Next | Query returned 91 messages, browsing 11 to 20 | Previous

History of commit frequency

CVS Commit History:


   2023-02-19 04:41:56 by Izumi Tsutsui | Files touched by this commit (2) | Package updated
Log message:
ruby-nokogiri: update to 1.14.2.

Upstream changes:
 https://github.com/sparklemotion/nokogiri/releases/tag/v1.14.2

1.14.2 / 2023-02-13

Fixed

  * Calling NodeSet#to_html on an empty node set no longer raises an
    encoding-related exception. This bug was introduced in v1.14.0 while
    fixing #2649. [#2784]
   2022-12-08 16:30:47 by Izumi Tsutsui | Files touched by this commit (2) | Package updated
Log message:
ruby-nokogiri: update to 1.13.10.

Upstream changes:
 https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.10

1.13.10 / 2022-12-07

Security

  * [CRuby] Address CVE-2022-23476, unchecked return value from
    xmlTextReaderExpand. See GHSA-qv4q-mr5r-qprj for more information.

Improvements

  * [CRuby] XML::Reader#attribute_hash now returns nil on parse errors. This
    restores the behavior of #attributes from v1.13.7 and earlier. [#2715]
   2022-11-23 17:21:30 by Adam Ciarcinski | Files touched by this commit (1878) | Package updated
Log message:
massive revision bump after textproc/icu update
   2022-10-30 08:43:56 by Izumi Tsutsui | Files touched by this commit (3) | Package updated
Log message:
ruby-nokogiri: update to 1.13.9.

Upstream changes:
 https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.9

1.13.9 / 2022-10-18

Security

  * [CRuby] Vendored libxml2 is updated to address CVE-2022-2309,
    CVE-2022-40304, and CVE-2022-40303. See GHSA-2qc6-mcvw-92cw for more
    information.
  * [CRuby] Vendored zlib is updated to address CVE-2022-37434.
    Nokogiri was not affected by this vulnerability, but this version
    of zlib was being flagged up by some vulnerability scanners,
    see #2626 for more information.

Dependencies

  * [CRuby] Vendored libxml2 is updated to v2.10.3 from v2.9.14.
  * [CRuby] Vendored libxslt is updated to v1.1.37 from v1.1.35.
  * [CRuby] Vendored zlib is updated from 1.2.12 to 1.2.13.
    (See LICENSE-DEPENDENCIES.md for details on which packages redistribute
    this library.)

Fixed

  * [CRuby] Nokogiri::XML::Namespace objects, when compacted, update
    their internal struct's reference to the Ruby object wrapper.
    Previously, with GC compaction enabled, a segmentation fault was
    possible after compaction was
    triggered. [#2658] (Thanks, @eightbitraptor and @peterzhu2118!)
  * [CRuby] Document#remove_namespaces! now defers freeing the underlying
    xmlNs struct until the Document is GCed. Previously, maintaining a
    reference to a Namespace object that was removed in this way could
    lead to a segfault. [#2658]
   2022-10-10 05:42:14 by Takahiro Kambe | Files touched by this commit (2)
Log message:
Remove ruby26 references.
   2022-08-18 17:13:07 by Izumi Tsutsui | Files touched by this commit (2) | Package updated
Log message:
ruby-nokogiri: update to 1.13.8.

Upstream changes:
 https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.8
 https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.7

1.13.8 / 2022-07-23

Deprecated

  * XML::Reader#attribute_nodes is deprecated due to incompatibility between
    libxml2's xmlReader memory semantics and Ruby's garbage collector. Although
    this method continues to exist for backwards compatibility, it is unsafe to
    call and may segfault. This method will be removed in a future version of
    Nokogiri, and callers should use #attribute_hash instead. [#2598]

Improvements

  * XML::Reader#attribute_hash is a new method to safely retrieve the
    attributes of a node from XML::Reader. [#2598, #2599]

Fixed

  * [CRuby] Calling XML::Reader#attributes is now safe to call. In Nokogiri <=
    1.13.7 this method may segfault. [#2598, #2599]

1.13.7 / 2022-07-12

Fixed

XML::Node objects, when compacted, update their internal struct's reference to
the Ruby object wrapper. Previously, with GC compaction enabled, a segmentation
fault was possible after compaction was triggered. [#2578] (Thanks,
@eightbitraptor!)
   2022-05-14 16:33:31 by Izumi Tsutsui | Files touched by this commit (3) | Package updated
Log message:
ruby-nokogiri: update to 1.13.6.

Upstream changes:
 https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6
 https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.5

1.13.6 / 2022-05-08

Security

  * [CRuby] Address CVE-2022-29181, improper handling of unexpected data types,
    related to untrusted inputs to the SAX parsers. See GHSA-xh29-r2w5-wx8m for
    more information.

Improvements

  * {HTML4,XML}::SAX::{Parser,ParserContext} constructor methods now raise
    TypeError instead of segfaulting when an incorrect type is passed.

1.13.5 / 2022-05-04

Security

  * [CRuby] Vendored libxml2 is updated to address CVE-2022-29824. See
    GHSA-cgx6-hpwq-fhv5 for more information.

Dependencies

  * [CRuby] Vendored libxml2 is updated from v2.9.13 to v2.9.14.

Improvements

  * [CRuby] The libxml2 HTML4 parser no longer exhibits quadratic behavior when
    recovering some broken markup related to start-of-tag and bare <
    characters.

Changed

  * [CRuby] The libxml2 HTML4 parser in v2.9.14 recovers from some broken
    markup differently. Notably, the XML CDATA escape sequence <![CDATA[ and
    incorrectly-opened comments will result in HTML text nodes starting with &
    lt;! instead of skipping the invalid tag. This behavior is a direct result
    of the quadratic-behavior fix noted above. The behavior of downstream
    sanitizers relying on this behavior will also change. Some tests describing
    the changed behavior are in test/html4/test_comments.rb.
   2022-04-16 16:28:18 by Izumi Tsutsui | Files touched by this commit (2) | Package updated
Log message:
ruby-nokogiri: update to 1.13.4.

Upstream changes:
 https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4

1.13.4 / 2022-04-11

Security

  * Address CVE-2022-24836, a regular expression denial-of-service
    vulnerability. See GHSA-crjr-9rc5-ghw8 for more information.
  * [CRuby] Vendored zlib is updated to address CVE-2018-25032. See
    GHSA-v6gp-9mmm-c6p5 for more information.
  * [JRuby] Vendored Xerces-J (xerces:xercesImpl) is updated to address
    CVE-2022-23437. See GHSA-xxx9-3xcr-gjj3 for more information.
  * [JRuby] Vendored nekohtml (org.cyberneko.html) is updated to address
    CVE-2022-24839. See GHSA-gx8x-g87m-h5q6 for more information.

Dependencies

  * [CRuby] Vendored zlib is updated from 1.2.11 to 1.2.12. (See
    LICENSE-DEPENDENCIES.md for details on which packages redistribute this
    library.)
  * [JRuby] Vendored Xerces-J (xerces:xercesImpl) is updated from 2.12.0 to
    2.12.2.
  * [JRuby] Vendored nekohtml (org.cyberneko.html) is updated from a fork of
    1.9.21 to 1.9.22.noko2. This fork is now publicly developed at https://
    github.com/sparklemotion/nekohtml
   2022-03-06 18:14:35 by Izumi Tsutsui | Files touched by this commit (3) | Package updated
Log message:
ruby-nokogiri: update to 1.13.3.

Upstream changes:
 https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.3
 https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.2

1.13.3 / 2022-02-21

Fixed

  * [CRuby] Revert a HTML4 parser bug in libxml 2.9.13 (introduced in Nokogiri
    v1.13.2). The bug causes libxml2's HTML4 parser to fail to recover when
    encountering a bare < character in some contexts. This version of Nokogiri
    restores the earlier behavior, which is to recover from the parse error and
    treat the < as normal character data (which will be serialized as \ 
&lt; in a
    text node). The bug (and the fix) is only relevant when the RECOVER parse
    option is set, as it is by default. [#2461]

1.13.2 / 2022-02-21

Security

  * [CRuby] Vendored libxml2 is updated from 2.9.12 to 2.9.13. This update
    addresses CVE-2022-23308.
  * [CRuby] Vendored libxslt is updated from 1.1.34 to 1.1.35. This update
    addresses CVE-2021-30560.

Please see GHSA-fq42-c5rg-92c2 for more information about these CVEs.

Dependencies

  * [CRuby] Vendored libxml2 is updated from 2.9.12 to 2.9.13. Full changelog
    is available at https://download.gnome.org/sources/libxml2/2.9/
    libxml2-2.9.13.news
  * [CRuby] Vendored libxslt is updated from 1.1.34 to 1.1.35. Full changelog
    is available at https://download.gnome.org/sources/libxslt/1.1/
    libxslt-1.1.35.news
   2022-01-16 11:12:07 by Izumi Tsutsui | Files touched by this commit (2) | Package updated
Log message:
ruby-nokogiri: update to 1.13.1.

Upstream changes:
 https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.1

1.13.1 / 2022-01-13

Fixed

  * Fix Nokogiri::XSLT.quote_params regression in v1.13.0 that raised an
    exception when non-string stylesheet parameters were passed. Non-string
    parameters (e.g., integers and symbols) are now explicitly supported and
    both keys and values will be stringified with #to_s. [#2418]
  * Fix HTML5 CSS selector query regression in v1.13.0 that raised an
    Nokogiri::XML::XPath::SyntaxError when parsing XPath attributes mixed into
    the CSS query. Although this mash-up of XPath and CSS syntax previously
    worked unintentionally, it is now an officially supported feature and is
    documented as such. [#2419]

Next | Query returned 91 messages, browsing 11 to 20 | Previous