dependabot[bot] opened a new pull request, #53:
URL: https://github.com/apache/storm-site/pull/53
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.16.2 to
1.16.5.
Release notes
Sourced from https://github.com/sparklemotion/nokogiri/releases";>nokogiri's
releases.
v1.16.5 / 2024-05-13
Security
[CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7";>GHSA-r95h-9x8f-r3f7
for more information.
Dependencies
[CRuby] Vendored libxml2 is updated to https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7";>v2.12.7
from v2.12.6. (https://github.com/flavorjones";>@flavorjones)
sha256 checksums:
af0f44fa3e664dfb2aa10de8b551447d720c1e8d1f0aa3f35783dcc43e40a874
nokogiri-1.16.5-aarch64-linux.gem
23dc2357b26409a5c33b7e32a82902f0e9995305420f16d1a03ab3ea1a482fec
nokogiri-1.16.5-arm-linux.gem
950d037530edb49f75ad35de0b8038b970a7dda57e2b6326895b0e49fadf6214
nokogiri-1.16.5-arm64-darwin.gem
b7aefc94370c62476b8528e8d8abb6160203abd84a1f4eceda8f1aa8974d9989
nokogiri-1.16.5-java.gem
ec2167160df8fec3137bf95d574ed80ebc1d002bb3b281546b60b4aa9002466e
nokogiri-1.16.5-x64-mingw-ucrt.gem
6984200491fac69974005ecfa2de129d61843d345eafa5d6f58e8b908d1cf107
nokogiri-1.16.5-x64-mingw32.gem
abdc389ab1ec6604492da16bd9d06ad746fdb6bd6a1bd274c400d61ffcadb3c4
nokogiri-1.16.5-x86-linux.gem
63d24981345856f2baf7f4089870a62d3042fb8d3021b280fb04fc052532e3c4
nokogiri-1.16.5-x86-mingw32.gem
71b5f54e378c433d13df67c3b71acc4716129da62402d8181f310c4216a63279
nokogiri-1.16.5-x86_64-darwin.gem
0ca238da870066bed2f7837af6f35791bb9b76c4c5638999c46aac44818a6a97
nokogiri-1.16.5-x86_64-linux.gem
ec36162c68984fa0a90a5c4ae7ab7759460639e716cc1ce75f34c3cb54158ad2
nokogiri-1.16.5.gem
v1.16.4 / 2024-04-10
Dependencies
[CRuby] Vendored zlib in the precompiled native gems is updated to https://zlib.net/ChangeLog.txt";>v1.3.1 from v1.3. Nokogiri is not
affected by the minizip CVE patched in this version, but this update may
satisfy some security scanners. Related, see https://github.com/sparklemotion/nokogiri/discussions/3168";>this
discussion about removing the compression libraries altogether in a future
version of Nokogiri.
sha256 checksums:
bdb1dc4378ebcf3ade8f440c7df68f6d76946a1a96c4823a2b4c53c01a320cd5
nokogiri-1.16.4-aarch64-linux.gem
0c994b9996d5576eddcc3201a94ef2bff6fc3627c4ae4d2708b0ec9b9743ec6a
nokogiri-1.16.4-arm-linux.gem
8e86abb64c93c06d3c588042a0e757279e8f1dc88b5210a00be892a9a7a27196
nokogiri-1.16.4-arm64-darwin.gem
bf84fa28be4943692bd64772186e0832fb1061f80714ccb93e111e9d72b1cadc
nokogiri-1.16.4-java.gem
a46808467c1f63a2031e1ca0715cd5336bb4ec759e9c0e2f4c951c1cc30994ae
nokogiri-1.16.4-x64-mingw-ucrt.gem
4cdf64bc5e9443ec3e0b595347ecc8affe21968d9ae934c0825d26630ef96468
nokogiri-1.16.4-x64-mingw32.gem
d86d21bae47dd9f6f5223055e45d33fae08b0b89aad94cbc0ece4f4274fa7af5
nokogiri-1.16.4-x86-linux.gem
d488b872884844686780fda7cf5da44ee884d32faa713a55aeb4736d76718168
nokogiri-1.16.4-x86-mingw32.gem
a896e52a56951ffb0e6a9279afbf485d683e357a053d27f4cfcb2a73b0824628
nokogiri-1.16.4-x86_64-darwin.gem
92ff4f09910255fec84b3bc4c4b182e94cada3ed12b9f7a6ea058e0af186fb31
nokogiri-1.16.4-x86_64-linux.gem
... (truncated)
Changelog
Sourced from https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md";>nokogiri's
changelog.
v1.16.5
Security
[CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7";>GHSA-r95h-9x8f-r3f7
for more information.
Dependencies
[CRuby] Vendored libxml2 is updated to https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7";>v2.12.7
from v2.12.6. (https://github.com/flavorjones";>@flavorjones)
v1.16.4 / 2024-04-10
Dependencies
[CRuby] Vendored zlib in the precompiled native gems is updated to https://zlib.net/ChangeLog.txt";>v1.3.1 from v1.3. Nokogiri is not
affected by the minizip CVE patched in this version, but this update may
satisfy some security scanners. Related, see https://github.com/sparklemotion/nokogiri/discussions/3168";>this
discussion about removing the compression libraries altogether in a future
version of Nokogiri.
v1.16.3 / 2024-03-15
Dependencies
[CRuby] Vendored libxml2 is updated to https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.6";>v2.12.6
from v2.12.5. (https://github.com/flavorjones";>@flavorjones)
Changed
[CRuby] XML::Reader sets the @encoding
instance variable during reading if it is not passed into the initializer.
Previously, it would remain nil. The behavior of
Reader#encoding has not changed. This works around changes to how
libxml2 reports the encoding used in v2.12.6.