Skip to content

chore(deps): bump nokogiri from 1.16.6 to 1.16.8#27

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/nokogiri-1.16.8
Closed

chore(deps): bump nokogiri from 1.16.6 to 1.16.8#27
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bundler/nokogiri-1.16.8

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Dec 2, 2024

Copy link
Copy Markdown

Bumps nokogiri from 1.16.6 to 1.16.8.

Release notes

Sourced from nokogiri's releases.

v1.16.8 / 2024-12-02

Fixed

  • [CRuby] When serializing HTML5 documents, properly escape foreign content "style" elements. Normally, a "style" tag contains raw text that does not need entity-escaping, but when it appears in either SVG or MathML foreign content, the "style" tag is now correctly escaped when serialized. @​flavorjones

sha256 checksums:

b1d41cd9abf4180adef496cc8c9fcb5b2e38d39f5e23c8a2445362226a5df6b8  nokogiri-1.16.8-aarch64-linux.gem
b7aa4e8533a720e432d09b52a2ec089b55cf3ee66c916b44a0d9b6608df7bf8c  nokogiri-1.16.8-arm64-darwin.gem
8cbd2971624fc073b9430d86475da031903494dcb83c2339e13f7f22a4de6fad  nokogiri-1.16.8-arm-linux.gem
dece4bf9a663b2d6b6e874716297ad414c95be694656972d54049bd088f752a1  nokogiri-1.16.8.gem
8652028e72a38f2221c810550d03c91682b414e06f6271149139a9042cf727e6  nokogiri-1.16.8-java.gem
861e2d7f24b0c7f5ea2a26e6d99af7e727d7641f0eab27b9b6c51b8a0666c805  nokogiri-1.16.8-x64-mingw32.gem
23c9a8ae47afa2973cbca9e3d38c16f40ff336919f961802c4a3a5e39c767138  nokogiri-1.16.8-x64-mingw-ucrt.gem
6c40d7dc444f752634bf6ee8b53a55c3cfca3f9df52be46b8abcc559ccd49e47  nokogiri-1.16.8-x86_64-darwin.gem
ed7b1f80713ac968dd93fe2b96fc3df6e448b73bd02dd77d5fc89ba92a1ed6d9  nokogiri-1.16.8-x86_64-linux.gem
f97760e6320166d48234029bed9e999521a888376bd2b7e04f4c054537154f16  nokogiri-1.16.8-x86-linux.gem
ea48d7415b89f5dd3ff5a8f82bb2ec56fdc3431444381143fe90bb418eb9ea35  nokogiri-1.16.8-x86-mingw32.gem

v1.16.7 / 2024-07-27

Dependencies

  • [CRuby] Vendored libxml2 is updated to v2.12.9, which the upstream release notes state is a security release to address CVE-2024-40896. Nokogiri's maintainers believe this vulnerability does not affect users of Nokogiri, but we advise upgrading at your earliest convenience anyway.

sha256 checksums:

78778d35f165b59513be31c0fe232c63a82cf97626ffba695b5f822e5da1d74b  nokogiri-1.16.7-aarch64-linux.gem
c84cdb9e3aa44c35bbb981b20175838c4b2066c26c5cb118f31f177168a42fc3  nokogiri-1.16.7-arm-linux.gem
276dcea1b988a5b22b5acc1ba901d24b8e908c40b71dccd5d54a2ae279480dad  nokogiri-1.16.7-arm64-darwin.gem
044c45ca46abc2b6135a85ab39a546ff2f0434d43142bc59b83e5b1068876a42  nokogiri-1.16.7-java.gem
01ed785392f9cbdfd45e0e5ef6ad6d2c80a6128672589448f18952168bd68e56  nokogiri-1.16.7-x64-mingw-ucrt.gem
d8fd5c675743b85354c9098117bfa9e703c7cacab8c33e5190104ea8218ad1ec  nokogiri-1.16.7-x64-mingw32.gem
dddbf1c1ef99ce9fab98302b14f8bacb703e6f16e89b99f05ecee8a1fca23664  nokogiri-1.16.7-x86-linux.gem
b6517d995b024739cbb81251a26866d40e1ccb151936b5bb0977e7487f4e617c  nokogiri-1.16.7-x86-mingw32.gem
630732b80fc572690eab50c73a1f18988f3ac401ed0b67ca9956ba2b1e2c3faa  nokogiri-1.16.7-x86_64-darwin.gem
9e1e428641d5942af877c60b418c71163560e9feb4a5c4015f3230a8b86a40f6  nokogiri-1.16.7-x86_64-linux.gem
f819cbfdfb0a7b19c9c52c6f2ca63df0e58a6125f4f139707b586b9511d7fe95  nokogiri-1.16.7.gem
Changelog

Sourced from nokogiri's changelog.

v1.16.8 / 2024-12-02

Fixed

  • [CRuby] When serializing HTML5 documents, properly escape foreign content "style" elements. Normally, a "style" tag contains raw text that does not need entity-escaping, but when it appears in either SVG or MathML foreign content, the "style" tag is now correctly escaped when serialized. @​flavorjones

v1.16.7 / 2024-07-27

Dependencies

  • [CRuby] Vendored libxml2 is updated to v2.12.9, which the upstream release notes state is a security release to address CVE-2024-40896. Nokogiri's maintainers believe this vulnerability does not affect users of Nokogiri, but we advise upgrading at your earliest convenience anyway.
Commits
  • 7aaf1aa version bump to v1.16.8
  • 973ea98 fix: escape foreign style tag content when serializing HTML5 (v1.16.x) (#3349)
  • 573a087 doc: update CHANGELOG
  • 02572e8 fix: escape foreign style tag content when serializing HTML5
  • d8d6ba3 version bump to v1.16.7
  • 76199bb dep: update libxml2 to v2.12.9 (branch v1.16.x) (#3297)
  • ca92e48 dep: update packaged libxml2 to v2.12.9
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.16.6 to 1.16.8.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.16.6...v1.16.8)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Dec 2, 2024
@dependabot @github

dependabot Bot commented on behalf of github Dec 9, 2024

Copy link
Copy Markdown
Author

Superseded by #31.

@dependabot dependabot Bot closed this Dec 9, 2024
@dependabot dependabot Bot deleted the dependabot/bundler/nokogiri-1.16.8 branch December 9, 2024 22:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants