Skip to content

Bump nokogiri from 1.10.4 to 1.12.5 in /docs #135

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 921 commits into from
Closed

Bump nokogiri from 1.10.4 to 1.12.5 in /docs #135

wants to merge 921 commits into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 4, 2021

Bumps nokogiri from 1.10.4 to 1.12.5.

Release notes

Sourced from nokogiri's releases.

1.12.5 / 2021-09-27

Security

[JRuby] Address CVE-2021-41098 (GHSA-2rr5-8q37-2w7h).

In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parsers resolve external entities (XXE) by default. This fix turns off entity-resolution-by-default in the JRuby SAX parsers to match the CRuby SAX parsers' behavior.

CRuby users are not affected by this CVE.

Fixed

  • [CRuby] Document#to_xhtml properly serializes self-closing tags in libxml > 2.9.10. A behavior change introduced in libxml 2.9.11 resulted in emitting start and and tags (e.g., <br></br>) instead of a self-closing tag (e.g., <br/>) in previous Nokogiri versions. [#2324]

SHA256 checksums:

36bfa3a07aced069b3f3c9b39d9fb62cb0728d284d02b079404cd55780beaeff  nokogiri-1.12.5-arm64-darwin.gem
16b1a9ddbb70a9c998462912a5972097cbc79c3e01eb373906886ef8a469f589  nokogiri-1.12.5-java.gem
218dcc6edd1b49cc6244b5f88afb978739bb2f3f166c271557fe5f51e4bc713c  nokogiri-1.12.5-x64-mingw32.gem
e33bb919d64c16d931a5f26dc880969e587d225cfa97e6b56e790fb52179f527  nokogiri-1.12.5-x86-linux.gem
e13c2ed011b8346fbd589e96fe3542d763158bc2c7ad0f4f55f6d801afd1d9ff  nokogiri-1.12.5-x86-mingw32.gem
1ed64f7db7c1414b87fce28029f2a10128611d2037e0871ba298d00f9a00edd6  nokogiri-1.12.5-x86_64-darwin.gem
0868c8d0a147904d4dedaaa05af5f06656f2d3c67e4432601718559bf69d6cea  nokogiri-1.12.5-x86_64-linux.gem
2b20905942acc580697c8c496d0d1672ab617facb9d30d156b3c7676e67902ec  nokogiri-1.12.5.gem

1.12.4 / 2021-08-29

Notable fix: Namespace inheritance

Namespace behavior when reparenting nodes has historically been poorly specified and the behavior diverged between CRuby and JRuby. As a result, making this behavior consistent in v1.12.0 introduced a breaking change.

This patch release reverts the Builder behavior present in v1.12.0..v1.12.3 but keeps the Document behavior. This release also introduces a Document attribute to allow affected users to easily change this behavior for their legacy code without invasive changes.

Compensating Feature in XML::Document

This release of Nokogiri introduces a new Document boolean attribute, namespace_inheritance, which controls whether children should inherit a namespace when they are reparented. Nokogiri::XML:Document defaults this attribute to false meaning "do not inherit," thereby making explicit the behavior change introduced in v1.12.0.

CRuby users who desire the pre-v1.12.0 behavior may set document.namespace_inheritance = true before reparenting nodes.

See https://nokogiri.org/rdoc/Nokogiri/XML/Document.html#namespace_inheritance-instance_method for example usage.

Fix for XML::Builder

... (truncated)

Changelog

Sourced from nokogiri's changelog.

1.12.5 / 2021-09-27

Security

[JRuby] Address CVE-2021-41098 (GHSA-2rr5-8q37-2w7h).

In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parsers resolve external entities (XXE) by default. This fix turns off entity-resolution-by-default in the JRuby SAX parsers to match the CRuby SAX parsers' behavior.

CRuby users are not affected by this CVE.

Fixed

  • [CRuby] Document#to_xhtml properly serializes self-closing tags in libxml > 2.9.10. A behavior change introduced in libxml 2.9.11 resulted in emitting start and and tags (e.g., <br></br>) instead of a self-closing tag (e.g., <br/>) in previous Nokogiri versions. [#2324]

1.12.4 / 2021-08-29

Notable fix: Namespace inheritance

Namespace behavior when reparenting nodes has historically been poorly specified and the behavior diverged between CRuby and JRuby. As a result, making this behavior consistent in v1.12.0 introduced a breaking change.

This patch release reverts the Builder behavior present in v1.12.0..v1.12.3 but keeps the Document behavior. This release also introduces a Document attribute to allow affected users to easily change this behavior for their legacy code without invasive changes.

Compensating Feature in XML::Document

This release of Nokogiri introduces a new Document boolean attribute, namespace_inheritance, which controls whether children should inherit a namespace when they are reparented. Nokogiri::XML:Document defaults this attribute to false meaning "do not inherit," thereby making explicit the behavior change introduced in v1.12.0.

CRuby users who desire the pre-v1.12.0 behavior may set document.namespace_inheritance = true before reparenting nodes.

See https://nokogiri.org/rdoc/Nokogiri/XML/Document.html#namespace_inheritance-instance_method for example usage.

