[PR] Bump nokogiri from 1.16.2 to 1.16.5 [storm-site]
dependabot[bot] opened a new pull request, #53: URL: https://github.com/apache/storm-site/pull/53 Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.16.2 to 1.16.5. Release notes Sourced from https://github.com/sparklemotion/nokogiri/releases;>nokogiri's releases. v1.16.5 / 2024-05-13 Security [CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7;>GHSA-r95h-9x8f-r3f7 for more information. Dependencies [CRuby] Vendored libxml2 is updated to https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7;>v2.12.7 from v2.12.6. (https://github.com/flavorjones;>@flavorjones) sha256 checksums: af0f44fa3e664dfb2aa10de8b551447d720c1e8d1f0aa3f35783dcc43e40a874 nokogiri-1.16.5-aarch64-linux.gem 23dc2357b26409a5c33b7e32a82902f0e9995305420f16d1a03ab3ea1a482fec nokogiri-1.16.5-arm-linux.gem 950d037530edb49f75ad35de0b8038b970a7dda57e2b6326895b0e49fadf6214 nokogiri-1.16.5-arm64-darwin.gem b7aefc94370c62476b8528e8d8abb6160203abd84a1f4eceda8f1aa8974d9989 nokogiri-1.16.5-java.gem ec2167160df8fec3137bf95d574ed80ebc1d002bb3b281546b60b4aa9002466e nokogiri-1.16.5-x64-mingw-ucrt.gem 6984200491fac69974005ecfa2de129d61843d345eafa5d6f58e8b908d1cf107 nokogiri-1.16.5-x64-mingw32.gem abdc389ab1ec6604492da16bd9d06ad746fdb6bd6a1bd274c400d61ffcadb3c4 nokogiri-1.16.5-x86-linux.gem 63d24981345856f2baf7f4089870a62d3042fb8d3021b280fb04fc052532e3c4 nokogiri-1.16.5-x86-mingw32.gem 71b5f54e378c433d13df67c3b71acc4716129da62402d8181f310c4216a63279 nokogiri-1.16.5-x86_64-darwin.gem 0ca238da870066bed2f7837af6f35791bb9b76c4c5638999c46aac44818a6a97 nokogiri-1.16.5-x86_64-linux.gem ec36162c68984fa0a90a5c4ae7ab7759460639e716cc1ce75f34c3cb54158ad2 nokogiri-1.16.5.gem v1.16.4 / 2024-04-10 Dependencies [CRuby] Vendored zlib in the precompiled native gems is updated to https://zlib.net/ChangeLog.txt;>v1.3.1 from v1.3. Nokogiri is not affected by the minizip CVE patched in this version, but this update may satisfy some security scanners. Related, see https://github.com/sparklemotion/nokogiri/discussions/3168;>this discussion about removing the compression libraries altogether in a future version of Nokogiri. sha256 checksums: bdb1dc4378ebcf3ade8f440c7df68f6d76946a1a96c4823a2b4c53c01a320cd5 nokogiri-1.16.4-aarch64-linux.gem 0c994b9996d5576eddcc3201a94ef2bff6fc3627c4ae4d2708b0ec9b9743ec6a nokogiri-1.16.4-arm-linux.gem 8e86abb64c93c06d3c588042a0e757279e8f1dc88b5210a00be892a9a7a27196 nokogiri-1.16.4-arm64-darwin.gem bf84fa28be4943692bd64772186e0832fb1061f80714ccb93e111e9d72b1cadc nokogiri-1.16.4-java.gem a46808467c1f63a2031e1ca0715cd5336bb4ec759e9c0e2f4c951c1cc30994ae nokogiri-1.16.4-x64-mingw-ucrt.gem 4cdf64bc5e9443ec3e0b595347ecc8affe21968d9ae934c0825d26630ef96468 nokogiri-1.16.4-x64-mingw32.gem d86d21bae47dd9f6f5223055e45d33fae08b0b89aad94cbc0ece4f4274fa7af5 nokogiri-1.16.4-x86-linux.gem d488b872884844686780fda7cf5da44ee884d32faa713a55aeb4736d76718168 nokogiri-1.16.4-x86-mingw32.gem a896e52a56951ffb0e6a9279afbf485d683e357a053d27f4cfcb2a73b0824628 nokogiri-1.16.4-x86_64-darwin.gem 92ff4f09910255fec84b3bc4c4b182e94cada3ed12b9f7a6ea058e0af186fb31 nokogiri-1.16.4-x86_64-linux.gem /tr/table ... (truncated) Changelog Sourced from https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md;>nokogiri's changelog. v1.16.5 Security [CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7;>GHSA-r95h-9x8f-r3f7 for more information. Dependencies [CRuby] Vendored libxml2 is updated to https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7;>v2.12.7 from v2.12.6. (https://github.com/flavorjones;>@flavorjones) v1.16.4 / 2024-04-10 Dependencies [CRuby] Vendored zlib in the precompiled native gems is updated to https://zlib.net/ChangeLog.txt;>v1.3.1 from v1.3. Nokogiri is not affected by the minizip CVE patched in this version, but this update may satisfy some security scanners. Related, see https://github.com/sparklemotion/nokogiri/discussions/3168;>this discussion about removing the compression libraries altogether in a future version of Nokogiri. v1.16.3 / 2024-03-15 Dependencies [CRuby] Vendored libxml2 is updated to https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.6;>v2.12.6 from v2.12.5. (https://github.com/flavorjones;>@flavorjones) Changed [CRuby] XML::Reader sets the @encoding instance variable during reading if it is not passed into the initializer. Previously, it would remain nil. The behavior of Reader#encoding has not changed. This works around changes to how libxml2 reports the encoding used in v2.12.6. Commits
[PR] Bump nokogiri from 1.16.2 to 1.16.5 in /content [storm-site]
dependabot[bot] opened a new pull request, #52: URL: https://github.com/apache/storm-site/pull/52 Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.16.2 to 1.16.5. Release notes Sourced from https://github.com/sparklemotion/nokogiri/releases;>nokogiri's releases. v1.16.5 / 2024-05-13 Security [CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7;>GHSA-r95h-9x8f-r3f7 for more information. Dependencies [CRuby] Vendored libxml2 is updated to https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7;>v2.12.7 from v2.12.6. (https://github.com/flavorjones;>@flavorjones) sha256 checksums: af0f44fa3e664dfb2aa10de8b551447d720c1e8d1f0aa3f35783dcc43e40a874 nokogiri-1.16.5-aarch64-linux.gem 23dc2357b26409a5c33b7e32a82902f0e9995305420f16d1a03ab3ea1a482fec nokogiri-1.16.5-arm-linux.gem 950d037530edb49f75ad35de0b8038b970a7dda57e2b6326895b0e49fadf6214 nokogiri-1.16.5-arm64-darwin.gem b7aefc94370c62476b8528e8d8abb6160203abd84a1f4eceda8f1aa8974d9989 nokogiri-1.16.5-java.gem ec2167160df8fec3137bf95d574ed80ebc1d002bb3b281546b60b4aa9002466e nokogiri-1.16.5-x64-mingw-ucrt.gem 6984200491fac69974005ecfa2de129d61843d345eafa5d6f58e8b908d1cf107 nokogiri-1.16.5-x64-mingw32.gem abdc389ab1ec6604492da16bd9d06ad746fdb6bd6a1bd274c400d61ffcadb3c4 nokogiri-1.16.5-x86-linux.gem 63d24981345856f2baf7f4089870a62d3042fb8d3021b280fb04fc052532e3c4 nokogiri-1.16.5-x86-mingw32.gem 71b5f54e378c433d13df67c3b71acc4716129da62402d8181f310c4216a63279 nokogiri-1.16.5-x86_64-darwin.gem 0ca238da870066bed2f7837af6f35791bb9b76c4c5638999c46aac44818a6a97 nokogiri-1.16.5-x86_64-linux.gem ec36162c68984fa0a90a5c4ae7ab7759460639e716cc1ce75f34c3cb54158ad2 nokogiri-1.16.5.gem v1.16.4 / 2024-04-10 Dependencies [CRuby] Vendored zlib in the precompiled native gems is updated to https://zlib.net/ChangeLog.txt;>v1.3.1 from v1.3. Nokogiri is not affected by the minizip CVE patched in this version, but this update may satisfy some security scanners. Related, see https://github.com/sparklemotion/nokogiri/discussions/3168;>this discussion about removing the compression libraries altogether in a future version of Nokogiri. sha256 checksums: bdb1dc4378ebcf3ade8f440c7df68f6d76946a1a96c4823a2b4c53c01a320cd5 nokogiri-1.16.4-aarch64-linux.gem 0c994b9996d5576eddcc3201a94ef2bff6fc3627c4ae4d2708b0ec9b9743ec6a nokogiri-1.16.4-arm-linux.gem 8e86abb64c93c06d3c588042a0e757279e8f1dc88b5210a00be892a9a7a27196 nokogiri-1.16.4-arm64-darwin.gem bf84fa28be4943692bd64772186e0832fb1061f80714ccb93e111e9d72b1cadc nokogiri-1.16.4-java.gem a46808467c1f63a2031e1ca0715cd5336bb4ec759e9c0e2f4c951c1cc30994ae nokogiri-1.16.4-x64-mingw-ucrt.gem 4cdf64bc5e9443ec3e0b595347ecc8affe21968d9ae934c0825d26630ef96468 nokogiri-1.16.4-x64-mingw32.gem d86d21bae47dd9f6f5223055e45d33fae08b0b89aad94cbc0ece4f4274fa7af5 nokogiri-1.16.4-x86-linux.gem d488b872884844686780fda7cf5da44ee884d32faa713a55aeb4736d76718168 