🚨 [security] [ruby] Update nokogiri 1.13.9 → 1.16.5 (minor) #791
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
Security Advisories 🚨
🚨 Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
🚨 Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
🚨 Use-after-free in libxml2 via Nokogiri::XML::Reader
🚨 Use-after-free in libxml2 via Nokogiri::XML::Reader
🚨 Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062
🚨 Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062
🚨 Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs
🚨 Unchecked return value from xmlTextReaderExpand
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
2.8.6
2.8.5
2.8.4
2.8.3
2.8.2
2.8.1
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 55 commits:
version bump to v2.8.6
Merge pull request #139 from mudge/freebsd-cmake
Explicitly use GNU make for FreeBSD build
Prefer cc and c++ when using CMake on FreeBSD
ci: add freebsd coverage
ci: update github actions
version bump to 2.8.5
doc: update README with cmake_build_type documentation
Merge pull request #137 from flavorjones/flavorjones-update-gemspec
dev: gemspec has better desc and uses require_relative
Merge pull request #136 from Watson1978/release-build
Add config param for CMAKE_BUILD_TYPE
Create release binary with cmake explicitly
Merge pull request #135 from amatsuda/warning
warning: method redefined; discarding old source_directory=
version bump to v2.8.5.rc2
Merge pull request #134 from flavorjones/flavorjones-improve-mkmf-config-20230917
introduce the "static" parameter to mkmf_config
extract `lib_path` and `include_path` methods
version bump to v2.8.5.rc1
Merge pull request #133 from flavorjones/flavorjones-more-precise-pkg-config
feat: more precise implementation of mkmf_config for pkg-config
version bump to v2.9.0.rc1
Merge pull request #131 from flavorjones/118-fedora-pkgconf
feat: introduce MiniPortile.mkmf_config
test: add an example that uses MakeMakefile.pkg_config
ci: add a fedora job to the test suite
test: backfill coverage for MiniPortile#activate
Merge pull request #132 from flavorjones/flavorjones-uninitialized-ivar-warnings
fix: avoid uninitialized ivar warnings
version bump to v2.8.4
Merge pull request #130 from stanhu/sh-cmake-cross-compile-vars
version bump to v2.8.3
Remap x64 processor type to x86_64
[cmake] Automatically add required cross-compilation variables
Merge pull request #129 from stanhu/sh-cmake-msys
Update CHANGELOG.md
Add CHANGELOG.md for CMake fix
cmake: only use MSYS/NMake generators when available
version bump to v2.8.2
Merge pull request #126 from flavorjones/flavorjones-better-config-failure-log
convert source_directory into a posix path
omit misleading version number when using source_directory
feat: output complete logs on error, including "config.log"
Merge pull request #125 from petergoldstein/feature/add_ruby_3_2_to_ci
Adds Ruby 3.2 to CI. Updates checkout action version.
Merge pull request #124 from flavorjones/flavorjones-update-github-actions-v3
ci: update github actions to avoid node version warnings
version bump to v2.8.1
Merge pull request #122 from flavorjones/119-improve-patching
fix: handle patching in dirs that resemble an actual git dir
Merge pull request #121 from flavorjones/flavorjones-exercise-patching-in-examples
test: `rake test:examples` now exercises patching
Merge pull request #117 from flavorjones/flavorjones-loosen-bundler-dependency
dep(dev): loosen bundler dependency
Release Notes
1.7.3
1.7.2
1.7.1
1.7.0
1.6.2
1.6.1
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase
.All Depfu comment commands