Release notes
*Sourced from [nokogiri's releases](https://github.com/sparklemotion/nokogiri/releases).*
> ## 1.10.7 / 2019-12-03
>
> ### Bug
>
> * [MRI] Ensure the patch applied in v1.10.6 works with GNU `patch`. [#1954](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1954)
>
>
>
> ## 1.10.6 / 2019-12-03
>
> ### Bug
>
> * [MRI] Fix FreeBSD installation of vendored libxml2. [#1941, [#1953](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1953)] (Thanks, [@nurse](https://github.com/nurse)!)
>
>
>
> ## 1.10.5 / 2019-10-31
>
> ### Dependencies
>
> * [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
> * [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34
>
>
Changelog
*Sourced from [nokogiri's changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md).*
> ## 1.10.7 / 2019-12-03
>
> ### Bug
>
> * [MRI] Ensure the patch applied in v1.10.6 works with GNU `patch`. [#1954](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1954)
>
>
> ## 1.10.6 / 2019-12-03
>
> ### Bug
>
> * [MRI] Fix FreeBSD installation of vendored libxml2. [#1941, [#1953](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1953)] (Thanks, [@nurse](https://github.com/nurse)!)
>
>
> ## 1.10.5 / 2019-10-31
>
> ### Security
>
> [MRI] Vendored libxslt upgraded to v1.1.34 which addresses three CVEs for libxslt:
>
> * CVE-2019-13117
> * CVE-2019-13118
> * CVE-2019-18197
>
> More details are available at [#1943](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1943).
>
>
> ### Dependencies
>
> * [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
> * [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34
Commits
- [`e6b3229`](https://github.com/sparklemotion/nokogiri/commit/e6b3229ec53ddf70f1d198bba0d3fc13fde842a8) version bump to v1.10.7
- [`4f9d443`](https://github.com/sparklemotion/nokogiri/commit/4f9d443c2fddc40eefec3366000861433aff6179) update CHANGELOG
- [`80e67ef`](https://github.com/sparklemotion/nokogiri/commit/80e67ef636ce0ddd55a4a7578d7bbdb186002560) Fix the patch from [#1953](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1953) to work with both `git` and `patch`
- [`7cf1b85`](https://github.com/sparklemotion/nokogiri/commit/7cf1b85a5f8033252e55844ab2765e8f612d4d89) Fix typo in generated metadata
- [`d76180d`](https://github.com/sparklemotion/nokogiri/commit/d76180d0d26a7afb76d84e0de2550ac3bb6abb15) add gem metadata
- [`13132fc`](https://github.com/sparklemotion/nokogiri/commit/13132fcf9046acdc6cfac30e9da20d2724cb8a00) version bump to v1.10.6
- [`95e56fd`](https://github.com/sparklemotion/nokogiri/commit/95e56fd26c5d1867136800e50afc348d2c26790e) update CHANGELOG
- [`73c53ee`](https://github.com/sparklemotion/nokogiri/commit/73c53eee6cec953405135d6ddab5734706969288) Add a patch to fix libxml2.la's path
- [`061d75d`](https://github.com/sparklemotion/nokogiri/commit/061d75dfd462040bd075370e0b59dbc990873ecb) add security note to CHANGELOG
- [`1bc2ff9`](https://github.com/sparklemotion/nokogiri/commit/1bc2ff9f6218e1f814b18040e5bbb49b7b7bf60b) version bump to v1.10.5
- Additional commits viewable in [compare view](https://github.com/sparklemotion/nokogiri/compare/v1.10.4...v1.10.7)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/lojban/cll/network/alerts).
dependabot[bot]
commented
4 years ago
Bumps nokogiri from 1.10.4 to 1.10.7.
Release notes
*Sourced from [nokogiri's releases](https://github.com/sparklemotion/nokogiri/releases).* > ## 1.10.7 / 2019-12-03 > > ### Bug > > * [MRI] Ensure the patch applied in v1.10.6 works with GNU `patch`. [#1954](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1954) > > > > ## 1.10.6 / 2019-12-03 > > ### Bug > > * [MRI] Fix FreeBSD installation of vendored libxml2. [#1941, [#1953](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1953)] (Thanks, [@nurse](https://github.com/nurse)!) > > > > ## 1.10.5 / 2019-10-31 > > ### Dependencies > > * [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10 > * [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34 > >Changelog
*Sourced from [nokogiri's changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md).* > ## 1.10.7 / 2019-12-03 > > ### Bug > > * [MRI] Ensure the patch applied in v1.10.6 works with GNU `patch`. [#1954](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1954) > > > ## 1.10.6 / 2019-12-03 > > ### Bug > > * [MRI] Fix FreeBSD installation of vendored libxml2. [#1941, [#1953](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1953)] (Thanks, [@nurse](https://github.com/nurse)!) > > > ## 1.10.5 / 2019-10-31 > > ### Security > > [MRI] Vendored libxslt upgraded to v1.1.34 which addresses three CVEs for libxslt: > > * CVE-2019-13117 > * CVE-2019-13118 > * CVE-2019-18197 > > More details are available at [#1943](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1943). > > > ### Dependencies > > * [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10 > * [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34Commits
- [`e6b3229`](https://github.com/sparklemotion/nokogiri/commit/e6b3229ec53ddf70f1d198bba0d3fc13fde842a8) version bump to v1.10.7 - [`4f9d443`](https://github.com/sparklemotion/nokogiri/commit/4f9d443c2fddc40eefec3366000861433aff6179) update CHANGELOG - [`80e67ef`](https://github.com/sparklemotion/nokogiri/commit/80e67ef636ce0ddd55a4a7578d7bbdb186002560) Fix the patch from [#1953](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1953) to work with both `git` and `patch` - [`7cf1b85`](https://github.com/sparklemotion/nokogiri/commit/7cf1b85a5f8033252e55844ab2765e8f612d4d89) Fix typo in generated metadata - [`d76180d`](https://github.com/sparklemotion/nokogiri/commit/d76180d0d26a7afb76d84e0de2550ac3bb6abb15) add gem metadata - [`13132fc`](https://github.com/sparklemotion/nokogiri/commit/13132fcf9046acdc6cfac30e9da20d2724cb8a00) version bump to v1.10.6 - [`95e56fd`](https://github.com/sparklemotion/nokogiri/commit/95e56fd26c5d1867136800e50afc348d2c26790e) update CHANGELOG - [`73c53ee`](https://github.com/sparklemotion/nokogiri/commit/73c53eee6cec953405135d6ddab5734706969288) Add a patch to fix libxml2.la's path - [`061d75d`](https://github.com/sparklemotion/nokogiri/commit/061d75dfd462040bd075370e0b59dbc990873ecb) add security note to CHANGELOG - [`1bc2ff9`](https://github.com/sparklemotion/nokogiri/commit/1bc2ff9f6218e1f814b18040e5bbb49b7b7bf60b) version bump to v1.10.5 - Additional commits viewable in [compare view](https://github.com/sparklemotion/nokogiri/compare/v1.10.4...v1.10.7)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/lojban/cll/network/alerts).