search

neo4j / graph-data-science

Source code for the Neo4j Graph Data Science library of graph algorithms.
https://neo4j.com/docs/graph-data-science/current/
Other
597 stars 157 forks source link

Bump nokogiri from 1.13.0 to 1.13.2 in /doc #169

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps nokogiri from 1.13.0 to 1.13.2.

Release notes

Sourced from nokogiri's releases.

1.13.2 / 2022-02-21

Security

  • [CRuby] Vendored libxml2 is updated from 2.9.12 to 2.9.13. This update addresses CVE-2022-23308.
  • [CRuby] Vendored libxslt is updated from 1.1.34 to 1.1.35. This update addresses CVE-2021-30560.

Please see GHSA-fq42-c5rg-92c2 for more information about these CVEs.

Dependencies

SHA256 checksums:

63469a9bb56a21c62fbaea58d15f54f8f167ff6fde51c5c2262072f939926fdd  nokogiri-1.13.2-aarch64-linux.gem
2986617f982f645c06f22515b721e6d2613dd69493e5c41ddd03c4830c3b3065  nokogiri-1.13.2-arm64-darwin.gem
aca1d66206740b29d0d586b1d049116adcb31e6cdd7c4dd3a96eb77da215a0c4  nokogiri-1.13.2-java.gem
b9e4eea1a200d9a927a5bc7d662c427e128779cba0098ea49ddbdb3ffc3ddaec  nokogiri-1.13.2-x64-mingw-ucrt.gem
48d5493fec495867c5516a908a068c1387a1d17c5aeca6a1c98c089d9d9fdcf8  nokogiri-1.13.2-x64-mingw32.gem
62034d7aaaa83fbfcb8876273cc5551489396841a66230d3200b67919ef76cf9  nokogiri-1.13.2-x86-linux.gem
e07237b82394017c2bfec73c637317ee7dbfb56e92546151666abec551e46d1d  nokogiri-1.13.2-x86-mingw32.gem
01937a6551d997aca32468da08ced0878ba4e1dfd0b51d953617185eefc57ffa  nokogiri-1.13.2-x86_64-darwin.gem
70112ae29939d4b5e1c8ba13e1f0d82ff43cd5564ce138f622fe6ebddc503654  nokogiri-1.13.2-x86_64-linux.gem
def6b330c53dcabe8b7d545cf9db4dfb45e9d39040b531eb81aee0c840fd66c2  nokogiri-1.13.2.gem

1.13.1 / 2022-01-13

Fixed

  • Fix Nokogiri::XSLT.quote_params regression in v1.13.0 that raised an exception when non-string stylesheet parameters were passed. Non-string parameters (e.g., integers and symbols) are now explicitly supported and both keys and values will be stringified with #to_s. [#2418]
  • Fix HTML5 CSS selector query regression in v1.13.0 that raised an Nokogiri::XML::XPath::SyntaxError when parsing XPath attributes mixed into the CSS query. Although this mash-up of XPath and CSS syntax previously worked unintentionally, it is now an officially supported feature and is documented as such. [#2419]

SHA265 checksums

9206569b36f0066f943f174a832b50e69551c2a81333b7a62d4073e97ea4c3c6  nokogiri-1.13.1-aarch64-linux.gem
39d73197506acd3748c84600e000bb44ccd930695a9fc8b489b1b4df37dd14f0  nokogiri-1.13.1-arm64-darwin.gem
1aaa315876e2049b4418c60794f1f55bdb04cc9583b9b664dbb3c52696695207  nokogiri-1.13.1-java.gem
37d97e5fdaae4a14cc7122598616ac484d71c271004fb6cce6684c6734f41552  nokogiri-1.13.1-x64-mingw-ucrt.gem
683b030957c747d35499f8d766cad51a31ae9456098225af62fab7b27fe20129  nokogiri-1.13.1-x64-mingw32.gem
690958426e3151ba0c22e8d88637dba5e0c636107f3def2ffc10e334d451e61f  nokogiri-1.13.1-x86-linux.gem
</tr></table>

... (truncated)

Changelog

Sourced from nokogiri's changelog.

1.13.2 / 2022-02-21

Security

  • [CRuby] Vendored libxml2 is updated from 2.9.12 to 2.9.13. This update addresses CVE-2022-23308.
  • [CRuby] Vendored libxslt is updated from 1.1.34 to 1.1.35. This update addresses CVE-2021-30560.

Please see GHSA-fq42-c5rg-92c2 for more information about these CVEs.

Dependencies

1.13.1 / 2022-01-13

Fixed

  • Fix Nokogiri::XSLT.quote_params regression in v1.13.0 that raised an exception when non-string stylesheet parameters were passed. Non-string parameters (e.g., integers and symbols) are now explicitly supported and both keys and values will be stringified with #to_s. [#2418]
  • Fix CSS selector query regression in v1.13.0 that raised an Nokogiri::XML::XPath::SyntaxError when parsing XPath attributes mixed into the CSS query. Although this mash-up of XPath and CSS syntax previously worked unintentionally, it is now an officially supported feature and is documented as such. [#2419]
Commits
  • 49b8663 version bump to v1.13.2
  • 4729133 Merge pull request #2457 from sparklemotion/flavorjones-libxml-2.9.13-v1.13.x
  • 379f757 dev(package): work around gnome mirrors with expired certs
  • 95cf66c dep: upgrade libxml2 2.9.12 → 2.9.13
  • d37dd02 dep: upgrade libxslt 1.1.34 → 1.1.35
  • 59a9398 dep: upgrade mini_portile 2.7 to 2.8
  • e885463 dev(package): handle either .tar.gz or .tar.xz archive names
  • 7957c7b style: rubocop
  • 93d37f7 ci: Change Ruby setup to standard
  • 15d32f6 ci: skip html5lib-tests on v1.13.x branch
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/neo4j/graph-data-science/network/alerts).
dependabot[bot] commented 2 years ago

Looks like nokogiri is up-to-date now, so this is no longer needed.