nokogiri-1.16.4-x86-mingw32.gem a896e52a56951ffb0e6a9279afbf485d683e357a053d27f4cfcb2a73b0824628 nokogiri-1.16.4-x86_64-darwin.gem 92ff4f09910255fec84b3bc4c4b182e94cada3ed12b9f7a6ea058e0af186fb31 nokogiri-1.16.4-x86_64-linux.gem /tr/table ... (truncated) Changelog Sourced from https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md;>nokogiri's changelog. v1.16.5 Security [CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7;>GHSA-r95h-9x8f-r3f7 for more information. Dependencies [CRuby] Vendored libxml2 is updated to https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7;>v2.12.7 from v2.12.6. (https://github.com/flavorjones;>@flavorjones) v1.16.4 / 2024-04-10 Dependencies [CRuby] Vendored zlib in the precompiled native gems is updated to https://zlib.net/ChangeLog.txt;>v1.3.1 from v1.3. Nokogiri is not affected by the minizip CVE patched in this version, but this update may satisfy some security scanners. Related, see https://github.com/sparklemotion/nokogiri/discussions/3168;>this discussion about removing the compression libraries altogether in a future version of Nokogiri. v1.16.3 / 2024-03-15 Dependencies [CRuby] Vendored libxml2 is updated to https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.6;>v2.12.6 from v2.12.5. (https://github.com/flavorjones;>@flavorjones) Changed [CRuby] XML::Reader sets the @encoding instance variable during reading if it is not passed into the initializer. Previously, it would remain nil. The behavior of Reader#encoding has not changed. This works around changes to how libxml2 reports the encoding used in v2.12.6. Commits
Re: Licensing of the Redis Module
lol :) yes you are right. As long it stays MIT, we can still rely on it but might be worth looking to the clients for the fork because people might migrate sooner or later (similar to elastic search and opensearch) In this case: sorry for the noise and thanks Alexandre for the heads up ;-) Am Montag, dem 13.05.2024 um 13:25 +0200 schrieb Alexandre Vermeerbergen: > Hello, > > Yes Redis server licensing became non-OSS friendly, but I don't > understand what would be Storm's dependency on Redis server : don't > we > we just need a Redis client, such as Jedis (this later has a MIT > License) ? > > Alex > > Le lun. 13 mai 2024 à 11:51, Richard Zowalla a > écrit : > > > > Hi all, > > > > REDIS switched it's license, which isn't compatible anymore [1] > > > > We have two options here (imho): > > > > (1) Drop the REDIS module > > (2) Migrate to the OSS fork: https://github.com/valkey-io/valkey > > > > > > WDYT? > > > > Gruß > > Richard > > > > [1] > > https://redis.io/blog/redis-adopts-dual-source-available-licensing/
Re: Licensing of the Redis Module
Hello, Yes Redis server licensing became non-OSS friendly, but I don't understand what would be Storm's dependency on Redis server : don't we we just need a Redis client, such as Jedis (this later has a MIT License) ? Alex Le lun. 13 mai 2024 à 11:51, Richard Zowalla a écrit : > > Hi all, > > REDIS switched it's license, which isn't compatible anymore [1] > > We have two options here (imho): > > (1) Drop the REDIS module > (2) Migrate to the OSS fork: https://github.com/valkey-io/valkey > > > WDYT? > > Gruß > Richard > > [1] https://redis.io/blog/redis-adopts-dual-source-available-licensing/
Licensing of the Redis Module
Hi all, REDIS switched it's license, which isn't compatible anymore [1] We have two options here (imho): (1) Drop the REDIS module (2) Migrate to the OSS fork: https://github.com/valkey-io/valkey WDYT? Gruß Richard [1] https://redis.io/blog/redis-adopts-dual-source-available-licensing/ signature.asc Description: This is a digitally signed message part
