Path to this page:
Subject: CVS commit: pkgsrc/textproc/ruby-nokogiri
From: Izumi Tsutsui
Date: 2022-04-16 16:28:18
Message id: 20220416142818.58282FB19@cvs.NetBSD.org
Log Message:
ruby-nokogiri: update to 1.13.4.
Upstream changes:
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
1.13.4 / 2022-04-11
Security
* Address CVE-2022-24836, a regular expression denial-of-service
vulnerability. See GHSA-crjr-9rc5-ghw8 for more information.
* [CRuby] Vendored zlib is updated to address CVE-2018-25032. See
GHSA-v6gp-9mmm-c6p5 for more information.
* [JRuby] Vendored Xerces-J (xerces:xercesImpl) is updated to address
CVE-2022-23437. See GHSA-xxx9-3xcr-gjj3 for more information.
* [JRuby] Vendored nekohtml (org.cyberneko.html) is updated to address
CVE-2022-24839. See GHSA-gx8x-g87m-h5q6 for more information.
Dependencies
* [CRuby] Vendored zlib is updated from 1.2.11 to 1.2.12. (See
LICENSE-DEPENDENCIES.md for details on which packages redistribute this
library.)
* [JRuby] Vendored Xerces-J (xerces:xercesImpl) is updated from 2.12.0 to
2.12.2.
* [JRuby] Vendored nekohtml (org.cyberneko.html) is updated from a fork of
1.9.21 to 1.9.22.noko2. This fork is now publicly developed at https://
github.com/sparklemotion/nekohtml
Files: