mirror of
https://github.com/matrix-org/dendrite
synced 2024-11-09 19:31:11 +01:00
11 commits
Author | SHA1 | Message | Date | |
---|---|---|---|---|
dependabot[bot]
|
58bc289a37
|
Bump nokogiri from 1.14.3 to 1.16.2 in /docs (#3319)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.14.3 to 1.16.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/releases">nokogiri's releases</a>.</em></p> <blockquote> <h2>v1.16.2 / 2024-02-04</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j">GHSA-xc9x-jj77-9p9j</a> for more information.</li> </ul> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5">v2.12.5</a> from v2.12.4. (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> </ul> <hr /> <p>sha256 checksums:</p> <pre><code>69ba15d2a2498324489ed63850997f0b8f684260114ea81116d3082f16551d2d nokogiri-1.16.2-aarch64-linux.gem 6a05ce42e3587a40cf8936ece0beaa5d32922254215d2e8cf9ad40588bb42e57 nokogiri-1.16.2-arm-linux.gem c957226c8e36b31be6a3afb8602e2128282bf8b40ea51016c4cd21aa2608d3f8 nokogiri-1.16.2-arm64-darwin.gem 122652bfc338cd8a54a692ac035e245e41fd3b8283299202ca26e7a7d50db310 nokogiri-1.16.2-java.gem 7344b5072ca69fc5bedb61cb01a3b765b93a27aae5a2a845c2ba7200e4345074 nokogiri-1.16.2-x64-mingw-ucrt.gem a2a5e184a424111a0d5b77947986484920ad708009c667f061e8d02035c562dd nokogiri-1.16.2-x64-mingw32.gem 833efddeb51a6c2c9f6356295623c2b2e0d50050d468695c59bd929162953323 nokogiri-1.16.2-x86-linux.gem e67fc0418dffaff9dc8b1dc65f0605282c3fee9488832d0223b620b4319e0b53 nokogiri-1.16.2-x86-mingw32.gem 5def799e5f139f21a79d7cf71172313a7b6fb0e4b2a31ab9bd5d4ad305994539 nokogiri-1.16.2-x86_64-darwin.gem 5b146240ac6ec6c40fd4367623e74442bca45a542bd3282b1d4d18b07b8e5dfe nokogiri-1.16.2-x86_64-linux.gem 68922ee5cde27497d995c46f2821957bae961947644eed2822d173daf7567f9c nokogiri-1.16.2.gem </code></pre> <h2>v1.16.1 / 2024-02-03</h2> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.4">v2.12.4</a> from v2.12.3. (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> </ul> <h3>Fixed</h3> <ul> <li>[CRuby] <code>XML::Reader</code> defaults the encoding to UTF-8 if it's not specified in either the document or as a method parameter. Previously non-ASCII characters were serialized as NCRs in this case. <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2891">#2891</a> (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> <li>[CRuby] Restored support for compilation by GCC versions earlier than 4.6, which was broken in v1.15.0 (540e9aee). <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3090">#3090</a> (<a href="https://github.com/adfoster-r7"><code>@adfoster-r7</code></a>)</li> <li>[CRuby] Patched upstream libxml2 to allow parsing HTML5 in the context of a namespaced node (e.g., foreign content like MathML). [#3112, <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3116">#3116</a>] (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> <li>[CRuby] Fixed a small memory leak in libgumbo (HTML5 parser) when the maximum tree depth limit is hit. [#3098, <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3100">#3100</a>] (<a href="https://github.com/stevecheckoway"><code>@stevecheckoway</code></a>)</li> </ul> <hr /> <p>sha256 checksums:</p> <pre><code>a541f35e5b9798a0c97300f9ee18f4217da2a2945a6d5499e4123b9018f9cafc nokogiri-1.16.1-aarch64-linux.gem 6b82affd195000ab2f9c36cc08744ec2d2fcf6d8da88d59a2db67e83211f7c69 nokogiri-1.16.1-arm-linux.gem </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md">nokogiri's changelog</a>.</em></p> <blockquote> <h2>v1.16.2 / 2024-02-04</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j">GHSA-xc9x-jj77-9p9j</a> for more information.</li> </ul> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5">v2.12.5</a> from v2.12.4. (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> </ul> <h2>v1.16.1 / 2024-02-03</h2> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.4">v2.12.4</a> from v2.12.3. (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> </ul> <h3>Fixed</h3> <ul> <li>[CRuby] <code>XML::Reader</code> defaults the encoding to UTF-8 if it's not specified in either the document or as a method parameter. Previously non-ASCII characters were serialized as NCRs in this case. <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2891">#2891</a> (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> <li>[CRuby] Restored support for compilation by GCC versions earlier than 4.6, which was broken in v1.15.0 (540e9aee). <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3090">#3090</a> (<a href="https://github.com/adfoster-r7"><code>@adfoster-r7</code></a>)</li> <li>[CRuby] Patched upstream libxml2 to allow parsing HTML5 in the context of a namespaced node (e.g., foreign content like MathML). [#3112, <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3116">#3116</a>] (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</li> <li>[CRuby] Fixed a small memory leak in libgumbo (HTML5 parser) when the maximum tree depth limit is hit. [#3098, <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3100">#3100</a>] (<a href="https://github.com/stevecheckoway"><code>@stevecheckoway</code></a>)</li> </ul> <h2>v1.16.0 / 2023-12-27</h2> <h3>Notable Changes</h3> <h4>Ruby</h4> <p>This release introduces native gem support for Ruby 3.3.</p> <p>This release ends support for Ruby 2.7, for which <a href="https://www.ruby-lang.org/en/downloads/branches/">upstream support ended 2023-03-31</a>.</p> <h4>Pattern matching</h4> <p>This version marks <em>official support</em> for the pattern matching API in <code>XML::Attr</code>, <code>XML::Document</code>, <code>XML::DocumentFragment</code>, <code>XML::Namespace</code>, <code>XML::Node</code>, and <code>XML::NodeSet</code> (and their subclasses), originally introduced as an experimental feature in v1.14.0. (<a href="https://github.com/flavorjones"><code>@flavorjones</code></a>)</p> <p>Documentation on what can be matched:</p> <ul> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/Attr.html?h=deconstruct#method-i-deconstruct_keys"><code>XML::Attr#deconstruct_keys</code></a></li> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/Document.html?h=deconstruct#method-i-deconstruct_keys"><code>XML::Document#deconstruct_keys</code></a></li> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/Namespace.html?h=deconstruct+namespace#method-i-deconstruct_keys"><code>XML::Namespace#deconstruct_keys</code></a></li> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/Node.html?h=deconstruct#method-i-deconstruct_keys"><code>XML::Node#deconstruct_keys</code></a></li> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/DocumentFragment.html?h=deconstruct#method-i-deconstruct"><code>XML::DocumentFragment#deconstruct</code></a></li> <li><a href="https://nokogiri.org/rdoc/Nokogiri/XML/NodeSet.html?h=deconstruct#method-i-deconstruct"><code>XML::NodeSet#deconstruct</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
dependabot[bot]
|
43b1ddb89b
|
Bump commonmarker from 0.23.9 to 0.23.10 in /docs (#3172)
Bumps [commonmarker](https://github.com/gjtorikian/commonmarker) from 0.23.9 to 0.23.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gjtorikian/commonmarker/releases">commonmarker's releases</a>.</em></p> <blockquote> <h2>v0.23.10</h2> <h2>What's Changed</h2> <ul> <li>Update to 0.29.0.gfm.13 by <a href="https://github.com/anticomputer"><code>@anticomputer</code></a> in <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/247">gjtorikian/commonmarker#247</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.9...v0.23.10">https://github.com/gjtorikian/commonmarker/compare/v0.23.9...v0.23.10</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/gjtorikian/commonmarker/blob/v0.23.10/CHANGELOG.md">commonmarker's changelog</a>.</em></p> <blockquote> <h2>[v0.23.10] (2023-07-31)</h2> <ul> <li>Update GFM release to <a href="https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.12"><code>0.29.0.gfm.12</code></a> and <a href="https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.13"><code>0.29.0.gfm.13</code></a>, thereby <a href="https://github.com/github/cmark-gfm/security/advisories/GHSA-w4qg-3vf7-m9x5">fixing a polynomial time complexity security vulnerability</a>.</li> <li>Of note to users of this library, GFM releases <code>0.29.0.gfm.12</code> and <code>0.29.0.gfm.13</code> also: <ul> <li>Normalized marker row vs. delimiter row nomenclature (<a href="https://redirect.github.com/github/cmark-gfm/pull/273">#273</a>)</li> <li>Exposed CMARK_NODE_FOOTNOTE_DEFINITION literal value (<a href="https://redirect.github.com/github/cmark-gfm/pull/336">#336</a>)</li> </ul> </li> </ul> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v0.23.4">v0.23.4</a> (2022-03-03)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.2...v0.23.4">Full Changelog</a></p> <p><strong>Fixed bugs:</strong></p> <ul> <li><code>#render_html</code> way slower than <code>#render_doc.to_html</code> <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/141">#141</a></li> </ul> <p><strong>Closed issues:</strong></p> <ul> <li>allow keeping text content of unknown tags <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/169">#169</a></li> <li>STRIKETHROUGH_DOUBLE_TILDE not working <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/168">#168</a></li> <li>Allow disabling 4-space code blocks <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/167">#167</a></li> <li>tables with escaped pipes are not recognized <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/166">#166</a></li> </ul> <p><strong>Merged pull requests:</strong></p> <ul> <li>CI: Drop a duplicate 'bundle install' <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/173">#173</a> (<a href="https://github.com/olleolleolle">olleolleolle</a>)</li> <li>CI: Drop duplicate bundle install <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/172">#172</a> (<a href="https://github.com/olleolleolle">olleolleolle</a>)</li> <li>Fixup benchmark and speedup a little, fixes <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/141">#141</a> <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/171">#171</a> (<a href="https://github.com/ojab">ojab</a>)</li> </ul> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v0.23.2">v0.23.2</a> (2021-09-17)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.1...v0.23.2">Full Changelog</a></p> <p><strong>Merged pull requests:</strong></p> <ul> <li>Update GFM release to <code>0.29.0.gfm.2</code> <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/148">#148</a> (<a href="https://github.com/phillmv">phillmv</a>)</li> </ul> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v0.23.1">v0.23.1</a> (2021-09-03)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.0...v0.23.1">Full Changelog</a></p> <p><strong>Closed issues:</strong></p> <ul> <li>Incorrect processing of list and next block of code <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/146">#146</a></li> </ul> <p><strong>Merged pull requests:</strong></p> <ul> <li>Normalize parse and render options <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/145">#145</a> (<a href="https://github.com/phillmv">phillmv</a>)</li> </ul> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v0.23.0">v0.23.0</a> (2021-08-30)</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
dependabot[bot]
|
914e6145a5
|
Bump nokogiri from 1.13.10 to 1.14.3 in /docs (#3055)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.10 to 1.14.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/releases">nokogiri's releases</a>.</em></p> <blockquote> <h2>1.14.3 / 2023-04-11</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to address CVE-2023-29469, CVE-2023-28484, and one other security-related issue. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-pxvg-2qj5-37jq">GHSA-pxvg-2qj5-37jqGHSA-pxvg-2qj5-37jq</a> for more information.</li> </ul> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4">v2.10.4</a> from v2.10.3.</li> </ul> <hr /> <p>sha256 checksums:</p> <pre><code>9cc53dd8d92868a0f5bcee44396357a19f95e32d8b9754092622a25bc954c60c nokogiri-1.14.3-aarch64-linux.gem 320fa1836b8e59e86a804baee534893bcf3b901cc255bbec6d87f3dd3e431610 nokogiri-1.14.3-arm-linux.gem 67dd4ac33a8cf0967c521fa57e5a5422db39da8a9d131aaa2cd53deaa12be4cd nokogiri-1.14.3-arm64-darwin.gem 13969ec7f41d9cff46fc7707224c55490a519feef7cfea727c6945c5b444caa2 nokogiri-1.14.3-java.gem 9885085249303461ee08f9a9b161d0a570391b8f5be0316b3ac5a6d9a947e1e2 nokogiri-1.14.3-x64-mingw-ucrt.gem 997943d7582a23ad6e7a0abe081d0d40d2c1319a6b2749f9b30fd18037f0c38a nokogiri-1.14.3-x64-mingw32.gem 58c30b763aebd62dc4222385509d7f83ac398ee520490fadc4b6d7877e29895a nokogiri-1.14.3-x86-linux.gem e1d58a5c56c34aab71b00901a969e19bf9f7322ee459b4e9380f433213887c04 nokogiri-1.14.3-x86-mingw32.gem f0a1ed1460a91fd2daf558357f4c0ceac6d994899da1bf98431aeda301e4dc74 nokogiri-1.14.3-x86_64-darwin.gem e323a7c654ef846e64582fb6e26f6fed869a96753f8e048ff723e74d8005cb11 nokogiri-1.14.3-x86_64-linux.gem 3b1cee0eb8879e9e25b6dd431be597ca68f20283b0d4f4ca986521fad107dc3a nokogiri-1.14.3.gem </code></pre> <h2>1.14.2 / 2023-02-13</h2> <h3>Fixed</h3> <ul> <li>Calling <code>NodeSet#to_html</code> on an empty node set no longer raises an encoding-related exception. This bug was introduced in v1.14.0 while fixing <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2649">#2649</a>. [<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2784">#2784</a>]</li> </ul> <hr /> <p>sha256 checksums:</p> <pre lang="text"><code>966acf4f6c1fba10518f86498141cf44265564ac5a65dcc8496b65f8c354f776 nokogiri-1.14.2-aarch64-linux.gem 8a3a35cadae4a800ddc0b967394257343d62196d9d059b54e38cf067981db428 nokogiri-1.14.2-arm-linux.gem 81404cd014ecb597725c3847523c2ee365191a968d0b5f7d857e03f388c57631 nokogiri-1.14.2-arm64-darwin.gem 0a39222af14e75eb0243e8d969345e03b90c0e02b0f33c61f1ebb6ae53538bb5 nokogiri-1.14.2-java.gem 62a18f9213a0ceeaf563d1bc7ccfd93273323c4356ded58a5617c59bc4635bc5 nokogiri-1.14.2-x64-mingw-ucrt.gem 54f6ac2c15a7a88f431bb5e23f4616aa8fc97a92eb63336bcf65b7050f2d3be0 nokogiri-1.14.2-x64-mingw32.gem c42fa0856f01f901954898e28c3c2b4dce0e843056b1b126f441d06e887e1b77 nokogiri-1.14.2-x86-linux.gem f940d9c8e47b0f19875465376f2d1c8911bc9489ac9a48c124579819dc4a7f19 nokogiri-1.14.2-x86-mingw32.gem 2508978f5ca28944919973f6300f0a7355fbe72604ab6a6913f1630be1030265 nokogiri-1.14.2-x86_64-darwin.gem bc6405e1f3ddac6e401f82d775f1c0c24c6e58c371b3fadaca0596d5d511e476 nokogiri-1.14.2-x86_64-linux.gem </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md">nokogiri's changelog</a>.</em></p> <blockquote> <h2>1.14.3 / 2023-04-11</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to address CVE-2023-29469, CVE-2023-28484, and one other security-related issue. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-pxvg-2qj5-37jq">GHSA-pxvg-2qj5-37jqGHSA-pxvg-2qj5-37jq</a> for more information.</li> </ul> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4">v2.10.4</a> from v2.10.3.