada3ed12b9f7a6ea058e0af186fb31 nokogiri-1.16.4-x86_64-linux.gem 62c116c3a14b4ed4e1faec786da266c4bd4c717a0bd04a9916164a7046040f45 nokogiri-1.16.4.gemv1.16.3 / 2024-03-15
Dependencies
- [CRuby] Vendored libxml2 is updated to v2.12.6 from v2.12.5. (
@flavorjones)Changed
- [CRuby]
XML::Readersets the@encodinginstance variable during reading if it is not passed into the initializer. Previously, it would remainnil. The behavior ofReader#encodinghas not changed. This works around changes to how libxml2 reports the encoding used in v2.12.6.
sha256 checksums:
3d806263a0548e5163ff256655d78a87998fa83a5ae256b83c14a1a97731e824 nokogiri-1.16.3-aarch64-linux.gem cfb923c02bde065005e2521f0a6883c63cf305cb899a9dd4c74897731bb2af1d nokogiri-1.16.3-arm-linux.gem 5d3268558c002fa493e33076798cfda1df8effbd5363060dc41595cfebb1cf90 nokogiri-1.16.3-arm64-darwin.gem 6bf0918233959c7d5e703061ada0f436544612397475a866aa314071f02bfabb nokogiri-1.16.3-java.gem 656f163dd287671c3a28157a2e853ee1a36afeb3f4185a78af863f3980efc58d nokogiri-1.16.3-x64-mingw-ucrt.gem 7330f65cf2f8fa442327112b6515b4988f396d23010d33571714fd2ac0648fb9 nokogiri-1.16.3-x64-mingw32.gem 08d8a369940fa2309379cd8af1e7b3cc702b0115d3ddd197cfa7b33daedfd541 nokogiri-1.16.3-x86-linux.gem cd26e99fa6388cd73c8892bb99ac98af162fe83c8f71c6473dfeba7aac76bcb9 nokogiri-1.16.3-x86-mingw32.gem bc22786f4db4c32a5587e3b77a106408148d3bb1602dd0b52c0f5c968c42d17d nokogiri-1.16.3-x86_64-darwin.gem 47a3330e41b49a100225b6fab490b2dc43410931e01e791886e0c2998412e8cb nokogiri-1.16.3-x86_64-linux.gem </tr></table>
... (truncated)
Changelog
Sourced from nokogiri's changelog.
v1.16.4 / 2024-04-10
Dependencies
- [CRuby] Vendored zlib in the precompiled native gems is updated to v1.3.1 from v1.3. Nokogiri is not affected by the minizip CVE patched in this version, but this update may satisfy some security scanners. Related, see this discussion about removing the compression libraries altogether in a future version of Nokogiri.
v1.16.3 / 2024-03-15
Dependencies
- [CRuby] Vendored libxml2 is updated to v2.12.6 from v2.12.5. (
@flavorjones)Changed
- [CRuby]
XML::Readersets the@encodinginstance variable during reading if it is not passed into the initializer. Previously, it would remainnil. The behavior ofReader#encodinghas not changed. This works around changes to how libxml2 reports the encoding used in v2.12.6.v1.16.2 / 2024-02-04
Security
- [CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See GHSA-xc9x-jj77-9p9j for more information.
Dependencies
- [CRuby] Vendored libxml2 is updated to v2.12.5 from v2.12.4. (
@flavorjones)v1.16.1 / 2024-02-03
Dependencies
- [CRuby] Vendored libxml2 is updated to v2.12.4 from v2.12.3. (
@flavorjones)Fixed
- [CRuby]
XML::Readerdefaults the encoding to UTF-8 if it's not specified in either the document or as a method parameter. Previously non-ASCII characters were serialized as NCRs in this case. #2891 (@flavorjones)- [CRuby] Restored support for compilation by GCC versions earlier than 4.6, which was broken in v1.15.0 (540e9aee). #3090 (
@adfoster-r7)- [CRuby] Patched upstream libxml2 to allow parsing HTML5 in the context of a namespaced node (e.g., foreign content like MathML). [#3112, #3116] (
@flavorjones)- [CRuby] Fixed a small memory leak in libgumbo (HTML5 parser) when the maximum tree depth limit is hit. [#3098, #3100] (
@stevecheckoway)v1.16.0 / 2023-12-27
Notable Changes
... (truncated)
Commits
17c0362version bump to v1.16.41c329e9dep: update to zlib 1.3.1 (v1.16.x) (#3175)edeac07dep: update to zlib 1.3.180fb608version bump to v1.16.3710bd96dep: update libxml 2.12.6 (branch v1.16.x) (#3151)461a96efix: Reader#read sets@encodingif it is unset801f978dep: update libxml2 to v2.12.6673756fversion bump to v1.16.274ffd67dep: update libxml to 2.12.5 (branch v1.16.x) (#3122)0d4018ddep: update libxml2 to v2.12.5- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebasewill rebase this PR -
@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it -
@dependabot mergewill merge this PR after your CI passes on it -
@dependabot squash and mergewill squash and merge this PR after your CI passes on it -
@dependabot cancel mergewill cancel a previously requested merge and block automerging -
@dependabot reopenwill reopen this PR if it is closed -
@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency -
@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}
[APPROVALNOTIFIER] This PR is NOT APPROVED
This pull-request has been approved by: dependabot[bot] Once this PR has been reviewed and has the lgtm label, please assign terrytangyuan for approval. For more information see the Kubernetes Code Review Process.
The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
![google-oss-prow[bot] avatar](https://avatars.githubusercontent.com/in/143327?v=4 "Published by a pub.dev verified publisher"){kind=small}