2023-02-19 04:41:56 by Izumi Tsutsui | Files touched by this commit (2) | |
Log message:
ruby-nokogiri: update to 1.14.2.
Upstream changes:
https://github.com/sparklemotion/nokogiri/releases/tag/v1.14.2
1.14.2 / 2023-02-13
Fixed
* Calling NodeSet#to_html on an empty node set no longer raises an
encoding-related exception. This bug was introduced in v1.14.0 while
fixing #2649. [#2784]
|
2022-12-08 16:30:47 by Izumi Tsutsui | Files touched by this commit (2) | |
Log message:
ruby-nokogiri: update to 1.13.10.
Upstream changes:
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.10
1.13.10 / 2022-12-07
Security
* [CRuby] Address CVE-2022-23476, unchecked return value from
xmlTextReaderExpand. See GHSA-qv4q-mr5r-qprj for more information.
Improvements
* [CRuby] XML::Reader#attribute_hash now returns nil on parse errors. This
restores the behavior of #attributes from v1.13.7 and earlier. [#2715]
|
2022-11-23 17:21:30 by Adam Ciarcinski | Files touched by this commit (1878) | |
Log message:
massive revision bump after textproc/icu update
|
2022-10-30 08:43:56 by Izumi Tsutsui | Files touched by this commit (3) | |
Log message:
ruby-nokogiri: update to 1.13.9.
Upstream changes:
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.9
1.13.9 / 2022-10-18
Security
* [CRuby] Vendored libxml2 is updated to address CVE-2022-2309,
CVE-2022-40304, and CVE-2022-40303. See GHSA-2qc6-mcvw-92cw for more
information.
* [CRuby] Vendored zlib is updated to address CVE-2022-37434.
Nokogiri was not affected by this vulnerability, but this version
of zlib was being flagged up by some vulnerability scanners,
see #2626 for more information.
Dependencies
* [CRuby] Vendored libxml2 is updated to v2.10.3 from v2.9.14.
* [CRuby] Vendored libxslt is updated to v1.1.37 from v1.1.35.
* [CRuby] Vendored zlib is updated from 1.2.12 to 1.2.13.
(See LICENSE-DEPENDENCIES.md for details on which packages redistribute
this library.)
Fixed
* [CRuby] Nokogiri::XML::Namespace objects, when compacted, update
their internal struct's reference to the Ruby object wrapper.
Previously, with GC compaction enabled, a segmentation fault was
possible after compaction was
triggered. [#2658] (Thanks, @eightbitraptor and @peterzhu2118!)
* [CRuby] Document#remove_namespaces! now defers freeing the underlying
xmlNs struct until the Document is GCed. Previously, maintaining a
reference to a Namespace object that was removed in this way could
lead to a segfault. [#2658]
|
2022-10-10 05:42:14 by Takahiro Kambe | Files touched by this commit (2) |
Log message:
Remove ruby26 references.
|
2022-08-18 17:13:07 by Izumi Tsutsui | Files touched by this commit (2) | |
Log message:
ruby-nokogiri: update to 1.13.8.
Upstream changes:
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.8
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.7
1.13.8 / 2022-07-23
Deprecated
* XML::Reader#attribute_nodes is deprecated due to incompatibility between
libxml2's xmlReader memory semantics and Ruby's garbage collector. Although
this method continues to exist for backwards compatibility, it is unsafe to
call and may segfault. This method will be removed in a future version of
Nokogiri, and callers should use #attribute_hash instead. [#2598]
Improvements
* XML::Reader#attribute_hash is a new method to safely retrieve the
attributes of a node from XML::Reader. [#2598, #2599]
Fixed
* [CRuby] Calling XML::Reader#attributes is now safe to call. In Nokogiri <=
1.13.7 this method may segfault. [#2598, #2599]
1.13.7 / 2022-07-12
Fixed
XML::Node objects, when compacted, update their internal struct's reference to
the Ruby object wrapper. Previously, with GC compaction enabled, a segmentation
fault was possible after compaction was triggered. [#2578] (Thanks,
@eightbitraptor!)
|
2022-05-14 16:33:31 by Izumi Tsutsui | Files touched by this commit (3) | |
Log message:
ruby-nokogiri: update to 1.13.6.
Upstream changes:
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.5
1.13.6 / 2022-05-08
Security
* [CRuby] Address CVE-2022-29181, improper handling of unexpected data types,
related to untrusted inputs to the SAX parsers. See GHSA-xh29-r2w5-wx8m for
more information.
Improvements
* {HTML4,XML}::SAX::{Parser,ParserContext} constructor methods now raise
TypeError instead of segfaulting when an incorrect type is passed.
