A Grasshopper plugin, a set of reference models, and a wiki that collectively explore the applications of computational design techniques in landscape architecture.
Bumps nokogiri from 1.8.4 to 1.8.5. This update includes security fixes.
Vulnerabilities fixed
*Sourced from [The Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml).*
> **Nokogiri gem, via libxml2, is affected by multiple vulnerabilities**
> Nokogiri 1.8.5 has been released.
>
> This is a security and bugfix release. It addresses two CVEs in upstream
> libxml2 rated as "medium" by Red Hat, for which details are below.
>
> If you're using your distro's system libraries, rather than Nokogiri's
> vendored libraries, there's no security need to upgrade at this time,
> though you may want to check with your distro whether they've patched this
> (Canonical has patched Ubuntu packages). Note that these patches are not
> yet (as of 2018-10-04) in an upstream release of libxml2.
>
> Full details about the security update are available in Github Issue #1785.
> [#1785]: https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1785
>
> -----
>
> [MRI] Pulled in upstream patches from libxml2 that address CVE-2018-14404
> and CVE-2018-14567. Full details are available in #1785. Note that these
> patches are not yet (as of 2018-10-04) in an upstream release of libxml2.
>
> ... (truncated)
>
> Patched versions: >= 1.8.5
> Unaffected versions: none
Changelog
*Sourced from [nokogiri's changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md).*
> # 1.8.5 / 2018-10-04
>
> ## Security Notes
>
> [MRI] Pulled in upstream patches from libxml2 that address CVE-2018-14404 and CVE-2018-14567. Full details are available in [#1785](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1785). Note that these patches are not yet (as of 2018-10-04) in an upstream release of libxml2.
>
>
> ## Bug fixes
>
> * [MRI] Fix regression in installation when building against system libraries, where some systems would not be able to find libxml2 or libxslt when present. (Regression introduced in v1.8.3.) [#1722]
> * [JRuby] Fix node reparenting when the destination doc is empty. [#1773]
Commits
- [`e28fa4b`](https://github.com/sparklemotion/nokogiri/commit/e28fa4bb2ed6844c3c63f58062d034e7b99fc90c) version bump to v1.8.5
- [`712edef`](https://github.com/sparklemotion/nokogiri/commit/712edef8a8c7fa593e09517891d336758af42cba) update changelog
- [`7feb4c1`](https://github.com/sparklemotion/nokogiri/commit/7feb4c167a9ae1ba4e87923597ba7e7b309b1713) Merge branch 'fix-1773'
- [`7cc6cf6`](https://github.com/sparklemotion/nokogiri/commit/7cc6cf6a74bd718b46182f0e646b63ff0a00f728) Organize imports in XmlNode.java.
- [`1697442`](https://github.com/sparklemotion/nokogiri/commit/169744261c5c023dff40de0811a826ad4d1fcc05) Allow reparenting nodes to be a child of an empty document.
- [`7b8cd0f`](https://github.com/sparklemotion/nokogiri/commit/7b8cd0f5b15a926e92c869b450dd6f71cdd17b61) Merge pull request [#1786](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1786) from sparklemotion/1785-canonical-usns
- [`5bff4bb`](https://github.com/sparklemotion/nokogiri/commit/5bff4bb3f1692069c617f4333b2ccc5570f0f414) pull in upstream libxml2 patches
- [`c232226`](https://github.com/sparklemotion/nokogiri/commit/c232226448a44bb81220d3750a6453a0aef88fb1) changelog
- [`862b88f`](https://github.com/sparklemotion/nokogiri/commit/862b88f39264b7b5e223a63e3d4d0eeade4db9ff) changelog
- [`b3750eb`](https://github.com/sparklemotion/nokogiri/commit/b3750eb71e101287aa0e7a231232222c7213b3f3) remove `-Wextra` CFLAG
- Additional commits viewable in [compare view](https://github.com/sparklemotion/nokogiri/compare/v1.8.4...v1.8.5)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
If all status checks pass Dependabot will automatically merge this pull request.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot.
