[CRuby] Vendored libxml2 is updated to v2.12.9, which the upstream release notes state is a security release to address CVE-2024-40896. Nokogiri's maintainers believe this vulnerability does not affect users of Nokogiri, but we advise upgrading at your earliest convenience anyway.
[CRuby] Vendored libxml2 is updated to v2.12.9, which the upstream release notes state is a security release to address CVE-2024-40896. Nokogiri's maintainers believe this vulnerability does not affect users of Nokogiri, but we advise upgrading at your earliest convenience anyway.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Updates the requirements on org-ruby, creole, rexml, activesupport, minitest, sanitize and nokogiri to permit the latest version. Updates
org-ruby
from 0.9.9 to 0.9.12Changelog
Sourced from org-ruby's changelog.
Commits
8f1d183
Update release documentbc60a87
Update test for issue #2745dea6b
Update output example (fixes #27)98b2313
remove duplicated keys1b308b9
remove duplicated keysfd57a6d
Merge branch 'release-0.9.10'e7e1b77
Bump version to 0.9.10c4a4aa5
Merge branch 'skip-rubypants-pass' into release-0.9.10bbab8e6
Add testf4b93ff
Make it possible to disable the call to RubypantsUpdates
creole
from 0.3.8 to 0.5.0Changelog
Sourced from creole's changelog.
Commits
4953481
version 0.5.02959d4d
add method make_headline6311a25
remove obsolete method6f5e830
parse stuff inside link096a687
use character equality4d404e3
initialize variables87149cf
add travis.ymlfeb867a
tilt template removede648090
0.4.175f253a
fixUpdates
rexml
from 3.3.6 to 3.3.9Release notes
Sourced from rexml's releases.
... (truncated)
Changelog
Sourced from rexml's changelog.
... (truncated)
Commits
38eaa86
Add 3.3.9 entryce59f2e
parser: fix a bug that �x...; is accepted as a character referencea09646d
test: fix indentcf0fb9c
FixIOSource#readline
for@pending_buffer
(#215)1d0c362
OptimizeIOSource#read_until
method (#210)622011f
Bump version036d508
test: avoid using needless non ASCII characters4197054
Add 3.3.8 entry78f8712
Fix handling with "xml:" prefixed namespace (#208)2e1cd64
Optimize SAX2Parser#get_namespace (#207)Updates
activesupport
from 7.1.3.4 to 7.1.4.2Release notes
Sourced from activesupport's releases.
... (truncated)
Commits
e52d670
Preparing for 7.1.4.2 release5b5f0da
Preparing for 7.1.4.1 release1f56fd6
Merge pull request #52962 from rails/rm-releser6f57590
Preparing for 7.1.4 release63fe89d
Sync changelog128b5b0
Merge pull request #52631 from zenspider/zenspider/minitest-cleanupdbc560d
Merge pull request #52609 from rails/rm-minitest5141c14
Fixdelegate_missing_to allow_nil: true
when called with implict selfa2a12fc
Fix a performance regression in attribute methodsaa418a0
Merge pull request #52099 from justinko/issue-52089Updates
minitest
from 5.23.1 to 5.25.1Changelog
Sourced from minitest's changelog.
Commits
6d83843
prepped for release0ccdc80
- Fix incompatibility caused by minitest-hooks & rails invading minitest inte...9e7c58d
- Revert change from =~ to match? to allow for nil if $TERM undefined.393e334
prepped for release8cd3b1c
+ Refactored siginfo handler to reduce runtime costs. Saved ~30%!bd96499
normalized all actual/expected var names for assert_equal tests4fe69b1
Accept colon style Hash#inspect in test. (tompng)296269c
- Improve description of test:slow task. (stomar)1156b6c
- Cleaning up ancient code checking for defined?(Encoding) and the like.2bd62c5
Minor fix to make deprecation tests pass when using rake testW0Updates
sanitize
from 6.1.1 to 6.1.3Release notes
Sourced from sanitize's releases.
Changelog
Sourced from sanitize's changelog.
Commits
b0ec1d6
Release 6.1.3caa94cb
Update history for 6.1.3c168413
Avoid repeating the list of CSS image functionsa5d93bb
Add protocol allowlisting for -webkit-image-set CSS functiona98ac98
Release 6.1.29148cb0
Update history for 6.1.24478fa5
Enforce protocol allowlisting forimage
andimage-set
CSS funcsUpdates
nokogiri
from 1.16.6 to 1.16.7Release notes
Sourced from nokogiri's releases.
Changelog
Sourced from nokogiri's changelog.
Commits
d8d6ba3
version bump to v1.16.776199bb
dep: update libxml2 to v2.12.9 (branch v1.16.x) (#3297)ca92e48
dep: update packaged libxml2 to v2.12.9Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show