search

Nexmo / station

Ruby gem to start a platform site with specified markdown content
Other
11 stars 6 forks source link

Bump nokogiri from 1.13.4 to 1.15.0 in /lib/nexmo_developer #1843

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps nokogiri from 1.13.4 to 1.15.0.

Release notes

Sourced from nokogiri's releases.

1.15.0 / 2023-05-15

Notes

Ability to opt into system malloc and free

Since 2009, Nokogiri has configured libxml2 to use ruby_xmalloc et al for memory management. This has provided benefits for memory management, but comes with a performance penalty.

Users can now opt into using system malloc for libxml2 memory management by setting an environment variable:

# "default" here means "libxml2's default" which is system malloc
NOKOGIRI_LIBXML_MEMORY_MANAGEMENT=default

Benchmarks show that this setting will significantly improve performance, but be aware that the tradeoff may involve poorer memory management including bloated heap sizes and/or OOM conditions.

You can read more about this in the decision record at https://github.com/sparklemotion/nokogiri/blob/HEAD/adr/2023-04-libxml-memory-management.md.

Dependencies

Added

Changed

  • [CRuby] Schema.from_document now makes a defensive copy of the document if it has blank text nodes with Ruby objects instantiated for them. This prevents unsafe behavior in libxml2 from causing a segfault. There is a small performance cost, but we think this has the virtue of being "what the user meant" since modifying the original is surprising behavior for most users. Previously this was addressed in v1.10.9 by raising an exception.

Fixed

  • [CRuby] XSLT.transform now makes a defensive copy of the document if it has blank text nodes with Ruby objects instantiated for them and the template uses xsl:strip-spaces. This prevents unsafe behavior in libxslt from causing a segfault. There is a small performance cost, but we think this has the virtue of being "what the user meant" since modifying the original is surprising behavior for most users. Previously this would allow unsafe memory access and potentially segfault. [#2800]

Improved

  • Nokogiri::XML::Node::SaveOptions#inspect now shows the names of the options set in the bitmask, similar to ParseOptions. [#2767]

... (truncated)

Changelog

Sourced from nokogiri's changelog.

1.15.0 / 2023-05-15

Notes

Ability to opt into system malloc and free

Since 2009, Nokogiri has configured libxml2 to use ruby_xmalloc et al for memory management. This has provided benefits for memory management, but comes with a performance penalty.

Users can now opt into using system malloc for libxml2 memory management by setting an environment variable:

# "default" here means "libxml2's default" which is system malloc
NOKOGIRI_LIBXML_MEMORY_MANAGEMENT=default

Benchmarks show that this setting will significantly improve performance, but be aware that the tradeoff may involve poorer memory management including bloated heap sizes and/or OOM conditions.

You can read more about this in the decision record at https://github.com/sparklemotion/nokogiri/blob/main/adr/2023-04-libxml-memory-management.md.

Dependencies

Added

Changed

  • [CRuby] Schema.from_document now makes a defensive copy of the document if it has blank text nodes with Ruby objects instantiated for them. This prevents unsafe behavior in libxml2 from causing a segfault. There is a small performance cost, but we think this has the virtue of being "what the user meant" since modifying the original is surprising behavior for most users. Previously this was addressed in v1.10.9 by raising an exception.

Fixed

  • [CRuby] XSLT.transform now makes a defensive copy of the document if it has blank text nodes with Ruby objects instantiated for them and the template uses xsl:strip-spaces. This prevents unsafe behavior in libxslt from causing a segfault. There is a small performance cost, but we think this has the virtue of being "what the user meant" since modifying the original is surprising behavior for most users. Previously this would allow unsafe memory access and potentially segfault. [#2800]

Improved

  • Nokogiri::XML::Node::SaveOptions#inspect now shows the names of the options set in the bitmask, similar to ParseOptions. [#2767]

... (truncated)

Commits
  • ebb9eca version bump to v1.15.0
  • 0bf048e doc: update changelog with libxslt version
  • 32c7543 Merge pull request #2866 from sparklemotion/flavorjones-upgrade-libxml2-2.11.0
  • 1987d80 doc: v1.14.4 release notes
  • 8dd3ddb Merge pull request #2873 from chadlwilson/xalan-273
  • cd79753 dep: update libxml2 to v2.11.3 from v2.11.2
  • 1081682 dep(xalan): ensure output property method is set
  • 73c3b1c test: updating tests to match xalan 2.7.3 behavior
  • 82e3ab5 Merge pull request #2874 from sparklemotion/dependabot/bundler/rubocop-minite...
  • 84edfa5 dep: update jar files for xalan
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 1 year ago

Dependabot tried to add @fabianrbz as a reviewer to this PR, but received the following error from GitHub:

POST https://api.github.com/repos/Nexmo/station/pulls/1843/requested_reviewers: 422 - Reviews may only be requested from collaborators. One or more of the users or teams you specified is not a collaborator of the Nexmo/station repository. // See: https://docs.github.com/rest/reference/pulls#request-reviewers-for-a-pull-request
dependabot[bot] commented 1 year ago

Superseded by #1845.