release planning: v1.17.0

sparklemotion / nokogiri

Nokogiri (鋸) makes it easy and painless to work with XML and HTML from Ruby.

https://nokogiri.org/

MIT License

6.16k stars 901 forks source link

release planning: v1.17.0 #3140

Open flavorjones opened 8 months ago

flavorjones commented 8 months ago

See milestone https://github.com/sparklemotion/nokogiri/milestone/31
punchlist
- [ ] acknowledge sponsors
- existing recurring sponsors
- new sponsors:
  - @velocity-labs via https://opencollective.com/velocity-labs
  - @captn3m0 via https://opencollective.com/nemo
  - @fnando
  - @mrhenry
  - @kwbauson
  - @niccokunzmann
  - @nandangpk
  - @zokioki
  - @orien
  - anonymous/private donor
  - @timhaynes
  - @keygen-sh
  - @avo-hq

skurni commented 7 months ago

Hi @flavorjones / team, zlib has released version 1.3.1 which contains a fix for CVE-2023-45853. See https://github.com/madler/zlib/issues/868. Is it possible to update the same in nokogiri? I see that it is pointing to 1.3 in dependencies.yml.

flavorjones commented 7 months ago

@skurni Thanks for asking. Can you please open a new issue for this? If it's a security issue then we shouldn't wait for the next minor. But I also don't know much about this issue or the release, so I'm not sure if it's a security issue. So let's have that conversation in a new issue, thanks!

skurni commented 7 months ago

Thanks @flavorjones, I've opened an issue here: https://github.com/sparklemotion/nokogiri/issues/3172