Bumps nokogiri from 1.8.4 to 1.8.5. This update includes security fixes.
Vulnerabilities fixed
*Sourced from [The Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml).* > **Nokogiri gem, via libxml2, is affected by multiple vulnerabilities** > Nokogiri 1.8.5 has been released. > > This is a security and bugfix release. It addresses two CVEs in upstream > libxml2 rated as "medium" by Red Hat, for which details are below. > > If you're using your distro's system libraries, rather than Nokogiri's > vendored libraries, there's no security need to upgrade at this time, > though you may want to check with your distro whether they've patched this > (Canonical has patched Ubuntu packages). Note that these patches are not > yet (as of 2018-10-04) in an upstream release of libxml2. > > Full details about the security update are available in Github Issue #1785. > [#1785]: https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1785 > > ----- > > [MRI] Pulled in upstream patches from libxml2 that address CVE-2018-14404 > and CVE-2018-14567. Full details are available in #1785. Note that these > patches are not yet (as of 2018-10-04) in an upstream release of libxml2. > > ... (truncated) > > Patched versions: >= 1.8.5 > Unaffected versions: noneChangelog
*Sourced from [nokogiri's changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md).* > # 1.8.5 / 2018-10-04 > > ## Security Notes > > [MRI] Pulled in upstream patches from libxml2 that address CVE-2018-14404 and CVE-2018-14567. Full details are available in [#1785](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1785). Note that these patches are not yet (as of 2018-10-04) in an upstream release of libxml2. > > > ## Bug fixes > > * [MRI] Fix regression in installation when building against system libraries, where some systems would not be able to find libxml2 or libxslt when present. (Regression introduced in v1.8.3.) [#1722] > * [JRuby] Fix node reparenting when the destination doc is empty. [#1773]Commits
- [`e28fa4b`](https://github.com/sparklemotion/nokogiri/commit/e28fa4bb2ed6844c3c63f58062d034e7b99fc90c) version bump to v1.8.5 - [`712edef`](https://github.com/sparklemotion/nokogiri/commit/712edef8a8c7fa593e09517891d336758af42cba) update changelog - [`7feb4c1`](https://github.com/sparklemotion/nokogiri/commit/7feb4c167a9ae1ba4e87923597ba7e7b309b1713) Merge branch 'fix-1773' - [`7cc6cf6`](https://github.com/sparklemotion/nokogiri/commit/7cc6cf6a74bd718b46182f0e646b63ff0a00f728) Organize imports in XmlNode.java. - [`1697442`](https://github.com/sparklemotion/nokogiri/commit/169744261c5c023dff40de0811a826ad4d1fcc05) Allow reparenting nodes to be a child of an empty document. - [`7b8cd0f`](https://github.com/sparklemotion/nokogiri/commit/7b8cd0f5b15a926e92c869b450dd6f71cdd17b61) Merge pull request [#1786](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1786) from sparklemotion/1785-canonical-usns - [`5bff4bb`](https://github.com/sparklemotion/nokogiri/commit/5bff4bb3f1692069c617f4333b2ccc5570f0f414) pull in upstream libxml2 patches - [`c232226`](https://github.com/sparklemotion/nokogiri/commit/c232226448a44bb81220d3750a6453a0aef88fb1) changelog - [`862b88f`](https://github.com/sparklemotion/nokogiri/commit/862b88f39264b7b5e223a63e3d4d0eeade4db9ff) changelog - [`b3750eb`](https://github.com/sparklemotion/nokogiri/commit/b3750eb71e101287aa0e7a231232222c7213b3f3) remove `-Wextra` CFLAG - Additional commits viewable in [compare view](https://github.com/sparklemotion/nokogiri/compare/v1.8.4...v1.8.5)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.If all status checks pass Dependabot will automatically merge this pull request.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.