mcpa-stlouis / hack-the-arch

Welcome to HackTheArch! A free open source scoring server for cyber Capture the Flag competitions!
https://hackthearch.herokuapp.com
MIT License
66 stars 27 forks source link

Bump nokogiri from 1.13.1 to 1.13.2 #77

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps nokogiri from 1.13.1 to 1.13.2.

Release notes

Sourced from nokogiri's releases.

1.13.2 / 2022-02-21

Security

  • [CRuby] Vendored libxml2 is updated from 2.9.12 to 2.9.13. This update addresses CVE-2022-23308.
  • [CRuby] Vendored libxslt is updated from 1.1.34 to 1.1.35. This update addresses CVE-2021-30560.

Please see GHSA-fq42-c5rg-92c2 for more information about these CVEs.

Dependencies


SHA256 checksums:

63469a9bb56a21c62fbaea58d15f54f8f167ff6fde51c5c2262072f939926fdd  nokogiri-1.13.2-aarch64-linux.gem
2986617f982f645c06f22515b721e6d2613dd69493e5c41ddd03c4830c3b3065  nokogiri-1.13.2-arm64-darwin.gem
aca1d66206740b29d0d586b1d049116adcb31e6cdd7c4dd3a96eb77da215a0c4  nokogiri-1.13.2-java.gem
b9e4eea1a200d9a927a5bc7d662c427e128779cba0098ea49ddbdb3ffc3ddaec  nokogiri-1.13.2-x64-mingw-ucrt.gem
48d5493fec495867c5516a908a068c1387a1d17c5aeca6a1c98c089d9d9fdcf8  nokogiri-1.13.2-x64-mingw32.gem
62034d7aaaa83fbfcb8876273cc5551489396841a66230d3200b67919ef76cf9  nokogiri-1.13.2-x86-linux.gem
e07237b82394017c2bfec73c637317ee7dbfb56e92546151666abec551e46d1d  nokogiri-1.13.2-x86-mingw32.gem
01937a6551d997aca32468da08ced0878ba4e1dfd0b51d953617185eefc57ffa  nokogiri-1.13.2-x86_64-darwin.gem
70112ae29939d4b5e1c8ba13e1f0d82ff43cd5564ce138f622fe6ebddc503654  nokogiri-1.13.2-x86_64-linux.gem
def6b330c53dcabe8b7d545cf9db4dfb45e9d39040b531eb81aee0c840fd66c2  nokogiri-1.13.2.gem
Changelog

Sourced from nokogiri's changelog.

1.13.2 / 2022-02-21

Security

  • [CRuby] Vendored libxml2 is updated from 2.9.12 to 2.9.13. This update addresses CVE-2022-23308.
  • [CRuby] Vendored libxslt is updated from 1.1.34 to 1.1.35. This update addresses CVE-2021-30560.

Please see GHSA-fq42-c5rg-92c2 for more information about these CVEs.

Dependencies

Commits
  • 49b8663 version bump to v1.13.2
  • 4729133 Merge pull request #2457 from sparklemotion/flavorjones-libxml-2.9.13-v1.13.x
  • 379f757 dev(package): work around gnome mirrors with expired certs
  • 95cf66c dep: upgrade libxml2 2.9.12 → 2.9.13
  • d37dd02 dep: upgrade libxslt 1.1.34 → 1.1.35
  • 59a9398 dep: upgrade mini_portile 2.7 to 2.8
  • e885463 dev(package): handle either .tar.gz or .tar.xz archive names
  • 7957c7b style: rubocop
  • 93d37f7 ci: Change Ruby setup to standard
  • 15d32f6 ci: skip html5lib-tests on v1.13.x branch
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mcpa-stlouis/hack-the-arch/network/alerts).
dependabot[bot] commented 2 years ago

Superseded by #79.