Subject: CVS commit: pkgsrc/textproc/ruby-nokogiri
From: Izumi Tsutsui
Date: 2022-03-06 18:14:35
Message id: 20220306171435.23497FB24@cvs.NetBSD.org
Log Message:
ruby-nokogiri: update to 1.13.3.

Upstream changes:
 https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.3
 https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.2

1.13.3 / 2022-02-21

Fixed

  * [CRuby] Revert a HTML4 parser bug in libxml 2.9.13 (introduced in Nokogiri
    v1.13.2). The bug causes libxml2's HTML4 parser to fail to recover when
    encountering a bare < character in some contexts. This version of Nokogiri
    restores the earlier behavior, which is to recover from the parse error and
    treat the < as normal character data (which will be serialized as \ 
&lt; in a
    text node). The bug (and the fix) is only relevant when the RECOVER parse
    option is set, as it is by default. [#2461]

1.13.2 / 2022-02-21

Security

  * [CRuby] Vendored libxml2 is updated from 2.9.12 to 2.9.13. This update
    addresses CVE-2022-23308.
  * [CRuby] Vendored libxslt is updated from 1.1.34 to 1.1.35. This update
    addresses CVE-2021-30560.

Please see GHSA-fq42-c5rg-92c2 for more information about these CVEs.

Dependencies

  * [CRuby] Vendored libxml2 is updated from 2.9.12 to 2.9.13. Full changelog
    is available at https://download.gnome.org/sources/libxml2/2.9/
    libxml2-2.9.13.news
  * [CRuby] Vendored libxslt is updated from 1.1.34 to 1.1.35. Full changelog
    is available at https://download.gnome.org/sources/libxslt/1.1/
    libxslt-1.1.35.news
Files:
RevisionActionfile
1.69modifypkgsrc/textproc/ruby-nokogiri/Makefile
1.36modifypkgsrc/textproc/ruby-nokogiri/PLIST
1.49modifypkgsrc/textproc/ruby-nokogiri/distinfo