Update nokogiri requirement from = 1.11.7 to = 1.14.4

[dependabot[bot]]

Updates the requirements on nokogiri to permit the latest version.

Release notes

Sourced from nokogiri's releases.

1.14.4 / 2023-05-11

Dependencies

• [JRuby] Vendored Xalan-J is updated to v2.7.3. This is the first Xalan release in nine years, and it was done to address CVE-2022-34169.

  The Nokogiri maintainers wish to stress that Nokogiri users were not vulnerable to this CVE, as we explained in GHSA-qwq9-89rg-ww72, and so upgrading is really at the discretion of users.

  This release was cut primarily so that JRuby users of v1.14.x can avoid vulnerability scanner alerts on earlier versions of Xalan-J.

---

sha256 checksums:

0fbca96bd832e0b12a2c4419b9a102329630d4e40a125cb85a0cae1585bc295d  nokogiri-1.14.4-aarch64-linux.gem
fe5b2c44c07b8042421634676c692d2780359c0df5d94daecb11493c028bcdf0  nokogiri-1.14.4-arm-linux.gem
44ded02aae759bada0161b7872116305f5e8b5dae924427290efd63e9adc2f3f  nokogiri-1.14.4-arm64-darwin.gem
d915a9b96d333c57d3a1bb72f05435ef311ecb19ae3b1c8c3f2263b67b519dde  nokogiri-1.14.4-java.gem
3ba597a50b6217e19a1bf1e5467022669ebad598951fa53314ed6e0ecbf41438  nokogiri-1.14.4-x64-mingw-ucrt.gem
2270ef8fc1f57fc0fa2391f82d460c0bf34b4d9e4a19a0ac81a2cb9bcffbaf2b  nokogiri-1.14.4-x64-mingw32.gem
bcccf4720d459be74f08e5b4c9704e67fbab8498cc36c686dcba69111996fb6b  nokogiri-1.14.4-x86-linux.gem
1a574a0a375dff5449af4168e432185ee77d0ad8368b60f6c4a2a699aff5c955  nokogiri-1.14.4-x86-mingw32.gem
c6400189fec268546d981a072828a44b8d4a1b2a32bee5026243c99af231b602  nokogiri-1.14.4-x86_64-darwin.gem
6d0e4e4f079fc03aa8b01cd8493acc1c34f7ae51fc0d58a04b6a0de73f8a53d8  nokogiri-1.14.4-x86_64-linux.gem
2bd1af41a980c51b8f073a3414213c8cf1c756a6e42984ad20a4a23f2e87e00d  nokogiri-1.14.4.gem

Changelog

Sourced from nokogiri's changelog.

1.14.4 / 2023-05-11

Dependencies

• [JRuby] Vendored Xalan-J is updated to v2.7.3. This is the first Xalan release in nine years, and it was done to address CVE-2022-34169.

  The Nokogiri maintainers wish to stress that Nokogiri users were not vulnerable to this CVE, as we explained in GHSA-qwq9-89rg-ww72, and so upgrading is really at the discretion of users.

  This release was cut primarily so that JRuby users of v1.14.x can avoid vulnerability scanner alerts on earlier versions of Xalan-J.

1.14.3 / 2023-04-11

Security

• [CRuby] Vendored libxml2 is updated to address CVE-2023-29469, CVE-2023-28484, and one other security-related issue. See GHSA-pxvg-2qj5-37jqGHSA-pxvg-2qj5-37jq for more information.

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.10.4 from v2.10.3.

1.14.2 / 2023-02-13

Fixed

• Calling NodeSet#to_html on an empty node set no longer raises an encoding-related exception. This bug was introduced in v1.14.0 while fixing #2649. [#2784]

1.14.1 / 2023-01-30

Fixed

• Serializing documents now works again with pseudo-IO objects that don't support IO's encoding API (like rubyzip's Zip::OutputStream). This was a regression in v1.14.0 due to the fix for #752 in #2434, and was not completely fixed by #2753. [#2773]
• [CRuby] Address compiler warnings about void* casting and old-style C function definitions.

1.14.0 / 2023-01-12

Notable Changes

Ruby

This release introduces native gem support for Ruby 3.2. (Also see "Technical note" under "Changed" below.)

This release ends support for:

• Ruby 2.6, for which upstream support ended 2022-04-12.
• JRuby 9.3, which is not fully compatible with Ruby 2.7+

... (truncated)

Commits

• 71a2269 version bump to v1.14.4
• de74596 Merge pull request #2875 from sparklemotion/xalan-273_v1.14.x
• 3e91f5b dep(xalan): ensure output property method is set
• a3af6d1 test: updating tests to match xalan 2.7.3 behavior
• e3daaf4 dep: update jar files for xalan
• 75cc586 dep: update xalan to 2.7.3
• e8d2f4a version bump to v1.14.3
• 59fbc7b doc: update CHANGELOG for v1.14.3
• 347eacb Merge pull request #2852 from sparklemotion/flavorjones-libxml2-2.10.4-backport
• 36b0b33 dep: update libxml2 to 2.10.4 from 2.10.3
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Dependabot tried to add @fabianrbz as a reviewer to this PR, but received the following error from GitHub:

POST https://api.github.com/repos/Nexmo/station/pulls/1838/requested_reviewers: 422 - Reviews may only be requested from collaborators. One or more of the users or teams you specified is not a collaborator of the Nexmo/station repository. // See: https://docs.github.com/rest/reference/pulls#request-reviewers-for-a-pull-request

[dependabot[bot]]

Superseded by #1840.