firehoseio / firehose

Build realtime Ruby web applications. Created by the fine folks at Poll Everywhere.
http://firehose.io/
MIT License
726 stars 72 forks source link

Bump nokogiri from 1.10.3 to 1.13.1 #95

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps nokogiri from 1.10.3 to 1.13.1.

Release notes

Sourced from nokogiri's releases.

1.13.1 / 2022-01-13

Fixed

  • Fix Nokogiri::XSLT.quote_params regression in v1.13.0 that raised an exception when non-string stylesheet parameters were passed. Non-string parameters (e.g., integers and symbols) are now explicitly supported and both keys and values will be stringified with #to_s. [#2418]
  • Fix HTML5 CSS selector query regression in v1.13.0 that raised an Nokogiri::XML::XPath::SyntaxError when parsing XPath attributes mixed into the CSS query. Although this mash-up of XPath and CSS syntax previously worked unintentionally, it is now an officially supported feature and is documented as such. [#2419]

SHA265 checksums

9206569b36f0066f943f174a832b50e69551c2a81333b7a62d4073e97ea4c3c6  nokogiri-1.13.1-aarch64-linux.gem
39d73197506acd3748c84600e000bb44ccd930695a9fc8b489b1b4df37dd14f0  nokogiri-1.13.1-arm64-darwin.gem
1aaa315876e2049b4418c60794f1f55bdb04cc9583b9b664dbb3c52696695207  nokogiri-1.13.1-java.gem
37d97e5fdaae4a14cc7122598616ac484d71c271004fb6cce6684c6734f41552  nokogiri-1.13.1-x64-mingw-ucrt.gem
683b030957c747d35499f8d766cad51a31ae9456098225af62fab7b27fe20129  nokogiri-1.13.1-x64-mingw32.gem
690958426e3151ba0c22e8d88637dba5e0c636107f3def2ffc10e334d451e61f  nokogiri-1.13.1-x86-linux.gem
30f94872729a1bbd41d6e2080bb0d48f4137a1323530263fd88299b41666ca06  nokogiri-1.13.1-x86-mingw32.gem
1fa3a5c9a460292ff03c7347185d2c394978c94fc96fd414bbfa8cef3eac7d72  nokogiri-1.13.1-x86_64-darwin.gem
843a379997c88a1b3d7524cd27b3ee652444f5371ff449af09929602fa26dfb5  nokogiri-1.13.1-x86_64-linux.gem
2138bb8e1bd5f11c2dc57a6a7ed93ddce35825dae7d25262658d89a222571fff  nokogiri-1.13.1.gem

1.13.0 / 2022-01-06

Notes

Ruby

This release introduces native gem support for Ruby 3.1. Please note that Windows users should use the x64-mingw-ucrt platform gem for Ruby 3.1, and x64-mingw32 for Ruby 2.6–3.0 (see RubyInstaller 3.1.0 release notes).

This release ends support for:

Faster, more reliable installation: Native Gem for ARM64 Linux

This version of Nokogiri ships experimental native gem support for the aarch64-linux platform, which should support AWS Graviton and other ARM Linux platforms. We don't yet have CI running for this platform, and so we're interested in hearing back from y'all whether this is working, and what problems you're seeing. Please send us feedback here: Feedback: Have you used the aarch64-linux native gem?

Publishing

This version of Nokogiri opts-in to the "MFA required to publish" setting on Rubygems.org. This and all future Nokogiri gem files must be published to Rubygems by an account with multi-factor authentication enabled. This should provide some additional protection against supply-chain attacks.

A related discussion about Trust exists at #2357 in which I invite you to participate if you have feelings or opinions on this topic.

... (truncated)

Changelog

Sourced from nokogiri's changelog.

1.13.1 / 2022-01-13

Fixed

  • Fix Nokogiri::XSLT.quote_params regression in v1.13.0 that raised an exception when non-string stylesheet parameters were passed. Non-string parameters (e.g., integers and symbols) are now explicitly supported and both keys and values will be stringified with #to_s. [#2418]
  • Fix CSS selector query regression in v1.13.0 that raised an Nokogiri::XML::XPath::SyntaxError when parsing XPath attributes mixed into the CSS query. Although this mash-up of XPath and CSS syntax previously worked unintentionally, it is now an officially supported feature and is documented as such. [#2419]

1.13.0 / 2022-01-06

Notes

Ruby

This release introduces native gem support for Ruby 3.1. Please note that Windows users should use the x64-mingw-ucrt platform gem for Ruby 3.1, and x64-mingw32 for Ruby 2.6–3.0 (see RubyInstaller 3.1.0 release notes).

This release ends support for:

Faster, more reliable installation: Native Gem for ARM64 Linux

This version of Nokogiri ships experimental native gem support for the aarch64-linux platform, which should support AWS Graviton and other ARM Linux platforms. We don't yet have CI running for this platform, and so we're interested in hearing back from y'all whether this is working, and what problems you're seeing. Please send us feedback here: Feedback: Have you used the aarch64-linux native gem?

Publishing

This version of Nokogiri opts-in to the "MFA required to publish" setting on Rubygems.org. This and all future Nokogiri gem files must be published to Rubygems by an account with multi-factor authentication enabled. This should provide some additional protection against supply-chain attacks.

A related discussion about Trust exists at #2357 in which I invite you to participate if you have feelings or opinions on this topic.

Dependencies

Improved

  • {XML,HTML4}::DocumentFragment constructors all now take an optional parse options parameter or block (similar to Document constructors). [#1692] (Thanks, @​JackMc!)
  • Nokogiri::CSS.xpath_for allows an XPathVisitor to be injected, for finer-grained control over how CSS queries are translated into XPath.
  • [CRuby] XML::Reader#encoding will return the encoding detected by the parser when it's not passed to the constructor. [#980]
  • [CRuby] Handle abruptly-closed HTML comments as recommended by WHATWG. (Thanks to tehryanx for reporting!)
  • [CRuby] Node#line is no longer capped at 65535. libxml v2.9.0 and later support a new parse option, exposed as Nokogiri::XML::ParseOptions::PARSE_BIG_LINES, which is turned on by default in ParseOptions::DEFAULT_{XML,XSLT,HTML,SCHEMA} (Note that JRuby already supported large line numbers.) [#1764, #1493, #1617, #1505, #1003, #533]
  • [CRuby] If a cycle is introduced when reparenting a node (i.e., the node becomes its own ancestor), a RuntimeError is raised. libxml2 does no checking for this, which means cycles would otherwise result in infinite loops on subsequent operations. (Note that JRuby already did this.) [#1912]
  • [CRuby] Source builds will download zlib and libiconv via HTTPS. ("ruby" platform gem only.) [#2391] (Thanks, @​jmartin-r7!)
  • [JRuby] Node#line behavior has been modified to return the line number of the node in the final DOM structure. This behavior is different from CRuby, which returns the node's position in the input string. Ideally the two implementations would be the same, but at least is now officially documented and tested. The real-world impact of this change is that the value returned in JRuby is greater by 1 to account for the XML prolog in the output. [#2380] (Thanks, @​dabdine!)

... (truncated)

Commits
  • f2fa791 version bump to v1.13.1
  • a770d97 Merge pull request #2423 from sparklemotion/backport-2419-css-at-attribute-sy...
  • fd252a2 doc: update CHANGELOG for #2419
  • 1b90388 doc: improve Searchable#css documentation
  • 1de42ce style: collapse whitespace in css/parser.y
  • 7e876a4 refactor: CSS parser AST uses :ATTRIB_NAME nodes consistently
  • f7786a3 refactor: extract xpath visitor html5 namespace handling logic
  • f0ed1e0 fix: regression with XPath attributes in CSS selectors
  • 461811a style: reformat parser.y
  • 1066475 test: wrap CSS integration tests in a describe
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/firehoseio/firehose/network/alerts).
dependabot[bot] commented 2 years ago

Superseded by #97.