Subject: CVS commit: pkgsrc/textproc/ruby-nokogiri
From: Izumi Tsutsui
Date: 2022-04-16 16:28:18
Message id: 20220416142818.58282FB19@cvs.NetBSD.org
Log Message:
ruby-nokogiri: update to 1.13.4.

Upstream changes:
 https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4

1.13.4 / 2022-04-11

Security

  * Address CVE-2022-24836, a regular expression denial-of-service
    vulnerability. See GHSA-crjr-9rc5-ghw8 for more information.
  * [CRuby] Vendored zlib is updated to address CVE-2018-25032. See
    GHSA-v6gp-9mmm-c6p5 for more information.
  * [JRuby] Vendored Xerces-J (xerces:xercesImpl) is updated to address
    CVE-2022-23437. See GHSA-xxx9-3xcr-gjj3 for more information.
  * [JRuby] Vendored nekohtml (org.cyberneko.html) is updated to address
    CVE-2022-24839. See GHSA-gx8x-g87m-h5q6 for more information.

Dependencies

  * [CRuby] Vendored zlib is updated from 1.2.11 to 1.2.12. (See
    LICENSE-DEPENDENCIES.md for details on which packages redistribute this
    library.)
  * [JRuby] Vendored Xerces-J (xerces:xercesImpl) is updated from 2.12.0 to
    2.12.2.
  * [JRuby] Vendored nekohtml (org.cyberneko.html) is updated from a fork of
    1.9.21 to 1.9.22.noko2. This fork is now publicly developed at https://
    github.com/sparklemotion/nekohtml
Files:
RevisionActionfile
1.70modifypkgsrc/textproc/ruby-nokogiri/Makefile
1.50modifypkgsrc/textproc/ruby-nokogiri/distinfo