</li> </ul> <h2>1.14.2 / 2023-02-13</h2> <h3>Fixed</h3> <ul> <li>Calling <code>NodeSet#to_html</code> on an empty node set no longer raises an encoding-related exception. This bug was introduced in v1.14.0 while fixing <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2649">#2649</a>. [<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2784">#2784</a>]</li> </ul> <h2>1.14.1 / 2023-01-30</h2> <h3>Fixed</h3> <ul> <li>Serializing documents now works again with pseudo-IO objects that don't support IO's encoding API (like rubyzip's <code>Zip::OutputStream</code>). This was a regression in v1.14.0 due to the fix for <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/752">#752</a> in <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2434">#2434</a>, and was not completely fixed by <a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2753">#2753</a>. [<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/2773">#2773</a>]</li> <li>[CRuby] Address compiler warnings about <code>void*</code> casting and old-style C function definitions.</li> </ul> <h2>1.14.0 / 2023-01-12</h2> <h3>Notable Changes</h3> <h4>Ruby</h4> <p>This release introduces native gem support for Ruby 3.2. (Also see "Technical note" under "Changed" below.)</p> <p>This release ends support for:</p> <ul> <li>Ruby 2.6, for which <a href="https://www.ruby-lang.org/en/downloads/branches/">upstream support ended 2022-04-12</a>.</li> <li>JRuby 9.3, which is not fully compatible with Ruby 2.7+</li> </ul> <h4>Faster, more reliable installation: Native Gem for <code>aarch64-linux</code> (aka <code>linux/arm64/v8</code>)</h4> <p>This version of Nokogiri ships <em>official</em> native gem support for the <code>aarch64-linux</code> platform, which should support AWS Graviton and other ARM64 Linux platforms. Please note that glibc >= 2.29 is required for aarch64-linux systems, see <a href="https://nokogiri.org/#supported-platforms">Supported Platforms</a> for more information.</p> <h4>Faster, more reliable installation: Native Gem for <code>arm-linux</code> (aka <code>linux/arm/v7</code>)</h4> <p>This version of Nokogiri ships <em>experimental</em> native gem support for the <code>arm-linux</code> platform. Please note that glibc >= 2.29 is required for arm-linux systems, see <a href="https://nokogiri.org/#supported-platforms">Supported Platforms</a> for more information.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
dependabot[bot]
|
2d822356ff
|
Bump commonmarker from 0.23.7 to 0.23.9 in /docs (#3054)
Bumps [commonmarker](https://github.com/gjtorikian/commonmarker) from 0.23.7 to 0.23.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gjtorikian/commonmarker/releases">commonmarker's releases</a>.</em></p> <blockquote> <h2>v0.23.9</h2> <h2>What's Changed</h2> <ul> <li>Update to 0.29.0.gfm.11 by <a href="https://github.com/anticomputer"><code>@anticomputer</code></a> in <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/236">gjtorikian/commonmarker#236</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.8...v0.23.9">https://github.com/gjtorikian/commonmarker/compare/v0.23.8...v0.23.9</a></p> <h2>v0.23.8</h2> <h2>What's Changed</h2> <ul> <li>Update cmark-upstream to <code>0.29.0.gfm.9</code> by <a href="https://github.com/smockle"><code>@smockle</code></a> in <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/227">gjtorikian/commonmarker#227</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/smockle"><code>@smockle</code></a> made their first contribution in <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/227">gjtorikian/commonmarker#227</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.7...v0.23.8">https://github.com/gjtorikian/commonmarker/compare/v0.23.7...v0.23.8</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/gjtorikian/commonmarker/blob/main/CHANGELOG.md">commonmarker's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v1.0.0.pre9">v1.0.0.pre9</a> (2023-03-28)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v1.0.0.pre8...v1.0.0.pre9">Full Changelog</a></p> <p><strong>Merged pull requests:</strong></p> <ul> <li>Updates from upstream <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/235">#235</a> (<a href="https://github.com/gjtorikian">gjtorikian</a>)</li> <li>Bump comrak from 0.16.0 to 0.17.1 <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/234">#234</a> (<a href="https://github.com/apps/dependabot">dependabot[bot]</a>)</li> <li>Bump magnus from 0.5.1 to 0.5.2 <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/233">#233</a> (<a href="https://github.com/apps/dependabot">dependabot[bot]</a>)</li> <li>Add ability to load <code>tmtheme</code>s from a folder <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/232">#232</a> (<a href="https://github.com/gjtorikian">gjtorikian</a>)</li> <li>Bump magnus from 0.5.0 to 0.5.1 <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/231">#231</a> (<a href="https://github.com/apps/dependabot">dependabot[bot]</a>)</li> <li>Bump magnus from 0.4.4 to 0.5.0 <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/230">#230</a> (<a href="https://github.com/apps/dependabot">dependabot[bot]</a>)</li> <li>Test the new integrated rb-sys <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/228">#228</a> (<a href="https://github.com/gjtorikian">gjtorikian</a>)</li> </ul> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v1.0.0.pre8">v1.0.0.pre8</a> (2023-03-09)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.8...v1.0.0.pre8">Full Changelog</a></p> <p><strong>Closed issues:</strong></p> <ul> <li>Something changed in how header anchors are named in the output HTML <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/229">#229</a></li> <li>Problem with CommonMarker on an Azure VM <a href="https://redirect.github.com/gjtorikian/commonmarker/issues/226">#226</a></li> </ul> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v0.23.8">v0.23.8</a> (2023-01-31)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v1.0.0.pre7...v0.23.8">Full Changelog</a></p> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v1.0.0.pre7">v1.0.0.pre7</a> (2023-01-26)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.7...v1.0.0.pre7">Full Changelog</a></p> <p><strong>Merged pull requests:</strong></p> <ul> <li>Bump comrak from 0.15.0 to 0.16.0 <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/225">#225</a> (<a href="https://github.com/apps/dependabot">dependabot[bot]</a>)</li> <li>Change <code>unsafe_</code> to <code>unsafe</code> <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/220">#220</a> (<a href="https://github.com/gjtorikian">gjtorikian</a>)</li> <li>Clarify syntax highlighter plugin usage in README <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/218">#218</a> (<a href="https://github.com/DannyBen">DannyBen</a>)</li> <li>Fix a couple of misleading README points <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/215">#215</a> (<a href="https://github.com/DannyBen">DannyBen</a>)</li> <li>remove gemspec <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/214">#214</a> (<a href="https://github.com/gjtorikian">gjtorikian</a>)</li> <li>Add shortcodes/emoji <a href="https://redirect.github.com/gjtorikian/commonmarker/pull/210">#210</a> (<a href="https://github.com/gjtorikian">gjtorikian</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
dependabot[bot]
|
9c826d064d
|
Bump activesupport from 6.0.5 to 6.0.6.1 in /docs (#2959)
Bumps [activesupport](https://github.com/rails/rails) from 6.0.5 to 6.0.6.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rails/rails/releases">activesupport's releases</a>.</em></p> <blockquote> <h2>v6.0.6.1</h2> <h2>Active Support</h2> <ul> <li>No changes.</li> </ul> <h2>Active Model</h2> <ul> <li>No changes.</li> </ul> <h2>Active Record</h2> <ul> <li> <p>Make <code>sanitize_as_sql_comment</code> more strict</p> <p>Though this method was likely never meant to take user input, it was attempting sanitization. That sanitization could be bypassed with carefully crafted input.</p> <p>This commit makes the sanitization more robust by replacing any occurrances of "/<em>" or "</em>/" with "/ <em>" or "</em> /". It also performs a first pass to remove one surrounding comment to avoid compatibility issues for users relying on the existing removal.</p> <p>This also clarifies in the documentation of annotate that it should not be provided user input.</p> <p>[CVE-2023-22794]</p> </li> </ul> <h2>Action View</h2> <ul> <li>No changes.</li> </ul> <h2>Action Pack</h2> <ul> <li>No changes.</li> </ul> <h2>Active Job</h2> <ul> <li>No changes.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
dependabot[bot]
|
ace44458b2
|
Bump commonmarker from 0.23.6 to 0.23.7 in /docs (#2952)
Bumps [commonmarker](https://github.com/gjtorikian/commonmarker) from 0.23.6 to 0.23.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gjtorikian/commonmarker/releases">commonmarker's releases</a>.</em></p> <blockquote> <h2>v0.23.7</h2> <h2>What's Changed</h2> <ul> <li>C API stable test by <a href="https://github.com/gjtorikian"><code>@gjtorikian</code></a> in <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/201">gjtorikian/commonmarker#201</a></li> <li>Update to 29.0.gfm.7 by <a href="https://github.com/anticomputer"><code>@anticomputer</code></a> in <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/224">gjtorikian/commonmarker#224</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.6...v0.23.7">https://github.com/gjtorikian/commonmarker/compare/v0.23.6...v0.23.7</a></p> <h2>v0.23.7.pre1</h2> <h2>What's Changed</h2> <ul> <li>C API stable test by <a href="https://github.com/gjtorikian"><code>@gjtorikian</code></a> in <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/201">gjtorikian/commonmarker#201</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gjtorikian/commonmarker/compare/v0.23.6...v0.23.7.pre1">https://github.com/gjtorikian/commonmarker/compare/v0.23.6...v0.23.7.pre1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/gjtorikian/commonmarker/blob/main/CHANGELOG.md">commonmarker's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v1.0.0.pre6">v1.0.0.pre6</a> (2023-01-09)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v1.0.0.pre5...v1.0.0.pre6">Full Changelog</a></p> <p><strong>Closed issues:</strong></p> <ul> <li>Cargo.lock prevents Ruby 3.2.0 from installing commonmarker v1.0.0.pre4 <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/issues/211">#211</a></li> </ul> <p><strong>Merged pull requests:</strong></p> <ul> <li>always use rb_sys (don't use Ruby's emerging cargo tooling where available) <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/213">#213</a> (<a href="https://github.com/kivikakk">kivikakk</a>)</li> </ul> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v1.0.0.pre5">v1.0.0.pre5</a> (2023-01-08)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v1.0.0.pre4...v1.0.0.pre5">Full Changelog</a></p> <p><strong>Merged pull requests:</strong></p> <ul> <li>Provide 3.2 build support <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/212">#212</a> (<a href="https://github.com/gjtorikian">gjtorikian</a>)</li> </ul> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v1.0.0.pre4">v1.0.0.pre4</a> (2022-12-28)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v1.0.0.pre3...v1.0.0.pre4">Full Changelog</a></p> <p><strong>Closed issues:</strong></p> <ul> <li>Will the cmark-gfm branch continue to be maintained for awhile? <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/issues/207">#207</a></li> </ul> <p><strong>Merged pull requests:</strong></p> <ul> <li>Implement native syntax highlighting <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/209">#209</a> (<a href="https://github.com/gjtorikian">gjtorikian</a>)</li> <li>Bump magnus from 0.4.3 to 0.4.4 <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/208">#208</a> (<a href="https://github.com/apps/dependabot">dependabot[bot]</a>)</li> <li>Bump magnus from 0.4.2 to 0.4.3 <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/206">#206</a> (<a href="https://github.com/apps/dependabot">dependabot[bot]</a>)</li> <li>Bump comrak from 0.14.0 to 0.15.0 <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/205">#205</a> (<a href="https://github.com/apps/dependabot">dependabot[bot]</a>)</li> <li>Bump magnus from 0.4.1 to 0.4.2 <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/204">#204</a> (<a href="https://github.com/apps/dependabot">dependabot[bot]</a>)</li> </ul> <h2><a href="https://github.com/gjtorikian/commonmarker/tree/v1.0.0.pre3">v1.0.0.pre3</a> (2022-11-30)</h2> <p><a href="https://github.com/gjtorikian/commonmarker/compare/v1.0.0.pre.2...v1.0.0.pre3">Full Changelog</a></p> <p><strong>Closed issues:</strong></p> <ul> <li>Code block incorrectly parsed in commonmarker 1.0.0.pre <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/issues/202">#202</a></li> </ul> <p><strong>Merged pull requests:</strong></p> <ul> <li>Windows build <a href="https://github-redirect.dependabot.com/gjtorikian/commonmarker/pull/197">#197</a> (<a href="https://github.com/gjtorikian">gjtorikian</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
dependabot[bot]
|
8846de7312
|
Bump nokogiri from 1.13.9 to 1.13.10 in /docs (#2909)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.9 to 1.13.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/releases">nokogiri's releases</a>.</em></p> <blockquote> <h2>1.13.10 / 2022-12-07</h2> <h3>Security</h3> <ul> <li>[CRuby] Address CVE-2022-23476, unchecked return value from <code>xmlTextReaderExpand</code>. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj">GHSA-qv4q-mr5r-qprj</a> for more information.</li> </ul> <h3>Improvements</h3> <ul> <li>[CRuby] <code>XML::Reader#attribute_hash</code> now returns <code>nil</code> on parse errors. This restores the behavior of <code>#attributes</code> from v1.13.7 and earlier. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2715">#2715</a>]</li> </ul> <hr /> <p>sha256 checksums:</p> <pre><code>777ce2e80f64772e91459b943e531dfef387e768f2255f9bc7a1655f254bbaa1 nokogiri-1.13.10-aarch64-linux.gem b432ff47c51386e07f7e275374fe031c1349e37eaef2216759063bc5fa5624aa nokogiri-1.13.10-arm64-darwin.gem 73ac581ddcb680a912e92da928ffdbac7b36afd3368418f2cee861b96e8c830b nokogiri-1.13.10-java.gem 916aa17e624611dddbf2976ecce1b4a80633c6378f8465cff0efab022ebc2900 nokogiri-1.13.10-x64-mingw-ucrt.gem 0f85a1ad8c2b02c166a6637237133505b71a05f1bb41b91447005449769bced0 nokogiri-1.13.10-x64-mingw32.gem 91fa3a8724a1ce20fccbd718dafd9acbde099258183ac486992a61b00bb17020 nokogiri-1.13.10-x86-linux.gem d6663f5900ccd8f72d43660d7f082565b7ffcaade0b9a59a74b3ef8791034168 nokogiri-1.13.10-x86-mingw32.gem 81755fc4b8130ef9678c76a2e5af3db7a0a6664b3cba7d9fe8ef75e7d979e91b nokogiri-1.13.10-x86_64-darwin.gem 51d5246705dedad0a09b374d09cc193e7383a5dd32136a690a3cd56e95adf0a3 nokogiri-1.13.10-x86_64-linux.gem d3ee00f26c151763da1691c7fc6871ddd03e532f74f85101f5acedc2d099e958 nokogiri-1.13.10.gem </code></pre> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md">nokogiri's changelog</a>.</em></p> <blockquote> <h2>1.13.10 / 2022-12-07</h2> <h3>Security</h3> <ul> <li>[CRuby] Address CVE-2022-23476, unchecked return value from <code>xmlTextReaderExpand</code>. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj">GHSA-qv4q-mr5r-qprj</a> for more information.</li> </ul> <h3>Improvements</h3> <ul> <li>[CRuby] <code>XML::Reader#attribute_hash</code> now returns <code>nil</code> on parse errors. This restores the behavior of <code>#attributes</code> from v1.13.7 and earlier. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2715">#2715</a>]</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
dependabot[bot]
|
f3dae0e749
|
Bump nokogiri from 1.13.6 to 1.13.9 in /docs (#2809)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.6 to 1.13.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/releases">nokogiri's releases</a>.</em></p> <blockquote> <h2>1.13.9 / 2022-10-18</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to address <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-2309">CVE-2022-2309</a>, <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-40304">CVE-2022-40304</a>, and <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-40303">CVE-2022-40303</a>. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw">GHSA-2qc6-mcvw-92cw</a> for more information.</li> <li>[CRuby] Vendored zlib is updated to address <a href="https://ubuntu.com/security/CVE-2022-37434">CVE-2022-37434</a>. Nokogiri was not affected by this vulnerability, but this version of zlib was being flagged up by some vulnerability scanners, see <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2626">#2626</a> for more information.</li> </ul> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.3">v2.10.3</a> from v2.9.14.</li> <li>[CRuby] Vendored libxslt is updated to <a href="https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.37">v1.1.37</a> from v1.1.35.</li> <li>[CRuby] Vendored zlib is updated from 1.2.12 to 1.2.13. (See <a href="https://github.com/sparklemotion/nokogiri/blob/v1.13.x/LICENSE-DEPENDENCIES.md#platform-releases">LICENSE-DEPENDENCIES.md</a> for details on which packages redistribute this library.)</li> </ul> <h3>Fixed</h3> <ul> <li>[CRuby] <code>Nokogiri::XML::Namespace</code> objects, when compacted, update their internal struct's reference to the Ruby object wrapper. Previously, with GC compaction enabled, a segmentation fault was possible after compaction was triggered. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2658">#2658</a>] (Thanks, <a href="https://github.com/eightbitraptor"><code>@eightbitraptor</code></a> and <a href="https://github.com/peterzhu2118"><code>@peterzhu2118</code></a>!)</li> <li>[CRuby] <code>Document#remove_namespaces!</code> now defers freeing the underlying <code>xmlNs</code> struct until the <code>Document</code> is GCed. Previously, maintaining a reference to a <code>Namespace</code> object that was removed in this way could lead to a segfault. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2658">#2658</a>]</li> </ul> <hr /> <p>sha256 checksums:</p> <pre><code>9b69829561d30c4461ea803baeaf3460e8b145cff7a26ce397119577a4083a02 nokogiri-1.13.9-aarch64-linux.gem e76ebb4b7b2e02c72b2d1541289f8b0679fb5984867cf199d89b8ef485764956 nokogiri-1.13.9-arm64-darwin.gem 15bae7d08bddeaa898d8e3f558723300137c26a2dc2632a1f89c8574c4467165 nokogiri-1.13.9-java.gem f6a1dbc7229184357f3129503530af73cc59ceba4932c700a458a561edbe04b9 nokogiri-1.13.9-x64-mingw-ucrt.gem 36d935d799baa4dc488024f71881ff0bc8b172cecdfc54781169c40ec02cbdb3 nokogiri-1.13.9-x64-mingw32.gem ebaf82aa9a11b8fafb67873d19ee48efb565040f04c898cdce8ca0cd53ff1a12 nokogiri-1.13.9-x86-linux.gem 11789a2a11b28bc028ee111f23311461104d8c4468d5b901ab7536b282504154 nokogiri-1.13.9-x86-mingw32.gem 01830e1646803ff91c0fe94bc768ff40082c6de8cfa563dafd01b3f7d5f9d795 nokogiri-1.13.9-x86_64-darwin.gem 8e93b8adec22958013799c8690d81c2cdf8a90b6f6e8150ab22e11895844d781 nokogiri-1.13.9-x86_64-linux.gem 96f37c1baf0234d3ae54c2c89aef7220d4a8a1b03d2675ff7723565b0a095531 nokogiri-1.13.9.gem </code></pre> <h2>1.13.8 / 2022-07-23</h2> <h3>Deprecated</h3> <ul> <li><code>XML::Reader#attribute_nodes</code> is deprecated due to incompatibility between libxml2's <code>xmlReader</code> memory semantics and Ruby's garbage collector. Although this method continues to exist for backwards compatibility, it is unsafe to call and may segfault. This method will be removed in a future version of Nokogiri, and callers should use <code>#attribute_hash</code> instead. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2598">#2598</a>]</li> </ul> <h3>Improvements</h3> <ul> <li><code>XML::Reader#attribute_hash</code> is a new method to safely retrieve the attributes of a node from <code>XML::Reader</code>. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2598">#2598</a>, <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2599">#2599</a>]</li> </ul> <h3>Fixed</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md">nokogiri's changelog</a>.</em></p> <blockquote> <h2>1.13.9 / 2022-10-18</h2> <h3>Security</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to address <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-2309">CVE-2022-2309</a>, <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-40304">CVE-2022-40304</a>, and <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-40303">CVE-2022-40303</a>. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw">GHSA-2qc6-mcvw-92cw</a> for more information.</li> <li>[CRuby] Vendored zlib is updated to address <a href="https://ubuntu.com/security/CVE-2022-37434">CVE-2022-37434</a>. Nokogiri was not affected by this vulnerability, but this version of zlib was being flagged up by some vulnerability scanners, see <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2626">#2626</a> for more information.</li> </ul> <h3>Dependencies</h3> <ul> <li>[CRuby] Vendored libxml2 is updated to <a href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.3">v2.10.3</a> from v2.9.14.</li> <li>[CRuby] Vendored libxslt is updated to <a href="https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.37">v1.1.37</a> from v1.1.35.</li> <li>[CRuby] Vendored zlib is updated from 1.2.12 to 1.2.13. (See <a href="https://github.com/sparklemotion/nokogiri/blob/v1.13.x/LICENSE-DEPENDENCIES.md#platform-releases">LICENSE-DEPENDENCIES.md</a> for details on which packages redistribute this library.)</li> </ul> <h3>Fixed</h3> <ul> <li>[CRuby] <code>Nokogiri::XML::Namespace</code> objects, when compacted, update their internal struct's reference to the Ruby object wrapper. Previously, with GC compaction enabled, a segmentation fault was possible after compaction was triggered. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2658">#2658</a>] (Thanks, <a href="https://github.com/eightbitraptor"><code>@eightbitraptor</code></a> and <a href="https://github.com/peterzhu2118"><code>@peterzhu2118</code></a>!)</li> <li>[CRuby] <code>Document#remove_namespaces!</code> now defers freeing the underlying <code>xmlNs</code> struct until the <code>Document</code> is GCed. Previously, maintaining a reference to a <code>Namespace</code> object that was removed in this way could lead to a segfault. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2658">#2658</a>]</li> </ul> <h2>1.13.8 / 2022-07-23</h2> <h3>Deprecated</h3> <ul> <li><code>XML::Reader#attribute_nodes</code> is deprecated due to incompatibility between libxml2's <code>xmlReader</code> memory semantics and Ruby's garbage collector. Although this method continues to exist for backwards compatibility, it is unsafe to call and may segfault. This method will be removed in a future version of Nokogiri, and callers should use <code>#attribute_hash</code> instead. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2598">#2598</a>]</li> </ul> <h3>Improvements</h3> <ul> <li><code>XML::Reader#attribute_hash</code> is a new method to safely retrieve the attributes of a node from <code>XML::Reader</code>. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2598">#2598</a>, <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2599">#2599</a>]</li> </ul> <h3>Fixed</h3> <ul> <li>[CRuby] Calling <code>XML::Reader#attributes</code> is now safe to call. In Nokogiri <= 1.13.7 this method may segfault. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2598">#2598</a>, <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2599">#2599</a>]</li> </ul> <h2>1.13.7 / 2022-07-12</h2> <h3>Fixed</h3> <p><code>XML::Node</code> objects, when compacted, update their internal struct's reference to the Ruby object wrapper. Previously, with GC compaction enabled, a segmentation fault was possible after compaction was triggered. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2578">#2578</a>] (Thanks, <a href="https://github.com/eightbitraptor"><code>@eightbitraptor</code></a>!)</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
dependabot[bot]
|
61a34d7cfb
|
Bump commonmarker from 0.23.4 to 0.23.6 in /docs (#2731)
Bumps [commonmarker](https://github.com/gjtorikian/commonmarker) from 0.23.4 to 0.23.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gjtorikian/commonmarker/releases">commonmarker's releases</a>.</em></p> <blockquote> <h2>v0.23.6</h2> <h2>What's Changed</h2> <p>This release includes two updates from the upstream <code>cmark-gfm</code> library, namely:</p> <ul> <li><a href="https://github.com/github/cmark-gfm/releases">DoS vulnerability in autolink extension</a> per <a href="https://github.com/github/cmark-gfm/security/advisories/GHSA-cgh3-p57x-9q7q">GHSA-cgh3-p57x-9q7q</a></li> <li><a href="https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.5">Added <code>xmpp:</code> and <code>mailto:</code> support to the autolink extension</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/gjtorikian/commonmarker/blob/main/CHANGELOG.md">commonmarker's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
dependabot[bot]
|
a201b4400d
|
Bump tzinfo from 1.2.9 to 1.2.10 in /docs (#2584)
Bumps [tzinfo](https://github.com/tzinfo/tzinfo) from 1.2.9 to 1.2.10. - [Release notes](https://github.com/tzinfo/tzinfo/releases) - [Changelog](https://github.com/tzinfo/tzinfo/blob/master/CHANGES.md) - [Commits](https://github.com/tzinfo/tzinfo/compare/v1.2.9...v1.2.10) --- updated-dependencies: - dependency-name: tzinfo dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
Neil Alexander
|
19a9166eb0
|
New documentation: https://matrix-org.github.io/dendrite/ |