1.13.5 / 2022-05-04
Security
* [CRuby] Vendored libxml2 is updated to address CVE-2022-29824. See
GHSA-cgx6-hpwq-fhv5 for more information.
Dependencies
* [CRuby] Vendored libxml2 is updated from v2.9.13 to v2.9.14.
Improvements
* [CRuby] The libxml2 HTML4 parser no longer exhibits quadratic behavior when
recovering some broken markup related to start-of-tag and bare <
characters.
Changed
* [CRuby] The libxml2 HTML4 parser in v2.9.14 recovers from some broken
markup differently. Notably, the XML CDATA escape sequence <![CDATA[ and
incorrectly-opened comments will result in HTML text nodes starting with &
lt;! instead of skipping the invalid tag. This behavior is a direct result
of the quadratic-behavior fix noted above. The behavior of downstream
sanitizers relying on this behavior will also change. Some tests describing
the changed behavior are in test/html4/test_comments.rb.
|
2022-04-16 16:28:18 by Izumi Tsutsui | Files touched by this commit (2) | |
Log message:
ruby-nokogiri: update to 1.13.4.
Upstream changes:
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
1.13.4 / 2022-04-11
Security
* Address CVE-2022-24836, a regular expression denial-of-service
vulnerability. See GHSA-crjr-9rc5-ghw8 for more information.
* [CRuby] Vendored zlib is updated to address CVE-2018-25032. See
GHSA-v6gp-9mmm-c6p5 for more information.
* [JRuby] Vendored Xerces-J (xerces:xercesImpl) is updated to address
CVE-2022-23437. See GHSA-xxx9-3xcr-gjj3 for more information.
* [JRuby] Vendored nekohtml (org.cyberneko.html) is updated to address
CVE-2022-24839. See GHSA-gx8x-g87m-h5q6 for more information.
Dependencies
* [CRuby] Vendored zlib is updated from 1.2.11 to 1.2.12. (See
LICENSE-DEPENDENCIES.md for details on which packages redistribute this
library.)
* [JRuby] Vendored Xerces-J (xerces:xercesImpl) is updated from 2.12.0 to
2.12.2.
* [JRuby] Vendored nekohtml (org.cyberneko.html) is updated from a fork of
1.9.21 to 1.9.22.noko2. This fork is now publicly developed at https://
github.com/sparklemotion/nekohtml
|
2022-03-06 18:14:35 by Izumi Tsutsui | Files touched by this commit (3) | |
Log message:
ruby-nokogiri: update to 1.13.3.
Upstream changes:
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.3
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.2
1.13.3 / 2022-02-21
Fixed
* [CRuby] Revert a HTML4 parser bug in libxml 2.9.13 (introduced in Nokogiri
v1.13.2). The bug causes libxml2's HTML4 parser to fail to recover when
encountering a bare < character in some contexts. This version of Nokogiri
restores the earlier behavior, which is to recover from the parse error and
treat the < as normal character data (which will be serialized as \
< in a
text node). The bug (and the fix) is only relevant when the RECOVER parse
option is set, as it is by default. [#2461]
1.13.2 / 2022-02-21
Security
* [CRuby] Vendored libxml2 is updated from 2.9.12 to 2.9.13. This update
addresses CVE-2022-23308.
* [CRuby] Vendored libxslt is updated from 1.1.34 to 1.1.35. This update
addresses CVE-2021-30560.
Please see GHSA-fq42-c5rg-92c2 for more information about these CVEs.
Dependencies
* [CRuby] Vendored libxml2 is updated from 2.9.12 to 2.9.13. Full changelog
is available at https://download.gnome.org/sources/libxml2/2.9/
libxml2-2.9.13.news
* [CRuby] Vendored libxslt is updated from 1.1.34 to 1.1.35. Full changelog
is available at https://download.gnome.org/sources/libxslt/1.1/
libxslt-1.1.35.news
|
2022-01-16 11:12:07 by Izumi Tsutsui | Files touched by this commit (2) | |
Log message:
ruby-nokogiri: update to 1.13.1.
Upstream changes:
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.1
1.13.1 / 2022-01-13
Fixed
* Fix Nokogiri::XSLT.quote_params regression in v1.13.0 that raised an
exception when non-string stylesheet parameters were passed. Non-string
parameters (e.g., integers and symbols) are now explicitly supported and
both keys and values will be stringified with #to_s. [#2418]
* Fix HTML5 CSS selector query regression in v1.13.0 that raised an
Nokogiri::XML::XPath::SyntaxError when parsing XPath attributes mixed into
the CSS query. Although this mash-up of XPath and CSS syntax previously
worked unintentionally, it is now an officially supported feature and is
documented as such. [#2419]
|