Bump nokogiri from 1.10.8 to 1.11.1 (#1496)

mirror of https://github.com/Instagram/IGListKit synced 2026-05-23 09:18:29 +00:00
Summary:
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.8 to 1.11.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/releases">nokogiri's releases</a>.</em></p>
<blockquote>
<h2>v1.11.1 / 2021-01-06</h2>
<h3>Fixed</h3>
<ul>
<li>[CRuby] If <code>libxml-ruby</code> is loaded before <code>nokogiri</code>, the SAX and Push parsers no longer call <code>libxml-ruby</code>'s handlers. Instead, they defensively override the libxml2 global handler before parsing. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2168">#2168</a>]</li>
</ul>
<h3>SHA-256 Checksums of published gems</h3>
<pre><code>a41091292992cb99be1b53927e1de4abe5912742ded956b0ba3383ce4f29711c  nokogiri-1.11.1-arm64-darwin.gem
d44fccb8475394eb71f29dfa7bb3ac32ee50795972c4557ffe54122ce486479d  nokogiri-1.11.1-java.gem
f760285e3db732ee0d6e06370f89407f656d5181a55329271760e82658b4c3fc  nokogiri-1.11.1-x64-mingw32.gem
dd48343bc4628936d371ba7256c4f74513b6fa642e553ad7401ce0d9b8d26e1f  nokogiri-1.11.1-x86-linux.gem
7f49138821d714fe2c5d040dda4af24199ae207960bf6aad4a61483f896bb046  nokogiri-1.11.1-x86-mingw32.gem
5c26111f7f26831508cc5234e273afd93f43fbbfd0dcae5394490038b88d28e7  nokogiri-1.11.1-x86_64-darwin.gem
c3617c0680af1dd9fda5c0fd7d72a0da68b422c0c0b4cebcd7c45ff5082ea6d2  nokogiri-1.11.1-x86_64-linux.gem
42c2a54dd3ef03ef2543177bee3b5308313214e99f0d1aa85f984324329e5caa  nokogiri-1.11.1.gem
</code></pre>
<h2>v1.11.0 / 2021-01-03</h2>
<h3>Notes</h3>
<h4>Faster, more reliable installation: Native Gems for Linux and OSX/Darwin</h4>
<p>&quot;Native gems&quot; contain pre-compiled libraries for a specific machine architecture. On supported platforms, this removes the need for compiling the C extension and the packaged libraries. This results in <strong>much faster installation</strong> and <strong>more reliable installation</strong>, which as you probably know are the biggest headaches for Nokogiri users.</p>
<p>We've been shipping native Windows gems since 2009, but starting in v1.11.0 we are also shipping native gems for these platforms:</p>
<ul>
<li>Linux: <code>x86-linux</code> and <code>x86_64-linux</code> -- including musl platforms like alpine</li>
<li>OSX/Darwin: <code>x86_64-darwin</code> and <code>arm64-darwin</code></li>
</ul>
<p>We'd appreciate your thoughts and feedback on this work at <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2075">#2075</a>.</p>
<h3>Dependencies</h3>
<h4>Ruby</h4>
<p>This release introduces support for Ruby 2.7 and 3.0 in the precompiled native gems.</p>
<p>This release ends support for:</p>
<ul>
<li>Ruby 2.3, for which <a href="https://www.ruby-lang.org/en/news/2019/03/31/support-of-ruby-2-3-has-ended/">official support ended on 2019-03-31</a> [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1886">#1886</a>] (Thanks <a href="https://github.com/ashmaroli"><code>ashmaroli</code></a>!)</li>
<li>Ruby 2.4, for which <a href="https://www.ruby-lang.org/en/news/2020/04/05/support-of-ruby-2-4-has-ended/">official support ended on 2020-04-05</a></li>
<li>JRuby 9.1, which is the Ruby 2.3-compatible release.</li>
</ul>
<h4>Gems</h4>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md">nokogiri's changelog</a>.</em></p>
<blockquote>
<h2>v1.11.1 / 2021-01-06</h2>
<h3>Fixed</h3>
<ul>
<li>[CRuby] If <code>libxml-ruby</code> is loaded before <code>nokogiri</code>, the SAX and Push parsers no longer call <code>libxml-ruby</code>'s handlers. Instead, they defensively override the libxml2 global handler before parsing. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2168">#2168</a>]</li>
</ul>
<h2>v1.11.0 / 2021-01-03</h2>
<h3>Notes</h3>
<h4>Faster, more reliable installation: Native Gems for Linux and OSX/Darwin</h4>
<p>&quot;Native gems&quot; contain pre-compiled libraries for a specific machine architecture. On supported platforms, this removes the need for compiling the C extension and the packaged libraries. This results in <strong>much faster installation</strong> and <strong>more reliable installation</strong>, which as you probably know are the biggest headaches for Nokogiri users.</p>
<p>We've been shipping native Windows gems since 2009, but starting in v1.11.0 we are also shipping native gems for these platforms:</p>
<ul>
<li>Linux: <code>x86-linux</code> and <code>x86_64-linux</code> -- including musl platforms like alpine</li>
<li>OSX/Darwin: <code>x86_64-darwin</code> and <code>arm64-darwin</code></li>
</ul>
<p>We'd appreciate your thoughts and feedback on this work at <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2075">#2075</a>.</p>
<h3>Dependencies</h3>
<h4>Ruby</h4>
<p>This release introduces support for Ruby 2.7 and 3.0 in the precompiled native gems.</p>
<p>This release ends support for:</p>
<ul>
<li>Ruby 2.3, for which <a href="https://www.ruby-lang.org/en/news/2019/03/31/support-of-ruby-2-3-has-ended/">official support ended on 2019-03-31</a> [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1886">#1886</a>] (Thanks <a href="https://github.com/ashmaroli"><code>ashmaroli</code></a>!)</li>
<li>Ruby 2.4, for which <a href="https://www.ruby-lang.org/en/news/2020/04/05/support-of-ruby-2-4-has-ended/">official support ended on 2020-04-05</a></li>
<li>JRuby 9.1, which is the Ruby 2.3-compatible release.</li>
</ul>
<h4>Gems</h4>
<ul>
<li>Explicitly add racc as a runtime dependency. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1988">#1988</a>] (Thanks, <a href="https://github.com/voxik"><code>voxik</code></a>!)</li>
<li>[MRI] Upgrade mini_portile2 dependency from <code>~&gt; 2.4.0</code> to <code>~&gt; 2.5.0</code> [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2005">#2005</a>] (Thanks, <a href="https://github.com/alejandroperea"><code>alejandroperea</code></a>!)</li>
</ul>
<h3>Security</h3>
<p>See note below about CVE-2020-26247 in the &quot;Changed&quot; subsection entitled &quot;XML::Schema parsing treats input as untrusted by default&quot;.</p>
<h3>Added</h3>
<ul>
<li>Add Node methods for manipulating &quot;keyword attributes&quot; (for example, <code>class</code> and <code>rel</code>): <code>#kwattr_values</code>, <code>#kwattr_add</code>, <code>#kwattr_append</code>, and <code>#kwattr_remove</code>. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2000">#2000</a>]</li>
</ul>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="7be6f04aa2"><code>7be6f04</code></a> version bump to v1.11.1</li>
<li><a href="aa0c399195"><code>aa0c399</code></a> dev: overhaul .gitignore</li>
<li><a href="3d90c6d1bc"><code>3d90c6d</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2169">#2169</a> from sparklemotion/2168-active-support-test-failure</li>
<li><a href="bbf850c629"><code>bbf850c</code></a> changelog: update for <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2168">#2168</a></li>
<li><a href="ee697726dc"><code>ee69772</code></a> ci: another valgrind suppression</li>
<li><a href="f9a2c4e050"><code>f9a2c4e</code></a> fix: restore proper error handling in the SAX push parser</li>
<li><a href="35aa88b75e"><code>35aa88b</code></a> fix(cruby): reset libxml2's error handler in sax and push parsers</li>
<li><a href="07459fd0e0"><code>07459fd</code></a> fix(test): clobber libxml2's global error handler before every test</li>
<li><a href="b682ac5afe"><code>b682ac5</code></a> ci: ensure all tests are running <code>setup</code></li>
<li><a href="007662fc21"><code>007662f</code></a> github: update &quot;installation difficulty&quot; issue template</li>
<li>Additional commits viewable in <a href="https://github.com/sparklemotion/nokogiri/compare/v1.10.8...v1.11.1">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=nokogiri&package-manager=bundler&previous-version=1.10.8&new-version=1.11.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

 ---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Instagram/IGListKit/network/alerts).

</details>

Pull Request resolved: https://github.com/Instagram/IGListKit/pull/1496

Reviewed By: lorixx

Differential Revision: D26201659

Pulled By: iperry90

fbshipit-source-id: 6e7bc3c0b97119a54e0fa3de806793d4286999e7
This commit is contained in:
dependabot[bot]
2021-02-02 13:17:14 -08:00
committed by
Facebook GitHub Bot
parent bb962cb3d3
commit 493f640e4f
1 changed files with 5 additions and 3 deletions
8

Gemfile.lock

View file

 @ -88,7 +88,7 @@ GEM
       concurrent-ruby (~> 1.0)
     json (2.3.1)
     kramdown (1.17.0)
     mini_portile2 (2.4.0)
     mini_portile2 (2.5.0)
     minitest (5.13.0)
     molinillo (0.6.6)
     multipart-post (2.1.1)
 @ -96,12 +96,14 @@ GEM
     nap (1.1.0)
     netrc (0.11.0)
     no_proxy_fix (0.1.2)
     nokogiri (1.10.8)
       mini_portile2 (~> 2.4.0)
     nokogiri (1.11.1)
       mini_portile2 (~> 2.5.0)
       racc (~> 1.4)
     octokit (4.14.0)
       sawyer (~> 0.8.0, >= 0.5.3)
     open4 (1.3.4)
     public_suffix (4.0.1)
     racc (1.5.2)
     rake (13.0.1)
     rouge (2.0.7)
     ruby-macho (1.4.0)
Bump nokogiri from 1.10.8 to 1.11.1 (#1496)

8 Gemfile.lock Unescape Escape View file

8

Gemfile.lock

View file
