commit rubygem-nokogiri for openSUSE:Factory

Tue, 12 Oct 2021 12:49:06 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package rubygem-nokogiri for 
openSUSE:Factory checked in at 2021-10-12 21:48:16
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-nokogiri (Old)
 and      /work/SRC/openSUSE:Factory/.rubygem-nokogiri.new.2443 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "rubygem-nokogiri"

Tue Oct 12 21:48:16 2021 rev:58 rq:924368 version:1.12.5

Changes:
--------
--- /work/SRC/openSUSE:Factory/rubygem-nokogiri/rubygem-nokogiri.changes        
2021-08-27 21:43:30.569943104 +0200
+++ 
/work/SRC/openSUSE:Factory/.rubygem-nokogiri.new.2443/rubygem-nokogiri.changes  
    2021-10-12 21:48:54.711833801 +0200
@@ -1,0 +2,69 @@
+Sat Oct  9 09:12:44 UTC 2021 - Manuel Schnitzer <[email protected]>
+
+- updated to version 1.12.5
+
+  ## 1.12.5 / 2021-09-27
+
+  ### Security
+
+  [JRuby] Address CVE-2021-41098 
([GHSA-2rr5-8q37-2w7h](https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h)).
+
+  In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parsers resolve 
external entities (XXE) by default. This fix turns off 
entity-resolution-by-default in the JRuby SAX parsers to match the CRuby SAX 
parsers' behavior.
+
+  CRuby users are not affected by this CVE.
+
+
+  ### Fixed
+
+  * [CRuby] `Document#to_xhtml` properly serializes self-closing tags in 
libxml > 2.9.10. A behavior change introduced in libxml 2.9.11 resulted in 
emitting start and and tags (e.g., `<br></br>`) instead of a self-closing tag 
(e.g., `<br/>`) in previous Nokogiri versions. 
[[#2324](https://github.com/sparklemotion/nokogiri/issues/2324)]
+
+
+  ## 1.12.4 / 2021-08-29
+
+  ### Notable fix: Namespace inheritance
+
+  Namespace behavior when reparenting nodes has historically been poorly 
specified and the behavior diverged between CRuby and JRuby. As a result, 
making this behavior consistent in v1.12.0 introduced a breaking change.
+
+  This patch release reverts the Builder behavior present in v1.12.0..v1.12.3 
but keeps the Document behavior. This release also introduces a Document 
attribute to allow affected users to easily change this behavior for their 
legacy code without invasive changes.
+
+
+  #### Compensating Feature in XML::Document
+
+  This release of Nokogiri introduces a new `Document` boolean attribute, 
`namespace_inheritance`, which controls whether children should inherit a 
namespace when they are reparented. `Nokogiri::XML:Document` defaults this 
attribute to `false` meaning "do not inherit," thereby making explicit the 
behavior change introduced in v1.12.0.
+
+  CRuby users who desire the pre-v1.12.0 behavior may set 
`document.namespace_inheritance = true` before reparenting nodes.
+
+  See 
https://nokogiri.org/rdoc/Nokogiri/XML/Document.html#namespace_inheritance-instance_method
 for example usage.
+
+
+  #### Fix for XML::Builder
+
+  However, recognizing that we want `Builder`-created children to inherit 
namespaces, Builder now will set `namespace_inheritance=true` on the underlying 
document for both JRuby and CRuby. This means that, on CRuby, the pre-v1.12.0 
behavior is restored.
+
+  Users who want to turn this behavior off may pass a keyword argument to the 
Builder constructor like so:
+
+  ``` ruby
+  Nokogiri::XML::Builder.new(namespace_inheritance: false)
+  ```
+
+  See 
https://nokogiri.org/rdoc/Nokogiri/XML/Builder.html#label-Namespace+inheritance 
for example usage.
+
+
+  #### Downstream gem maintainers
+
+  Note that any downstream gems may want to specifically omit Nokogiri 
v1.12.0--v1.12.3 from their dependency specification if they rely on child 
namespace inheritance:
+
+  ``` ruby
+  Gem::Specification.new do |gem|
+    # ...
+    gem.add_runtime_dependency 'nokogiri', '!=1.12.3', '!=1.12.2', '!=1.12.1', 
'!=1.12.0'
+    # ...
+  end
+  ```
+
+
+  ### Fixed
+
+  * [JRuby] Fix NPE in Schema parsing when an imported resource doesn't have a 
`systemId`. [[#2296](https://github.com/sparklemotion/nokogiri/issues/2296)] 
(Thanks, [@pepijnve](https://github.com/pepijnve)!)
+
+-------------------------------------------------------------------

Old:
----
  nokogiri-1.12.3.gem

New:
----
  nokogiri-1.12.5.gem

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ rubygem-nokogiri.spec ++++++
--- /var/tmp/diff_new_pack.wW7GA0/_old  2021-10-12 21:48:55.299834643 +0200
+++ /var/tmp/diff_new_pack.wW7GA0/_new  2021-10-12 21:48:55.303834648 +0200
@@ -24,7 +24,7 @@
 #
 
 Name:           rubygem-nokogiri
-Version:        1.12.3
+Version:        1.12.5
 Release:        0
 %define mod_name nokogiri
 %define mod_full_name %{mod_name}-%{version}

++++++ nokogiri-1.12.3.gem -> nokogiri-1.12.5.gem ++++++
/work/SRC/openSUSE:Factory/rubygem-nokogiri/nokogiri-1.12.3.gem 
/work/SRC/openSUSE:Factory/.rubygem-nokogiri.new.2443/nokogiri-1.12.5.gem 
differ: char 135, line 1

Reply via email to