Log message:
ruby-nokogiri: update to 1.13.0.
Upstream changes:
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.0
1.13.0 / 2022-01-06
Notes
Ruby
This release introduces native gem support for Ruby 3.1. Please note that
Windows users should use the x64-mingw-ucrt platform gem for Ruby 3.1, and
x64-mingw32 for Ruby 2.6-3.0 (see RubyInstaller 3.1.0 release notes).
This release ends support for:
* Ruby 2.5, for which official support ended 2021-03-31.
* JRuby 9.2, which is a Ruby 2.5-compatible release.
Faster, more reliable installation: Native Gem for ARM64 Linux
This version of Nokogiri ships experimental native gem support for the
aarch64-linux platform, which should support AWS Graviton and other ARM Linux
platforms. We don't yet have CI running for this platform, and so we're
interested in hearing back from y'all whether this is working, and what
problems you're seeing. Please send us feedback here: Feedback: Have you used
the aarch64-linux native gem?
Publishing
This version of Nokogiri opts-in to the "MFA required to publish" \
setting on
Rubygems.org. This and all future Nokogiri gem files must be published to
Rubygems by an account with multi-factor authentication enabled. This should
provide some additional protection against supply-chain attacks.
A related discussion about Trust exists at #2357 in which I invite you to
participate if you have feelings or opinions on this topic.
Dependencies
* [CRuby] Vendored libiconv is updated from 1.15 to 1.16. (Note that libiconv
is only redistributed in the native windows and native darwin gems, see
LICENSE-DEPENDENCIES.md for more information.) [#2206]
* [CRuby] Upgrade mini_portile2 dependency from ~> 2.6.1 to ~> 2.7.0. \
("ruby"
platform gem only.)
Improved
* {XML,HTML4}::DocumentFragment constructors all now take an optional parse
options parameter or block (similar to Document constructors). [#1692]
(Thanks, @JackMc!)
* Nokogiri::CSS.xpath_for allows an XPathVisitor to be injected, for
finer-grained control over how CSS queries are translated into XPath.
* [CRuby] XML::Reader#encoding will return the encoding detected by the
parser when it's not passed to the constructor. [#980]
* [CRuby] Handle abruptly-closed HTML comments as recommended by WHATWG.
(Thanks to tehryanx for reporting!)
* [CRuby] Node#line is no longer capped at 65535. libxml v2.9.0 and later
support a new parse option, exposed as
Nokogiri::XML::ParseOptions::PARSE_BIG_LINES, which is turned on by default
in ParseOptions::DEFAULT_{XML,XSLT,HTML,SCHEMA} (Note that JRuby already
supported large line numbers.) [#1764, #1493, #1617, #1505, #1003, #533]
* [CRuby] If a cycle is introduced when reparenting a node (i.e., the node
becomes its own ancestor), a RuntimeError is raised. libxml2 does no
checking for this, which means cycles would otherwise result in infinite
loops on subsequent operations. (Note that JRuby already did this.) [#1912]
* [CRuby] Source builds will download zlib and libiconv via HTTPS. \
("ruby"
platform gem only.) [#2391] (Thanks, @jmartin-r7!)
* [JRuby] Node#line behavior has been modified to return the line number of
the node in the final DOM structure. This behavior is different from CRuby,
which returns the node's position in the input string. Ideally the two
implementations would be the same, but at least is now officially
documented and tested. The real-world impact of this change is that the
value returned in JRuby is greater by 1 to account for the XML prolog in
the output. [#2380] (Thanks, @dabdine!)
Fixed
* CSS queries on HTML5 documents now correctly match foreign elements (SVG,
MathML) when namespaces are not specified in the query. [#2376]
* XML::Builder blocks restore context properly when exceptions are raised.
[#2372] (Thanks, @ric2b and @rinthedev!)
* The Nokogiri::CSS::Parser cache now uses the XPathVisitor configuration as
part of the cache key, preventing incorrect cache results from being
returned when multiple XPathVisitor options are being used.
* Error recovery from in-context parsing (e.g., Node#parse) now always uses
the correct DocumentFragment class. Previously
Nokogiri::HTML4::DocumentFragment was always used, even for XML documents.
[#1158]
* DocumentFragment#> now works properly, matching a CSS selector against only
the fragment roots. [#1857]
* XML::DocumentFragment#errors now correctly contains any parsing errors
encountered. Previously this was always empty. (Note that
HTML::DocumentFragment#errors already did this.)
* [CRuby] Fix memory leak in Document#canonicalize when inclusive namespaces
are passed in. [#2345]
* [CRuby] Fix memory leak in Document#canonicalize when an argument type
error is raised. [#2345]
* [CRuby] Fix memory leak in EncodingHandler where iconv handlers were not
being cleaned up. [#2345]
* [CRuby] Fix memory leak in XPath custom handlers where string arguments
were not being cleaned up. [#2345]
* [CRuby] Fix memory leak in Reader#base_uri where the string returned by
libxml2 was not freed. [#2347]
* [JRuby] Deleting a Namespace from a NodeSet no longer modifies the href to
be the default namespace URL.
* [JRuby] Fix XHTML formatting of closing tags for non-container elements.
[#2355]
Deprecated
* Passing a Nokogiri::XML::Node as the second parameter to Node.new is
deprecated and will generate a warning. This parameter should be a kind of
Nokogiri::XML::Document. This will become an error in a future version of
Nokogiri. [#975]
* Nokogiri::CSS::Parser, Nokogiri::CSS::Tokenizer, and Nokogiri::CSS::Node
are now internal-only APIs that are no longer documented, and should not be
considered stable. With the introduction of XPathVisitor injection into
Nokogiri::CSS.xpath_for there should be no reason to rely on these internal
APIs.
* CSS-to-XPath utility classes Nokogiri::CSS::XPathVisitorAlwaysUseBuiltins
and XPathVisitorOptimallyUseBuiltins are deprecated. Prefer
Nokogiri::CSS::XPathVisitor with appropriate constructor arguments. These
classes will be removed in a future version of Nokogiri.
|
Log message:
ruby-nokogiri: update to 1.12.5.
Upstream changes:
https://github.com/sparklemotion/nokogiri/releases/tag/v1.12.5
1.12.5 / 2021-09-27
Security
[JRuby] Address CVE-2021-41098 (GHSA-2rr5-8q37-2w7h).
In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parsers resolve
external entities (XXE) by default. This fix turns off
entity-resolution-by-default in the JRuby SAX parsers to match the CRuby SAX
parsers' behavior.
CRuby users are not affected by this CVE.
Fixed
* [CRuby] Document#to_xhtml properly serializes self-closing tags in libxml >
2.9.10. A behavior change introduced in libxml 2.9.11 resulted in emitting
start and and tags (e.g., <br></br>) instead of a self-closing \
tag (e.g.,
<br/>) in previous Nokogiri versions. [#2324]
|
Log message:
ruby-nokogiri: update to 1.12.4.
Upstream changes
https://github.com/sparklemotion/nokogiri/releases/tag/v1.12.4
1.12.4 / 2021-08-29
Notable fix: Namespace inheritance
Namespace behavior when reparenting nodes has historically been poorly
specified and the behavior diverged between CRuby and JRuby. As a result,
making this behavior consistent in v1.12.0 introduced a breaking change.
This patch release reverts the Builder behavior present in v1.12.0..v1.12.3 but
keeps the Document behavior. This release also introduces a Document attribute
to allow affected users to easily change this behavior for their legacy code
without invasive changes.
Compensating Feature in XML::Document
This release of Nokogiri introduces a new Document boolean attribute,
namespace_inheritance, which controls whether children should inherit a
namespace when they are reparented. Nokogiri::XML:Document defaults this
attribute to false meaning "do not inherit," thereby making explicit the
behavior change introduced in v1.12.0.
CRuby users who desire the pre-v1.12.0 behavior may set
document.namespace_inheritance = true before reparenting nodes.
See https://nokogiri.org/rdoc/Nokogiri/XML/Document.html#
namespace_inheritance-instance_method for example usage.
Fix for XML::Builder
However, recognizing that we want Builder-created children to inherit
namespaces, Builder now will set namespace_inheritance=true on the underlying
document for both JRuby and CRuby. This means that, on CRuby, the pre-v1.12.0
behavior is restored.
Users who want to turn this behavior off may pass a keyword argument to the
Builder constructor like so:
Nokogiri::XML::Builder.new(namespace_inheritance: false)
See https://nokogiri.org/rdoc/Nokogiri/XML/Builder.html#
label-Namespace+inheritance for example usage.
Downstream gem maintainers
Note that any downstream gems may want to specifically omit Nokogiri
v1.12.0--v1.12.3 from their dependency specification if they rely on child
namespace inheritance:
Gem::Specification.new do |gem|
# ...
gem.add_runtime_dependency 'nokogiri', '!=1.12.3', '!=1.12.2', '!=1.12.1', \
'!=1.12.0'
# ...
end
Fixed
* [JRuby] Fix NPE in Schema parsing when an imported resource doesn't have a
systemId. [#2296] (Thanks, @pepijnve!)
|