dependabot[bot] opened a new pull request #19: URL: https://github.com/apache/datafu/pull/19
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.12.5 to 1.13.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/releases";>nokogiri's releases</a>.</em></p> <blockquote> <h2>1.13.2 / 2022-02-21</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated from 2.9.12 to 2.9.13. This update addresses <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-23308";>CVE-2022-23308</a>.</li> <li>[CRuby] Vendored libxslt is updated from 1.1.34 to 1.1.35. This update addresses <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-30560";>CVE-2021-30560</a>.</li> </ul> <p>Please see <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2";>GHSA-fq42-c5rg-92c2</a> for more information about these CVEs.</p> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated from 2.9.12 to 2.9.13. Full changelog is available at <a href="https://download.gnome.org/sources/libxml2/2.9/libxml2-2.9.13.news";>https://download.gnome.org/sources/libxml2/2.9/libxml2-2.9.13.news</a></li> <li>[CRuby] Vendored libxslt is updated from 1.1.34 to 1.1.35. Full changelog is available at <a href="https://download.gnome.org/sources/libxslt/1.1/libxslt-1.1.35.news";>https://download.gnome.org/sources/libxslt/1.1/libxslt-1.1.35.news</a></li> </ul> <hr /> <p>SHA256 checksums:</p> <pre><code>63469a9bb56a21c62fbaea58d15f54f8f167ff6fde51c5c2262072f939926fdd nokogiri-1.13.2-aarch64-linux.gem 2986617f982f645c06f22515b721e6d2613dd69493e5c41ddd03c4830c3b3065 nokogiri-1.13.2-arm64-darwin.gem aca1d66206740b29d0d586b1d049116adcb31e6cdd7c4dd3a96eb77da215a0c4 nokogiri-1.13.2-java.gem b9e4eea1a200d9a927a5bc7d662c427e128779cba0098ea49ddbdb3ffc3ddaec nokogiri-1.13.2-x64-mingw-ucrt.gem 48d5493fec495867c5516a908a068c1387a1d17c5aeca6a1c98c089d9d9fdcf8 nokogiri-1.13.2-x64-mingw32.gem 62034d7aaaa83fbfcb8876273cc5551489396841a66230d3200b67919ef76cf9 nokogiri-1.13.2-x86-linux.gem e07237b82394017c2bfec73c637317ee7dbfb56e92546151666abec551e46d1d nokogiri-1.13.2-x86-mingw32.gem 01937a6551d997aca32468da08ced0878ba4e1dfd0b51d953617185eefc57ffa nokogiri-1.13.2-x86_64-darwin.gem 70112ae29939d4b5e1c8ba13e1f0d82ff43cd5564ce138f622fe6ebddc503654 nokogiri-1.13.2-x86_64-linux.gem def6b330c53dcabe8b7d545cf9db4dfb45e9d39040b531eb81aee0c840fd66c2 nokogiri-1.13.2.gem </code></pre> <h2>1.13.1 / 2022-01-13</h2> <h3>Fixed</h3> <ul> <li>Fix <code>Nokogiri::XSLT.quote_params</code> regression in v1.13.0 that raised an exception when non-string stylesheet parameters were passed. Non-string parameters (e.g., integers and symbols) are now explicitly supported and both keys and values will be stringified with <code>#to_s</code>. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2418";>#2418</a>]</li> <li>Fix HTML5 CSS selector query regression in v1.13.0 that raised an <code>Nokogiri::XML::XPath::SyntaxError</code> when parsing XPath attributes mixed into the CSS query. Although this mash-up of XPath and CSS syntax previously worked unintentionally, it is now an officially supported feature and is documented as such. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2419";>#2419</a>]</li> </ul> <hr /> <p>SHA265 checksums</p> <pre lang="text"><code>9206569b36f0066f943f174a832b50e69551c2a81333b7a62d4073e97ea4c3c6 nokogiri-1.13.1-aarch64-linux.gem 39d73197506acd3748c84600e000bb44ccd930695a9fc8b489b1b4df37dd14f0 nokogiri-1.13.1-arm64-darwin.gem 1aaa315876e2049b4418c60794f1f55bdb04cc9583b9b664dbb3c52696695207 nokogiri-1.13.1-java.gem 37d97e5fdaae4a14cc7122598616ac484d71c271004fb6cce6684c6734f41552 nokogiri-1.13.1-x64-mingw-ucrt.gem 683b030957c747d35499f8d766cad51a31ae9456098225af62fab7b27fe20129 nokogiri-1.13.1-x64-mingw32.gem 690958426e3151ba0c22e8d88637dba5e0c636107f3def2ffc10e334d451e61f nokogiri-1.13.1-x86-linux.gem </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md";>nokogiri's changelog</a>.</em></p> <blockquote> <h2>1.13.2 / 2022-02-21</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated from 2.9.12 to 2.9.13. This update addresses <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-23308";>CVE-2022-23308</a>.</li> <li>[CRuby] Vendored libxslt is updated from 1.1.34 to 1.1.35. This update addresses <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-30560";>CVE-2021-30560</a>.</li> </ul> <p>Please see <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2";>GHSA-fq42-c5rg-92c2</a> for more information about these CVEs.