File: [cvs.NetBSD.org] / pkgsrc / textproc / ruby-nokogiri / Makefile (download)
Revision 1.71, Sat May 14 14:33:31 2022 UTC (23 months ago) by tsutsui
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base, pkgsrc-2022Q2 Changes since 1.70: +3 -3
lines
ruby-nokogiri: update to 1.13.6.
Upstream changes:
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.5
1.13.6 / 2022-05-08
Security
* [CRuby] Address CVE-2022-29181, improper handling of unexpected data types,
related to untrusted inputs to the SAX parsers. See GHSA-xh29-r2w5-wx8m for
more information.
Improvements
* {HTML4,XML}::SAX::{Parser,ParserContext} constructor methods now raise
TypeError instead of segfaulting when an incorrect type is passed.
1.13.5 / 2022-05-04
Security
* [CRuby] Vendored libxml2 is updated to address CVE-2022-29824. See
GHSA-cgx6-hpwq-fhv5 for more information.
Dependencies
* [CRuby] Vendored libxml2 is updated from v2.9.13 to v2.9.14.
Improvements
* [CRuby] The libxml2 HTML4 parser no longer exhibits quadratic behavior when
recovering some broken markup related to start-of-tag and bare <
characters.
Changed
* [CRuby] The libxml2 HTML4 parser in v2.9.14 recovers from some broken
markup differently. Notably, the XML CDATA escape sequence <![CDATA[ and
incorrectly-opened comments will result in HTML text nodes starting with &
lt;! instead of skipping the invalid tag. This behavior is a direct result
of the quadratic-behavior fix noted above. The behavior of downstream
sanitizers relying on this behavior will also change. Some tests describing
the changed behavior are in test/html4/test_comments.rb.
|