[Snyk] Security upgrade ruby from 3.0 to 3.4.1 #6
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…html5-meta-encoding-detection fix: html5 encoding detection case insensitive re: meta tag
…undler/rubocop-minitest-0.23.2 build(deps-dev): update rubocop-minitest requirement from 0.23.1 to 0.23.2
…t-crash Fix crash when calling fragment on annotation-xml elements
[skip ci]
Co-authored-by: Mike Dalessio <[email protected]>
…ruby-header-order fix: include ruby/defines.h early to avoid _GNU_SOURCE confusion
…-precision-warnings Fix loss of precision warnings
Duplicating an instantiated Node is significantly faster than re-parsing a string for multiple invocations. Note that we now also explicitly use the node's `parent` as the context node for parsing markup, if it exists. Closes sparklemotion#2657
…cepts-a-node
feat: {Node,NodeSet}#wrap accept a Node argument
specify ldflags to resolve Nokogiri's symbols.
Also modify test-nokogumbo-compatibility to skip 2.0.4 on Windows because it's missing the LDFLAGS fix from sparklemotion#2167, sparklemotion#2202, and nokogumbo#163.
…update-html5lib-tests-2022-11-17 test: update html5lib-tests to latest
…ss-query feat: better exception message when a CSS selector is empty
…try-bash-on-windows-runners ci: run bash scripts on windows runners
Updates the requirements on [rubocop](https://github.com/rubocop/rubocop) to permit the latest version. - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](rubocop/rubocop@v1.38.0...v1.39.0) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]>
Updates the requirements on [rubocop-performance](https://github.com/rubocop/rubocop-performance) to permit the latest version. - [Release notes](https://github.com/rubocop/rubocop-performance/releases) - [Changelog](https://github.com/rubocop/rubocop-performance/blob/master/CHANGELOG.md) - [Commits](rubocop/rubocop-performance@v1.15.0...v1.15.1) --- updated-dependencies: - dependency-name: rubocop-performance dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]>
…undler/rubocop-performance-1.15.1 build(deps-dev): update rubocop-performance requirement from 1.15.0 to 1.15.1
…undler/rubocop-1.39.0 build(deps-dev): update rubocop requirement from 1.38.0 to 1.39.0
As of upstream 2bea68a the version number should be representative in dev builds, let's just use that.
See https://gitlab.gnome.org/GNOME/libxml2/-/commit/76d6b0d768d4e60a2d2844d55def120257ab6c6e As of that commit, serialized attributes no longer escape double quotes.
…handle-upstream-libxml-2022-11-21 update tests to handle upstream libxml2
supporting classes: - XML::Attr - XML::Document - XML::DocumentFragment - XML::Namespace - XML::Node - XML::NodeSet and their subclasses. See sparklemotion#2360 for discussion and to provide feedback.
…ci-update-actions-checkout-20221123 ci: update to actions/checkout@v3
…sax-push-parser migrate SAX push parsers and parser contexts to TypedData API
- name was `registr` is now `rb_xslt_s_register` - improve the test coverage for XSLT custom functions - add complete usage to the docstrings for XSLT custom functions - remove the JRuby native stub for XSLT.register
which only started showing up after the TypedData conversion. I suspect this is probably a code path we weren't exercising before, and not something the C extension is doing.
…clean-up-xslt-custom-functions cleanup: update memcheck suppression with correct function name
[skip ci]
when there are blank text node objects. previously we raised an exception.
which it does be default when xsl:strip-space is used this approach makes a defensive copy of the doc if there's a chance the original may be modified in an unsafe way: - if any spaces will be stripped - and there are blank node objects that might be removed Fixes sparklemotion#2800
- fragment initialize doesn't call super (intentionally) - exclude test and scripts from Metrics/BlockNesting - exclude test from CollectionLiteralInLoop - the SAX doc start_element_namespace has a lot of optional args
…2800-xslt-modifying-doc better defensive behavior when libxml2 or libxslt will make unsafe modifications to a document
…gumbo-memcheck-errors fix gumbo memory leak, clean up memcheck suppressions, clean up rubocop todos
Updates the requirements on [rubocop](https://github.com/rubocop/rubocop) to permit the latest version. - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](rubocop/rubocop@v1.46.0...v1.48.0) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]>
update config.guess and config.sub for libxml2 and libxslt form https://git.savannah.gnu.org/gitweb/?p=config.git;a=tree to fix build error for libxml2 and libxslt
…undler/rubocop-1.48.0 build(deps-dev): update rubocop requirement from 1.46.0 to 1.48.0
Updates the requirements on [rubocop-minitest](https://github.com/rubocop/rubocop-minitest) to permit the latest version. - [Release notes](https://github.com/rubocop/rubocop-minitest/releases) - [Changelog](https://github.com/rubocop/rubocop-minitest/blob/master/CHANGELOG.md) - [Commits](rubocop/rubocop-minitest@v0.28.0...v0.29.0) --- updated-dependencies: - dependency-name: rubocop-minitest dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]>
…undler/rubocop-minitest-0.29.0 build(deps-dev): update rubocop-minitest requirement from 0.28.0 to 0.29.0
Updates the requirements on [rubocop](https://github.com/rubocop/rubocop) to permit the latest version. - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](rubocop/rubocop@v1.48.0...v1.48.1) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]>
…undler/rubocop-1.48.1 build(deps-dev): update rubocop requirement from 1.48.0 to 1.48.1
fix build error for nokogiri in loongarch64
[skip ci]
[skip ci]
…ities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-DEBIAN11-EXPAT-7855504 - https://snyk.io/vuln/SNYK-DEBIAN11-EXPAT-7855505 - https://snyk.io/vuln/SNYK-DEBIAN11-GIT-6846200 - https://snyk.io/vuln/SNYK-DEBIAN11-KRB5-7411316 - https://snyk.io/vuln/SNYK-DEBIAN11-KRB5-7411316
rexiliano89
changed the base branch from
main
to
2663-upstream-truffleruby-patches
rexiliano89
changed the base branch from
2663-upstream-truffleruby-patches
to
1582-play-with-nonet-external-entity-loader
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to fix 4 vulnerabilities in the dockerfile dependencies of this project.
Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image.
Snyk changed the following file(s):
oci-images/nokogiri-test/mri-3.0.dockerfileWe recommend upgrading to
ruby:3.4.1, as this image has only 162 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.Vulnerabilities that will be fixed with an upgrade:
SNYK-DEBIAN11-EXPAT-7855504
SNYK-DEBIAN11-EXPAT-7855505
SNYK-DEBIAN11-GIT-6846200
SNYK-DEBIAN11-KRB5-7411316
SNYK-DEBIAN11-KRB5-7411316
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.