Skip to content

Releases: sparklemotion/nokogiri

1.10.8 / 2020-02-10

10 Feb 19:45
6ce10d1
Compare
Choose a tag to compare

1.10.8 / 2020-02-10

Security

[MRI] Pulled in upstream patch from libxml that addresses CVE-2020-7595. Full details are available in #1992. Note that this patch is not yet (as of 2020-02-10) in an upstream release of libxml.

v1.11.0.rc1 / 2020-02-02

03 Feb 01:25
8ce75d1
Compare
Choose a tag to compare
Pre-release

v1.11.0.rc1 / 2020-02-02

To try out release candidates, use gem install --prerelease.

Notes

Experiment: Pre-Compiled Native Linux Gems

With the v1.11.0 release candidates, we are experimenting with shipping pre-compiled native Linux gems for the x86-linux and x86_64-linux platforms.

If this works properly for you, it will speed up installation time on Linux.

If this doesn't work for you, please drop us a note at #1983, we may reach out to you for more information on your distro and configuration.

Either way, we'd appreciate some feedback at #1983.

Dependencies

This release introduces support for:

  • Ruby 2.7, including the precompiled native binary gems for Windows.

This release ends support for:

Added

  • Add support for CSS queries "a:has(> b)", "a:has(~ b)", and "a:has(+ b)". [#688] (Thanks, @jonathanhefner!)
  • Add Node#value? to better match expected semantics of a Hash-like object. [#1838, #1840] (Thanks, @MatzFan!)
  • [MRI] Add Nokogiri::XML::Node#line= for use by downstream libs like nokogumbo. [#1918] (Thanks, @stevecheckoway!)

Improved

  • Add frozen_string_literal: true magic comment to all lib files. [#1745] (Thanks, @oniofchaos!)
  • Improve performance of some namespace operations. [#1916] (Thanks, @ashmaroli!)
  • Remove unnecessary array allocations from Node serialization methods [#1911] (Thanks, @ashmaroli!)
  • Avoid creation of unnecessary zero-length String objects. [#1970] (Thanks, @ashmaroli!)
  • [JRuby] Lots of code cleanup and performance improvements. [#1934] (Thanks, @kares!)

Fixed

  • [JRuby] Standardize reading from IO like objects, including StringIO. [#1888, #1897]
  • [JRuby] Change NodeSet#to_a to return a RubyArray instead of Object, for compilation under JRuby 9.2.9 and later. [#1968, #1969] (Thanks, @headius!)

Changed

VersionInfo and the output of nokogiri -v

This release changes the information provided in
Nokogiri::VersionInfo, see #1482 and #1974 for background. Note that
the output of nokogiri -v will also reflect these changes.

Nokogiri::VersionInfo will no longer contain the following keys (previously these were set only when vendored libraries were being used)

  • libxml/libxml2_path
  • libxml/libxslt_path

Nokogiri::VersionInfo now contains version metadata for libxslt:

  • libxslt/source (either "packaged" or "system", similar to libxml/source)
  • libxslt/compiled (the version of libxslt compiled at installation time, similar to libxml/compiled)
  • libxslt/loaded (the version of libxslt loaded at runtime, similar to libxml/loaded)
  • libxslt/patches moved from libxml/libxslt_patches

Nokogiri::VersionInfo key libxml/libxml2_patches has been renamed to libxml/patches

These C macros will no longer be defined:

  • NOKOGIRI_LIBXML2_PATH
  • NOKOGIRI_LIBXSLT_PATH

These global variables will no longer be defined:

  • NOKOGIRI_LIBXML2_PATH
  • NOKOGIRI_LIBXSLT_PATH

These constants have been renamed:

  • Nokogiri::LIBXML_VERSION is now Nokogiri::LIBXML_COMPILED_VERSION
  • Nokogiri::LIBXML_PARSER_VERSION is now Nokogiri::LIBXML_LOADED_VERSION

These methods have been renamed and the return type changed from String to Gem::Version:

  • VersionInfo#loaded_parser_version is now #loaded_libxml_version
  • VersionInfo#compiled_parser_version is now #compiled_libxml_version

Nokogiri.uses_libxml? now accepts an optional requirement string which is interpreted as a Gem::Requirement and tested against the loaded libxml2 version (the value in VersionInfo key libxml/loaded). This greatly simplifies much of the version-dependent branching logic in both the implementation and the tests.

To sum these changes up, the output from CRuby when using vendored libraries was something like:

# Nokogiri (1.10.7)
    ---
    warnings: []
    nokogiri: 1.10.7
    ruby:
      version: 2.7.0
      platform: x86_64-linux
      description: ruby 2.7.0p0 (2019-12-25 revision 647ee6f091) [x86_64-linux]
      engine: ruby
    libxml:
      binding: extension
      source: packaged
      libxml2_path: "/home/flavorjones/.rvm/gems/ruby-2.7.0/gems/nokogiri-1.10.7/ports/x86_64-pc-linux-gnu/libxml2/2.9.10"
      libxslt_path: "/home/flavorjones/.rvm/gems/ruby-2.7.0/gems/nokogiri-1.10.7/ports/x86_64-pc-linux-gnu/libxslt/1.1.34"
      libxml2_patches:
      - 0001-Revert-Do-not-URI-escape-in-server-side-includes.patch
      - 0002-Remove-script-macro-support.patch
      - 0003-Update-entities-to-remove-handling-of-ssi.patch
      - 0004-libxml2.la-is-in-top_builddir.patch
      libxslt_patches: []
      compiled: 2.9.10
      loaded: 2.9.10

but now looks like:

# Nokogiri (1.11.0)
    ---
    warnings: []
    nokogiri: 1.11.0
    ruby:
      version: 2.7.0
      platform: x86_64-linux
      description: ruby 2.7.0p0 (2019-12-25 revision 647ee6f091) [x86_64-linux]
      engine: ruby
    libxml:
      source: packaged
      patches:
      - 0001-Revert-Do-not-URI-escape-in-server-side-includes.patch
      - 0002-Remove-script-macro-support.patch
      - 0003-Update-entities-to-remove-handling-of-ssi.patch
      - 0004-libxml2.la-is-in-top_builddir.patch
      compiled: 2.9.10
      loaded: 2.9.10
    libxslt:
      source: packaged
      patches: []
      compiled: 1.1.34
      loaded: 1.1.34

and the output from using system libraries now looks like:

# Nokogiri (1.11.0)
    ---
    warnings: []
    nokogiri: 1.11.0
    ruby:
      version: 2.7.0
      platform: x86_64-linux
      description: ruby 2.7.0p0 (2019-12-25 revision 647ee6f091) [x86_64-linux]
      engine: ruby
    libxml:
      source: system
      compiled: 2.9.4
      loaded: 2.9.4
    libxslt:
      source: system
      compiled: 1.1.29
      loaded: 1.1.29

1.10.7 / 2019-12-03

04 Dec 15:31
e6b3229
Compare
Choose a tag to compare

1.10.7 / 2019-12-03

Bug

  • [MRI] Ensure the patch applied in v1.10.6 works with GNU patch. [#1954]

1.10.6 / 2019-12-03

04 Dec 01:01
13132fc
Compare
Choose a tag to compare

1.10.6 / 2019-12-03

Bug

  • [MRI] Fix FreeBSD installation of vendored libxml2. [#1941, #1953] (Thanks, @nurse!)

1.10.5 / 2019-10-31

31 Oct 19:28
1bc2ff9
Compare
Choose a tag to compare

1.10.5 / 2019-10-31

Dependencies

  • [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
  • [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34

1.10.4 / 2019-08-11

11 Aug 19:28
beb832e
Compare
Choose a tag to compare

1.10.4 / 2019-08-11

Security

Address CVE-2019-5477 (#1915)

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being passed untrusted user input.

This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

This CVE's public notice is #1915

1.10.3 / 2019-04-22

22 Apr 17:11
8e24af5
Compare
Choose a tag to compare

1.10.3 / 2019-04-22

Security Notes

[MRI] Pulled in upstream patch from libxslt that addresses CVE-2019-11068. Full details are available in #1892. Note that this patch is not yet (as of 2019-04-22) in an upstream release of libxslt.

1.10.2 / 2019-03-24

25 Mar 13:03
93d1a80
Compare
Choose a tag to compare

1.10.2 / 2019-03-24

Security

  • [MRI] Remove support from vendored libxml2 for future script macros. [#1871]
  • [MRI] Remove support from vendored libxml2 for server-side includes within attributes. [#1877]

Bug fixes

  • [JRuby] Fix node ownership in duplicated documents. [#1060]
  • [JRuby] Rethrow exceptions caught by Java SAX handler. [#1847, #1872] (Thanks, @adjam!)

1.10.1 / 2019-01-13

13 Jan 06:29
320aadc
Compare
Choose a tag to compare

1.10.1 / 2019-01-13

Features

  • [MRI] During installation, handle Xcode 10's new library pathOS. [#1801, #1851] (Thanks, @mlj and @deepj!)
  • Avoid unnecessary creation of Procs in many methods. [#1776] (Thanks, @chopraanmol1!)

Bug fixes

  • CSS selector :has() now correctly matches against any descendant. Previously this selector matched against only direct children). [#350] (Thanks, @Phrogz!)
  • NodeSet#attr now returns nil if it's empty. Previously this raised a NoMethodError.
  • [MRI] XPath errors are no longer suppressed during XSLT::Stylesheet#transform. Previously these errors were suppressed which led to silent failures and a subsequent segfault. [#1802]

1.10.0 / 2019-01-04

04 Jan 15:35
4a448d1
Compare
Choose a tag to compare

1.10.0 / 2019-01-04

Features

  • [MRI] Cross-built Windows gems now support Ruby 2.6 [#1842, #1850]

Backwards incompatibilities

This release ends support for:

Dependencies

  • [MRI] libxml2 is updated from 2.9.8 to 2.9.9
  • [MRI] libxslt is updated from 1.1.32 to 1.1.33