Fix for XML::Builder

However, recognizing that we want Builder-created children to inherit namespaces, Builder now will set namespace_inheritance=true on the underlying document for both JRuby and CRuby. This means that, on CRuby, the pre-v1.12.0 behavior is restored.

Users who want to turn this behavior off may pass a keyword argument to the Builder constructor like so:

Nokogiri::XML::Builder.new(namespace_inheritance: false)

See https://nokogiri.org/rdoc/Nokogiri/XML/Builder.html#label-Namespace+inheritance for example usage.

Downstream gem maintainers

Note that any downstream gems may want to specifically omit Nokogiri v1.12.0--v1.12.3 from their dependency specification if they rely on child namespace inheritance:

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

assadOW2 and others added 30 commits September 9, 2019 10:35
@assadOW2
strace demo.sh
603ae2d
@enriquegit
Add test plots
6645d52
@danzone
Modified position for .jtl file. Updated documentation accordingly
86997a1
@danzone
Fixed typo
d635b6e
@assadOW2
Flamegraph exp
8b4180a
new changes on Dockerfiles. Apache image from base httpd and Postgres…
520760d 
… image from base:9.3
Merge pull request #73 from fermenreq/master
2476bca 
new changes on Dockerfiles. Apache image from base httpd and Postgres…
@fchauvel
Fix #74: Update the constraints that define how to stack components.
5014200
@fchauvel
Release v0.6.1
9522bb1
@brice-morin
update on tellu
dc7a30f
@brice-morin
Merge branch 'master' of github.com:STAMP-project/camp
dd33d1f
@fchauvel
Add ISSRE 2019 in the publication list
9941973
@fchauvel
Fix #75 Add missing constraint to rule out invalid stacks
161f424
@fchauvel
Release v0.6.2
2f8b6f6
docker-compose works as apache proxy
095c202
Merge pull request #76 from fermenreq/master
7a4da97 
docker-compose works as apache proxy
@brice-morin
update on ow2 traces
791d666
@brice-morin
Merge branch 'master' of github.com:STAMP-project/camp
754a28e
@fchauvel
Description of the new version of the CityGo case
c74b2de
@fchauvel
Merge branch 'master' of github.com:STAMP-project/camp
e5ef976
dockerfiles path changed according camp.yml template
d0faee6
@fchauvel
Fix #78 about multi-stages Docker build
62ed9ac
@fchauvel
Introduce stack component recombination
03c0858
@fchauvel
Fix #79 about build_images.sh script
8af097a
@fchauvel
Make XWiki example consistent with the fix for Issue #78
61021b4
@fchauvel
Merge branch 'master' of github.com:STAMP-project/camp
de519e5
@fchauvel
Extend the "no output" timeout when running test
bb86759
@fchauvel
Release v0.6.3
b99abba
@fchauvel
Split the Atos case-study into performance and functional tests
f676e47
@fchauvel
Adjusting the Performance scenario as per Issue #81
2460e36
Fernando Méndez Requena and others added 23 commits November 21, 2019 12:35
Update tests.py
af0a5c7
Update docker-compose.yml
0c54578
Update tests.py
627763a
Update tests.py
1524ff1
Update tests.py
4f6aaef 
Add service host for local endpoint
Update tests.py
ea1536b
Update tests.py
00a6500
Update Jenkinsfile
192f59c
Update Jenkinsfile
6843c4e
@fchauvel
Add link to the video demo
263d487
@fchauvel
Merge branch 'master' of github.com:STAMP-project/camp
87ca508
@fchauvel
Fix 100 Wrong link to the documentation
7981e1b
Docs: Point to case-study moved in the camp-samples repository
e581366
Configure: Downgrade coverage to version 4.5.4
cd6600e
Doc: Update installation Guide so it uses Python 3 (and not 2)
eef1f14
Feature: Atomic mode for CAMP generate
2fb3b21
Doc: Describe the new CLI --mode option
eb1d5bb
Preparing release 0.10.0
103e91b
Merge branch 'master' of github.com:STAMP-project/camp
646f1bf
Doc: Removing the STAMP beta-testing banners
e0aac36
Config: Update dependencies
5489718 
 - future:     0.17.1 -> 0.18.2
 - pyyaml:     5.1    -> 5.3.1
 - argparse:   1.2.1  -> 1.4.0
 - mock	       2.0.0  -> 4.0.2
 - deepdiff    3.3.0  -> 4.3.2
 - green       2.15.0 -> 3.2.0
Config: Update dependencies for Docker image
024155e 
 - Debian 9 to Debian 10
 - Python 3.5 to Python 3.7
@dependabot
Bump nokogiri from 1.10.4 to 1.12.5 in /docs
9ed3797 
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.4 to 1.12.5.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.10.4...v1.12.5)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Nov 4, 2021
@dependabot dependabot bot mentioned this pull request Nov 4, 2021
Closed
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 26, 2022

Superseded by #137.

@dependabot dependabot bot closed this Feb 26, 2022
@dependabot dependabot bot deleted the dependabot/bundler/docs/nokogiri-1.12.5 branch February 26, 2022 04:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@assadOW2 @enriquegit @danzone @fchauvel @brice-morin