</p> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated from 2.9.12 to 2.9.13. Full changelog is available at <a href="https://download.gnome.org/sources/libxml2/2.9/libxml2-2.9.13.news";>https://download.gnome.org/sources/libxml2/2.9/libxml2-2.9.13.news</a></li> <li>[CRuby] Vendored libxslt is updated from 1.1.34 to 1.1.35. Full changelog is available at <a href="https://download.gnome.org/sources/libxslt/1.1/libxslt-1.1.35.news";>https://download.gnome.org/sources/libxslt/1.1/libxslt-1.1.35.news</a></li> </ul> <h2>1.13.1 / 2022-01-13</h2> <h3>Fixed</h3> <ul> <li>Fix <code>Nokogiri::XSLT.quote_params</code> regression in v1.13.0 that raised an exception when non-string stylesheet parameters were passed. Non-string parameters (e.g., integers and symbols) are now explicitly supported and both keys and values will be stringified with <code>#to_s</code>. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2418";>#2418</a>]</li> <li>Fix CSS selector query regression in v1.13.0 that raised an <code>Nokogiri::XML::XPath::SyntaxError</code> when parsing XPath attributes mixed into the CSS query. Although this mash-up of XPath and CSS syntax previously worked unintentionally, it is now an officially supported feature and is documented as such. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2419";>#2419</a>]</li> </ul> <h2>1.13.0 / 2022-01-06</h2> <h3>Notes</h3> <h4>Ruby</h4> <p>This release introduces native gem support for Ruby 3.1. Please note that Windows users should use the <code>x64-mingw-ucrt</code> platform gem for Ruby 3.1, and <code>x64-mingw32</code> for Ruby 2.6–3.0 (see <a href="https://rubyinstaller.org/2021/12/31/rubyinstaller-3.1.0-1-released.html";>RubyInstaller 3.1.0 release notes</a>).</p> <p>This release ends support for:</p> <ul> <li>Ruby 2.5, for which <a href="https://www.ruby-lang.org/en/downloads/branches/";>official support ended 2021-03-31</a>.</li> <li>JRuby 9.2, which is a Ruby 2.5-compatible release.</li> </ul> <h4>Faster, more reliable installation: Native Gem for ARM64 Linux</h4> <p>This version of Nokogiri ships experimental native gem support for the <code>aarch64-linux</code> platform, which should support AWS Graviton and other ARM Linux platforms. We don't yet have CI running for this platform, and so we're interested in hearing back from y'all whether this is working, and what problems you're seeing. Please send us feedback here: <a href="https://github.com/sparklemotion/nokogiri/discussions/2359";>Feedback: Have you used the <code>aarch64-linux</code> native gem?</a></p> <h4>Publishing</h4> <p>This version of Nokogiri opts-in to the <a href="https://guides.rubygems.org/mfa-requirement-opt-in/";>"MFA required to publish" setting</a> on Rubygems.org. This and all future Nokogiri gem files must be published to Rubygems by an account with multi-factor authentication enabled. This should provide some additional protection against supply-chain attacks.</p> <p>A related discussion about Trust exists at <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2357";>#2357</a> in which I invite you to participate if you have feelings or opinions on this topic.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sparklemotion/nokogiri/commit/49b86631b7e84ec29b4b445f5a2f22fbcbf258b0";><code>49b8663</code></a> version bump to v1.13.2</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/472913378794b8cae21751b0777205e7c0606a95";><code>4729133</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2457";>#2457</a> from sparklemotion/flavorjones-libxml-2.9.13-v1.13.x</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/379f757ef529feae0fafba2ae2c145c050d8a4fc";><code>379f757</code></a> dev(package): work around gnome mirrors with expired certs</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/95cf66ca9ff0fc5b85b6c74730b102afb50331c6";><code>95cf66c</code></a> dep: upgrade libxml2 2.9.12 → 2.9.13</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/d37dd02ea59d9dacf09063860007a205ef2eb82e";><code>d37dd02</code></a> dep: upgrade libxslt 1.1.34 → 1.1.35</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/59a93986ec208387e8a9bda94dbf4f89abc1c20d";><code>59a9398</code></a> dep: upgrade mini_portile 2.7 to 2.8</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/e8854632856b6641bc5439395ee8d7a3ad6b1a5c";><code>e885463</code></a> dev(package): handle either .tar.gz or .tar.xz archive names</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/7957c7b00936e282fbc93919647a3fb2502a4388";><code>7957c7b</code></a> style: rubocop</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/93d37f783f4204ab75faafd9c8d0685647facb48";><code>93d37f7</code></a> ci: Change Ruby setup to standard</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/15d32f6b02f1a1cd81e8b5130ae8f1f4785545fd";><code>15d32f6</code></a> ci: skip html5lib-tests on v1.13.x branch</li> <li>Additional commits viewable in <a href="https://github.com/sparklemotion/nokogiri/compare/v1.12.5...v1.13.2";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/datafu/network/alerts). </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@datafu.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
