dependabot[bot] opened a new pull request, #167: URL: https://github.com/apache/datasketches-website/pull/167
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.14.3 to 1.15.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/releases";>nokogiri's releases</a>.</em></p> <blockquote> <h2>1.15.6 / 2024-03-16</h2> <h3>Note</h3> <p>This security release is a backport to the unsupported v1.15.x branch. Current stable is v1.16.x, which addressed the referenced CVE in v1.16.2 on 2024-02-04.</p> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j";>GHSA-xc9x-jj77-9p9j</a> for more information.</li> </ul> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to v2.11.7 from v2.11.6. For details please see <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.7";>https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.7</a></li> </ul> <hr /> <p>sha256 checksums:</p> <pre><code>d79f713dffff149d60ab272d206a3ca96db2b891ab6a9f65362bfb78aface37a gems/nokogiri-1.15.6-aarch64-linux.gem 62b5b7b387ec6c61c1ea5f889b7bc579eedd37f265f7cc1dc392484938549f1a gems/nokogiri-1.15.6-arm-linux.gem ba93c63f5c03047778abf16c80676fe67e7eb7d871ab0aaa7e2c2dfe4ec20027 gems/nokogiri-1.15.6-arm64-darwin.gem d24639a546ba58c86d18da1ed124eaecbd45c5ae4c4dec41751b730a2b732ac3 gems/nokogiri-1.15.6-java.gem e36887d89ec1b080e4a01dd2ff52650003db01d2a5edf5e6ab19e4c0bdb1385f gems/nokogiri-1.15.6-x64-mingw-ucrt.gem 852c59a398499c8fcb6478d76396dcd50afa8f8902563b76265cd7dc90a731a1 gems/nokogiri-1.15.6-x64-mingw32.gem 19e0a5fbfa4393353fbcf6801f8f62350b6e16f43c907680c5884896858a23a2 gems/nokogiri-1.15.6-x86-linux.gem 9d464bbbaad6721a5a73181165fda67573f64ef2803c3337f6f733603e9d309a gems/nokogiri-1.15.6-x86-mingw32.gem 32d045cdb0ce097e4543a5e7a79efd13ff05d904e32f4328732149dbea3c7f15 gems/nokogiri-1.15.6-x86_64-darwin.gem 26a79da0377100d6938ae2f1b115230a8a4a4595e35b89164d8495af32091186 gems/nokogiri-1.15.6-x86_64-linux.gem 70ce799b4b3e23b358501f1da3914f70b1c7a113fb12e96a7d53558481146e08 gems/nokogiri-1.15.6.gem </code></pre> <h2>1.15.5 / 2023-11-17</h2> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to v2.11.6 from v2.11.5. For details please see <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.6";>https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.6</a></li> <li>[CRuby] Vendored libxslt is updated to v1.1.39 from v1.1.38. For details please see <a href="https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.39";>https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.39</a></li> </ul> <hr /> <p>sha256 checksums:</p> <pre><code>6dfa1d9837ddb233e234d56e244560ab1bc545d3d1744478060e18691f44ded7 nokogiri-1.15.5-aarch64-linux.gem e3ac6608c6e1714bc11ff04e29a43fedf4cac2aea1bd88256cc3b927c06f347f nokogiri-1.15.5-arm-linux.gem 4d7b15d53c0397d131376a19875aa97dd1c8b404c2c03bd2171f9b77e9592d40 nokogiri-1.15.5-arm64-darwin.gem 5f87e71aaeb4f7479b94698737a0aacea77836b4805c7433b655e9565bd56cfe nokogiri-1.15.5-java.gem 7612be800909ae51e0a7cfbe1f768757857a9ff0339686814ca67d9bae271ca2 nokogiri-1.15.5-x64-mingw-ucrt.gem </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md";>nokogiri's changelog</a>.</em></p> <blockquote> <h2>1.15.6 / 2024-03-16</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j";>GHSA-xc9x-jj77-9p9j</a> for more information.</li> </ul> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to v2.11.7 from v2.11.6. For details please see <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.7";>https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.7</a></li> </ul> <h2>1.15.5 / 2023-11-17</h2> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to v2.11.6 from v2.11.5. For details please see <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.6";>https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.6</a></li> <li>[CRuby] Vendored libxslt is updated to v1.1.39 from v1.1.38. For details please see <a href="https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.39";>https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.39</a></li> </ul> <h2>1.15.4 / 2023-08-11</h2> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to v2.11.5 from v2.11.4. For details please see <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5";>https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5</a></li> </ul> <h3>Fixed</h3> <ul> <li>Fixed a typo in a HTML5 parser error message. <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2927";>#2927</a> (<a href="https://github.com/anishathalye";><code>@anishathalye</code></a>)</li> <li>[CRuby] <code>ObjectSpace.memsize_of</code> is now safe to call on <code>Document</code>s with complex DTDs. In previous versions, this debugging method could result in a segfault. [#2923, <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2924";>#2924</a>]</li> </ul> <h2>1.15.3 / 2023-07-05</h2> <h3>Fixed</h3> <ul> <li>Passing an object that is not a kind of <code>XML::Node</code> as the first parameter to <code>CDATA.new</code> now raises a <code>TypeError</code>. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2920";>#2920</a></li> <li>Passing an object that is not a kind of <code>XML::Node</code> as the first parameter to <code>Schema.from_document</code> now raises a <code>TypeError</code>. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2920";>#2920</a></li> <li>[CRuby] Passing an object that is not a kind of <code>XML::Node</code> as the second parameter to <code>Text.new</code> now raises a <code>TypeError</code>. Previously this would result in a segfault. <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2920";>#2920</a></li> <li>[CRuby] Replacing a node's children via methods like <code>Node#inner_html=</code>, <code>#children=</code>, and <code>#replace</code> no longer defensively dups the node's next sibling if it is a Text node. This behavior was originally adopted to work around libxml2's memory management (see <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/283";>#283</a> and <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/595";>#595</a>) but should not have included operations involving <code>xmlAddChild()</code>. <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2916";>#2916</a></li> <li>[JRuby] Fixed NPE when serializing an unparented HTML node. [#2559, <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2895";>#2895</a>] (<a href="https://github.com/cbasguti";><code>@cbasguti</code></a>)</li> </ul> <h2>1.15.2 / 2023-05-24</h2> <h3>Dependencies</h3> <ul> <li>[JRuby] Vendored org.nokogiri:nekodtd is updated to v0.1.11.noko2. This is functionally equivalent to v0.1.11.noko1 but restores support for Java 8.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sparklemotion/nokogiri/commit/7ab63106edb578880c3436c0cc9597e271b5dfcd";><code>7ab6310</code></a> version bump to v1.15.6</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/f8156b409ade29b5d831d83b1f1af6388b46dd5a";><code>f8156b4</code></a> dep: update libxml to 2.11.7 (branch 1.15.x) (<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3154";>#3154</a>)</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/98276191532fbed2eaab91e0d5f94d59694448fb";><code>9827619</code></a> ci: pin to a version of bundler that works across supported rubies</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/83a25716917a0ad82b0a9316358c95964e76822f";><code>83a2571</code></a> dep: bump libxml to v2.11.7</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/5745d4bcd937148222a612d89ad3dd26ca435726";><code>5745d4b</code></a> version bump to v1.15.5</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/da2d908bf91fd89adfc42aaa0e66c175ca8b4c74";><code>da2d908</code></a> ci: add ruby version to vendored libs cache key (backport) (<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3029";>#3029</a>)</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/0f56450e010f5944dbaad32e043ba8faf8fc43d1";><code>0f56450</code></a> ci: add ruby version to vendored libs cache key (<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3028";>#3028</a>)</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/32b2c3500f509af8ed7d69877bb2868504df5710";><code>32b2c35</code></a> dep: update libxml to 2.11.5 and libxslt to 1.1.39 (v1.15.x) (<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3025";>#3025</a>)</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/b8f7e16e3806862d6ddf81ec55b657b8a48cb479";><code>b8f7e16</code></a> ci: skip the BSD builds for now</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/aa3208bc908aa69a940479b0cfb8ebe0162c8d0f";><code>aa3208b</code></a> dep: update libxml to 2.11.5 and libxslt to 1.1.39</li> <li>Additional commits viewable in <a href="https://github.com/sparklemotion/nokogiri/compare/v1.14.3...v1.15.6";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/datasketches-website/network/alerts). </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
