dependabot[bot] opened a new pull request, #39: URL: https://github.com/apache/datafu/pull/39
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.10 to 1.15.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/releases";>nokogiri's releases</a>.</em></p> <blockquote> <h2>1.15.4 / 2023-08-11</h2> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to v2.11.5 from v2.11.4. For details please see <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5";>https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5</a></li> </ul> <h3>Fixed</h3> <ul> <li>Fixed a typo in a HTML5 parser error message. [<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2927";>#2927</a>] (Thanks, <a href="https://github.com/anishathalye";><code>@anishathalye</code></a>!)</li> <li>[CRuby] <code>ObjectSpace.memsize_of</code> is now safe to call on <code>Document</code>s with complex DTDs. In previous versions, this debugging method could result in a segfault. [<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2923";>#2923</a>, <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2924";>#2924</a>]</li> </ul> <hr /> <p>sha256 checksums:</p> <pre><code>14091a07e07045a440213f7d5ced732fa7654ae8b6c7d180137f4124c5284ab8 nokogiri-1.15.4-aarch64-linux.gem 572ddc19934d010e98821a946d89462ae66b310fecc3fe12c48b0025c2f76855 nokogiri-1.15.4-arm-linux.gem 707288e293f4fc82a008f90b7ba0180d9f803f6a239a13e424378fedf8cf93e9 nokogiri-1.15.4-arm64-darwin.gem 04745925f63af61144eccef38a703928629cf97c34dbb1c42e3def17ac77ec92 nokogiri-1.15.4-java.gem a0bfb65461a0453afed1a41b235fe84d5b9c7f4d70afd45f0dc2fdec8909faf1 nokogiri-1.15.4-x64-mingw-ucrt.gem b9d01b9202e33cc23d19b2c1fc18ff4029cdda9b4f937a4baaefd4124a2158ba nokogiri-1.15.4-x64-mingw32.gem f6ae258d7ed5f81715118282aa45486e68fd44b9747d0244a236e9ed5b94c45d nokogiri-1.15.4-x86-linux.gem 3f65b2426ece8da908bd5df5b6262ce525393f5245f8258a245bb4c3f5759b98 nokogiri-1.15.4-x86-mingw32.gem d756605c540034debd7f486ae27802e6b1b129013fd6b1bb823783ef6f2bc5d7 nokogiri-1.15.4-x86_64-darwin.gem 872ced3d72d797ed9b5a76c67141c6cee7589711358e11c73e9c53724ffd1842 nokogiri-1.15.4-x86_64-linux.gem e4a801e5ef643cc0036f0a7e93433d18818b31d48c9c287596b68e92c0173c4d nokogiri-1.15.4.gem </code></pre> <h2>1.15.3 / 2023-07-05</h2> <h3>Fixed</h3> <ul> <li>Passing an object that is not a kind of <code>XML::Node</code> as the first parameter to <code>CDATA.new</code> now raises a <code>TypeError</code>. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). [<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2920";>#2920</a>]</li> <li>Passing an object that is not a kind of <code>XML::Node</code> as the first parameter to <code>Schema.from_document</code> now raises a <code>TypeError</code>. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). [<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2920";>#2920</a>]</li> <li>[CRuby] Passing an object that is not a kind of <code>XML::Node</code> as the second parameter to <code>Text.new</code> now raises a <code>TypeError</code>. Previously this would result in a segfault. [<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2920";>#2920</a>]</li> <li>[CRuby] Replacing a node's children via methods like <code>Node#inner_html=</code>, <code>#children=</code>, and <code>#replace</code> no longer defensively dups the node's next sibling if it is a Text node. This behavior was originally adopted to work around libxml2's memory management (see <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/283";>#283</a> and <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/595";>#595</a>) but should not have included operations involving <code>xmlAddChild()</code>. [<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2916";>#2916</a>]</li> <li>[JRuby] Fixed NPE when serializing an unparented HTML node. [<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2559";>#2559</a>, <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2895";>#2895</a>] (Thanks, <a href="https://github.com/cbasguti";><code>@cbasguti</code></a>!)</li> </ul> <hr /> <p>sha256 checksums:</p> <pre><code>70dadf636ae026f475f07c16b12c685544d4f8a764777df629abf1f7af0f2fb5 nokogiri-1.15.3-aarch64-linux.gem 83871fa3f544dc601e27abbdef87315a77fe1270fe4904986bd3a7df9ca3d56f nokogiri-1.15.3-arm-linux.gem fa4a027478df9004a2ce91389af7b7b5a4fc790c23492dca43b210a0f8770596 nokogiri-1.15.3-arm64-darwin.gem </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md";>nokogiri's changelog</a>.</em></p> <blockquote> <h2>1.15.4 / 2023-08-11</h2> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to v2.11.5 from v2.11.4. For details please see <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5";>https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5</a></li> </ul> <h3>Fixed</h3> <ul> <li>Fixed a typo in a HTML5 parser error message. [<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2927";>#2927</a>] (Thanks, <a href="https://github.com/anishathalye";><code>@anishathalye</code></a>!)</li> <li>[CRuby] <code>ObjectSpace.memsize_of</code> is now safe to call on <code>Document</code>s with complex DTDs. In previous versions, this debugging method could result in a segfault. [<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2923";>#2923</a>, <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2924";>#2924</a>]</li> </ul> <h2>1.15.3 / 2023-07-05</h2> <h3>Fixed</h3> <ul> <li>Passing an object that is not a kind of <code>XML::Node</code> as the first parameter to <code>CDATA.new</code> now raises a <code>TypeError</code>. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). [<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2920";>#2920</a>]</li> <li>Passing an object that is not a kind of <code>XML::Node</code> as the first parameter to <code>Schema.from_document</code> now raises a <code>TypeError</code>. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). [<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2920";>#2920</a>]</li> <li>[CRuby] Passing an object that is not a kind of <code>XML::Node</code> as the second parameter to <code>Text.new</code> now raises a <code>TypeError</code>. Previously this would result in a segfault. [<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2920";>#2920</a>]</li> <li>[CRuby] Replacing a node's children via methods like <code>Node#inner_html=</code>, <code>#children=</code>, and <code>#replace</code> no longer defensively dups the node's next sibling if it is a Text node. This behavior was originally adopted to work around libxml2's memory management (see <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/283";>#283</a> and <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/595";>#595</a>) but should not have included operations involving <code>xmlAddChild()</code>. [<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2916";>#2916</a>]</li> <li>[JRuby] Fixed NPE when serializing an unparented HTML node. [<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2559";>#2559</a>, <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2895";>#2895</a>] (Thanks, <a href="https://github.com/cbasguti";><code>@cbasguti</code></a>!)</li> </ul> <h2>1.15.2 / 2023-05-24</h2> <h3>Dependencies</h3> <ul> <li>[JRuby] Vendored org.nokogiri:nekodtd is updated to v0.1.11.noko2. This is functionally equivalent to v0.1.11.noko1 but restores support for Java 8.</li> </ul> <h3>Fixed</h3> <ul> <li>[JRuby] Java 8 support is restored, fixing a regression present in v1.14.0..v1.14.4 and v1.15.0..v1.15.1. [<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2887";>#2887</a>]</li> </ul> <h2>1.15.1 / 2023-05-19</h2> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to v2.11.4 from v2.11.3. For details please see <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.4";>https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.4</a></li> </ul> <h3>Fixed</h3> <ul> <li>[CRuby] The libxml2 update fixes an encoding regression when push-parsing UTF-8 sequences. [<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2882";>#2882</a>, upstream <a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/542";>issue</a> and <a href="https://gitlab.gnome.org/GNOME/libxml2/-/commit/e0f3016f71297314502a3620a301d7e064cbb612";>commit</a>]</li> </ul> <h2>1.15.0 / 2023-05-15</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sparklemotion/nokogiri/commit/1aee13d47b7257e398ab7eeb858e7c2d7528419f";><code>1aee13d</code></a> version bump to v1.15.4</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/769faeca73448a1d47f8ebaeb1f6848dd88711f2";><code>769faec</code></a> backport updates and fixes to v1.15.x (<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2953";>#2953</a>)</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/8460bfed0bbded56e4fbf9bb7982740ff05a0f78";><code>8460bfe</code></a> dep: update libxml2 to v2.11.5</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/14d1f5a2a11e2cdad540ee33b05985e4301e7b4b";><code>14d1f5a</code></a> test: add coverage for the memsize_of bug</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/c39ec3033ed40a4df87173ab1e715440942cd204";><code>c39ec30</code></a> fix memsize_node when called on xmlAttrs</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/1617d541353bcb5ee18afadf6311ed50233534e0";><code>1617d54</code></a> Fix typo</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/a6fc29bbcf0fe3f4ffa17c2fd82beba905eb3144";><code>a6fc29b</code></a> ci: ruby-saml's downstream test suite needs minitest compat</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/8d8c728890dbbea0550aabd8081d4d9a129d5591";><code>8d8c728</code></a> style: prefer Minitest to MiniTest</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/d1c62de9c5976bd0785abbb0a67f1b94e8f1f953";><code>d1c62de</code></a> ci: update suppression stack signature</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/0d545ac7a127f27ee715b433cb88a8d674d52c2c";><code>0d545ac</code></a> version bump to v1.15.3</li> <li>Additional commits viewable in <a href="https://github.com/sparklemotion/nokogiri/compare/v1.13.10...v1.15.4";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/datafu/network/alerts). </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@datafu.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
