Bump nokogiri from 1.13.1 to 1.13.3
Bumps nokogiri from 1.13.1 to 1.13.3.
Release notes
Sourced from nokogiri's releases.
1.13.3 / 2022-02-21
Fixed
- [CRuby] Revert a HTML4 parser bug in libxml 2.9.13 (introduced in Nokogiri v1.13.2). The bug causes libxml2's HTML4 parser to fail to recover when encountering a bare
<
character in some contexts. This version of Nokogiri restores the earlier behavior, which is to recover from the parse error and treat the<
as normal character data (which will be serialized as<
in a text node). The bug (and the fix) is only relevant when theRECOVER
parse option is set, as it is by default. [#2461]
SHA256 checksums:
025a4e333f6f903072a919f5f75b03a8f70e4969dab4280375b73f9d8ff8d2c0 nokogiri-1.13.3-aarch64-linux.gem b9cb59c6a6da8cf4dbee5dbb569c7cc95a6741392e69053544e0f40b15ab9ad5 nokogiri-1.13.3-arm64-darwin.gem e55d18cee64c19d51d35ad80634e465dbcdd46ac4233cb42c1e410307244ebae nokogiri-1.13.3-java.gem 53e2d68116cd00a873406b8bdb90c78a6f10e00df7ddf917a639ac137719b67b nokogiri-1.13.3-x64-mingw-ucrt.gem b5f39ebb662a1be7d1c61f8f0a2a683f1bb11690a6f00a99a1aa23a071f80145 nokogiri-1.13.3-x64-mingw32.gem 7c0de5863aace4bbbc73c4766cf084d1f0b7a495591e46d1666200cede404432 nokogiri-1.13.3-x86-linux.gem 675cc3e7d7cca0d6790047a062cd3aa3eab59e3cb9b19374c34f98bade588c66 nokogiri-1.13.3-x86-mingw32.gem f445596a5a76941a9d1980747535ab50d3399d1b46c32989bc26b7dd988ee498 nokogiri-1.13.3-x86_64-darwin.gem 3f6340661c2a283b337d227ea224f859623775b2f5c09a6bf197b786563958df nokogiri-1.13.3-x86_64-linux.gem bf1b1bceff910abb0b7ad825535951101a0361b859c2ad1be155c010081ecbdc nokogiri-1.13.3.gem
1.13.2 / 2022-02-21
Security
- [CRuby] Vendored libxml2 is updated from 2.9.12 to 2.9.13. This update addresses CVE-2022-23308.
- [CRuby] Vendored libxslt is updated from 1.1.34 to 1.1.35. This update addresses CVE-2021-30560.
Please see GHSA-fq42-c5rg-92c2 for more information about these CVEs.
Dependencies
- [CRuby] Vendored libxml2 is updated from 2.9.12 to 2.9.13. Full changelog is available at https://download.gnome.org/sources/libxml2/2.9/libxml2-2.9.13.news
- [CRuby] Vendored libxslt is updated from 1.1.34 to 1.1.35. Full changelog is available at https://download.gnome.org/sources/libxslt/1.1/libxslt-1.1.35.news
SHA256 checksums:
63469a9bb56a21c62fbaea58d15f54f8f167ff6fde51c5c2262072f939926fdd nokogiri-1.13.2-aarch64-linux.gem 2986617f982f645c06f22515b721e6d2613dd69493e5c41ddd03c4830c3b3065 nokogiri-1.13.2-arm64-darwin.gem aca1d66206740b29d0d586b1d049116adcb31e6cdd7c4dd3a96eb77da215a0c4 nokogiri-1.13.2-java.gem b9e4eea1a200d9a927a5bc7d662c427e128779cba0098ea49ddbdb3ffc3ddaec nokogiri-1.13.2-x64-mingw-ucrt.gem 48d5493fec495867c5516a908a068c1387a1d17c5aeca6a1c98c089d9d9fdcf8 nokogiri-1.13.2-x64-mingw32.gem 62034d7aaaa83fbfcb8876273cc5551489396841a66230d3200b67919ef76cf9 nokogiri-1.13.2-x86-linux.gem e07237b82394017c2bfec73c637317ee7dbfb56e92546151666abec551e46d1d nokogiri-1.13.2-x86-mingw32.gem </tr></table>
... (truncated)
Changelog
Sourced from nokogiri's changelog.
1.13.3 / 2022-02-21
Fixed
- [CRuby] Revert a HTML4 parser bug in libxml 2.9.13 (introduced in Nokogiri v1.13.2). The bug causes libxml2's HTML4 parser to fail to recover when encountering a bare
<
character in some contexts. This version of Nokogiri restores the earlier behavior, which is to recover from the parse error and treat the<
as normal character data (which will be serialized as<
in a text node). The bug (and the fix) is only relevant when theRECOVER
parse option is set, as it is by default. [#2461]1.13.2 / 2022-02-21
Security
- [CRuby] Vendored libxml2 is updated from 2.9.12 to 2.9.13. This update addresses CVE-2022-23308.
- [CRuby] Vendored libxslt is updated from 1.1.34 to 1.1.35. This update addresses CVE-2021-30560.
Please see GHSA-fq42-c5rg-92c2 for more information about these CVEs.
Dependencies
- [CRuby] Vendored libxml2 is updated from 2.9.12 to 2.9.13. Full changelog is available at https://download.gnome.org/sources/libxml2/2.9/libxml2-2.9.13.news
- [CRuby] Vendored libxslt is updated from 1.1.34 to 1.1.35. Full changelog is available at https://download.gnome.org/sources/libxslt/1.1/libxslt-1.1.35.news
Commits
-
7d74ced
version bump to v1.13.3 -
5970fd9
fix: revert libxml2 regression with HTML4 recovery -
49b8663
version bump to v1.13.2 -
4729133
Merge pull request #2457 from sparklemotion/flavorjones-libxml-2.9.13-v1.13.x -
379f757
dev(package): work around gnome mirrors with expired certs -
95cf66c
dep: upgrade libxml2 2.9.12 → 2.9.13 -
d37dd02
dep: upgrade libxslt 1.1.34 → 1.1.35 -
59a9398
dep: upgrade mini_portile 2.7 to 2.8 -
e885463
dev(package): handle either .tar.gz or .tar.xz archive names -
7957c7b
style: rubocop - Additional commits viewable in compare view