Path to this page:
Subject: CVS commit: pkgsrc/textproc/ruby-nokogiri
From: Izumi Tsutsui
Date: 2023-05-13 20:13:43
Message id: 20230513181344.0DE5AFA87@cvs.NetBSD.org
Log Message:
ruby-nokogiri: update to 1.14.4.
Upstream changes:
https://github.com/sparklemotion/nokogiri/releases/tag/v1.14.4
https://github.com/sparklemotion/nokogiri/releases/tag/v1.14.3
1.14.4 / 2023-05-11
Dependencies
* [JRuby] Vendored Xalan-J is updated to v2.7.3. This is the first Xalan
release in nine years, and it was done to address CVE-2022-34169.
The Nokogiri maintainers wish to stress that Nokogiri users were not
vulnerable to this CVE, as we explained in GHSA-qwq9-89rg-ww72, and so
upgrading is really at the discretion of users.
This release was cut primarily so that JRuby users of v1.14.x can avoid
vulnerability scanner alerts on earlier versions of Xalan-J.
1.14.3 / 2023-04-11
Security
* [CRuby] Vendored libxml2 is updated to address CVE-2023-29469,
CVE-2023-28484, and one other security-related issue. See
GHSA-pxvg-2qj5-37jqGHSA-pxvg-2qj5-37jq for more information.
Dependencies
* [CRuby] Vendored libxml2 is updated to v2.10.4 from v2.10.3.
Files: