Bump nokogiri from 1.10.10 to 1.11.1#2
Closed
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.10 to 1.11.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/releases">nokogiri's releases</a>.</em></p> <blockquote> <h2>v1.11.1 / 2021-01-06</h2> <h3>Fixed</h3> <ul> <li>[CRuby] If <code>libxml-ruby</code> is loaded before <code>nokogiri</code>, the SAX and Push parsers no longer call <code>libxml-ruby</code>'s handlers. Instead, they defensively override the libxml2 global handler before parsing. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2168">#2168</a>]</li> </ul> <h3>SHA-256 Checksums of published gems</h3> <pre><code>a41091292992cb99be1b53927e1de4abe5912742ded956b0ba3383ce4f29711c nokogiri-1.11.1-arm64-darwin.gem d44fccb8475394eb71f29dfa7bb3ac32ee50795972c4557ffe54122ce486479d nokogiri-1.11.1-java.gem f760285e3db732ee0d6e06370f89407f656d5181a55329271760e82658b4c3fc nokogiri-1.11.1-x64-mingw32.gem dd48343bc4628936d371ba7256c4f74513b6fa642e553ad7401ce0d9b8d26e1f nokogiri-1.11.1-x86-linux.gem 7f49138821d714fe2c5d040dda4af24199ae207960bf6aad4a61483f896bb046 nokogiri-1.11.1-x86-mingw32.gem 5c26111f7f26831508cc5234e273afd93f43fbbfd0dcae5394490038b88d28e7 nokogiri-1.11.1-x86_64-darwin.gem c3617c0680af1dd9fda5c0fd7d72a0da68b422c0c0b4cebcd7c45ff5082ea6d2 nokogiri-1.11.1-x86_64-linux.gem 42c2a54dd3ef03ef2543177bee3b5308313214e99f0d1aa85f984324329e5caa nokogiri-1.11.1.gem </code></pre> <h2>v1.11.0 / 2021-01-03</h2> <h3>Notes</h3> <h4>Faster, more reliable installation: Native Gems for Linux and OSX/Darwin</h4> <p>"Native gems" contain pre-compiled libraries for a specific machine architecture. On supported platforms, this removes the need for compiling the C extension and the packaged libraries. This results in <strong>much faster installation</strong> and <strong>more reliable installation</strong>, which as you probably know are the biggest headaches for Nokogiri users.</p> <p>We've been shipping native Windows gems since 2009, but starting in v1.11.0 we are also shipping native gems for these platforms:</p> <ul> <li>Linux: <code>x86-linux</code> and <code>x86_64-linux</code> -- including musl platforms like alpine</li> <li>OSX/Darwin: <code>x86_64-darwin</code> and <code>arm64-darwin</code></li> </ul> <p>We'd appreciate your thoughts and feedback on this work at <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2075">#2075</a>.</p> <h3>Dependencies</h3> <h4>Ruby</h4> <p>This release introduces support for Ruby 2.7 and 3.0 in the precompiled native gems.</p> <p>This release ends support for:</p> <ul> <li>Ruby 2.3, for which <a href="https://www.ruby-lang.org/en/news/2019/03/31/support-of-ruby-2-3-has-ended/">official support ended on 2019-03-31</a> [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1886">#1886</a>] (Thanks <a href="https://github.com/ashmaroli"><code>@ashmaroli</code></a>!)</li> <li>Ruby 2.4, for which <a href="https://www.ruby-lang.org/en/news/2020/04/05/support-of-ruby-2-4-has-ended/">official support ended on 2020-04-05</a></li> <li>JRuby 9.1, which is the Ruby 2.3-compatible release.</li> </ul> <h4>Gems</h4> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md">nokogiri's changelog</a>.</em></p> <blockquote> <h2>v1.11.1 / 2021-01-06</h2> <h3>Fixed</h3> <ul> <li>[CRuby] If <code>libxml-ruby</code> is loaded before <code>nokogiri</code>, the SAX and Push parsers no longer call <code>libxml-ruby</code>'s handlers. Instead, they defensively override the libxml2 global handler before parsing. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2168">#2168</a>]</li> </ul> <h2>v1.11.0 / 2021-01-03</h2> <h3>Notes</h3> <h4>Faster, more reliable installation: Native Gems for Linux and OSX/Darwin</h4> <p>"Native gems" contain pre-compiled libraries for a specific machine architecture. On supported platforms, this removes the need for compiling the C extension and the packaged libraries. This results in <strong>much faster installation</strong> and <strong>more reliable installation</strong>, which as you probably know are the biggest headaches for Nokogiri users.</p> <p>We've been shipping native Windows gems since 2009, but starting in v1.11.0 we are also shipping native gems for these platforms:</p> <ul> <li>Linux: <code>x86-linux</code> and <code>x86_64-linux</code> -- including musl platforms like alpine</li> <li>OSX/Darwin: <code>x86_64-darwin</code> and <code>arm64-darwin</code></li> </ul> <p>We'd appreciate your thoughts and feedback on this work at <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2075">#2075</a>.</p> <h3>Dependencies</h3> <h4>Ruby</h4> <p>This release introduces support for Ruby 2.7 and 3.0 in the precompiled native gems.</p> <p>This release ends support for:</p> <ul> <li>Ruby 2.3, for which <a href="https://www.ruby-lang.org/en/news/2019/03/31/support-of-ruby-2-3-has-ended/">official support ended on 2019-03-31</a> [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1886">#1886</a>] (Thanks <a href="https://github.com/ashmaroli"><code>@ashmaroli</code></a>!)</li> <li>Ruby 2.4, for which <a href="https://www.ruby-lang.org/en/news/2020/04/05/support-of-ruby-2-4-has-ended/">official support ended on 2020-04-05</a></li> <li>JRuby 9.1, which is the Ruby 2.3-compatible release.</li> </ul> <h4>Gems</h4> <ul> <li>Explicitly add racc as a runtime dependency. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1988">#1988</a>] (Thanks, <a href="https://github.com/voxik"><code>@voxik</code></a>!)</li> <li>[MRI] Upgrade mini_portile2 dependency from <code>~> 2.4.0</code> to <code>~> 2.5.0</code> [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2005">#2005</a>] (Thanks, <a href="https://github.com/alejandroperea"><code>@alejandroperea</code></a>!)</li> </ul> <h3>Security</h3> <p>See note below about CVE-2020-26247 in the "Changed" subsection entitled "XML::Schema parsing treats input as untrusted by default".</p> <h3>Added</h3> <ul> <li>Add Node methods for manipulating "keyword attributes" (for example, <code>class</code> and <code>rel</code>): <code>#kwattr_values</code>, <code>#kwattr_add</code>, <code>#kwattr_append</code>, and <code>#kwattr_remove</code>. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2000">#2000</a>]</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sparklemotion/nokogiri/commit/7be6f04aa2700e818f8a3bfe82801b5bd6e8c4f4"><code>7be6f04</code></a> version bump to v1.11.1</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/aa0c3991953c5955b0c2e778af961a2ca3225467"><code>aa0c399</code></a> dev: overhaul .gitignore</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/3d90c6d1bc871ad41c117efbd95c7d7b5a63344d"><code>3d90c6d</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2169">#2169</a> from sparklemotion/2168-active-support-test-failure</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/bbf850c6297347461df92b1f208f4e8fc744e1c8"><code>bbf850c</code></a> changelog: update for <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2168">#2168</a></li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/ee697726dc35f2996d5f5cf6b8c8e0516a79eadf"><code>ee69772</code></a> ci: another valgrind suppression</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/f9a2c4e050f337e30f08ac32f19e1e10f229723a"><code>f9a2c4e</code></a> fix: restore proper error handling in the SAX push parser</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/35aa88b75e7d8436217471ef6ff58f814466b26e"><code>35aa88b</code></a> fix(cruby): reset libxml2's error handler in sax and push parsers</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/07459fd0e0db1d488748726d1f4accd9bac18646"><code>07459fd</code></a> fix(test): clobber libxml2's global error handler before every test</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/b682ac5afeabfc636edf282700f05fd5923fa396"><code>b682ac5</code></a> ci: ensure all tests are running <code>setup</code></li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/007662fc216902a5ae186cb78b0d46f7f48b8d92"><code>007662f</code></a> github: update "installation difficulty" issue template</li> <li>Additional commits viewable in <a href="https://github.com/sparklemotion/nokogiri/compare/v1.10.10...v1.11.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/alxwrd/alxwrd.github.io/network/alerts). </details>
AI Analysis
This issue appears to be discussing a feature request or bug report related to the repository. Based on the content, it seems to be resolved. The issue was opened by dependabot[bot] and has received 0 comments.
Add a comment
Comment form would go here