노코지리를 1.5.0에서 1.11.4로 올리다
묘사
1.5.0에서 1.11.4로 요동nokogiri.릴리즈 노트
출처nokogiri's releases.
1.11.4 / 2021-05-14
보안
[CRuby] Vendored libxml2 upgraded to v2.9.12 which addresses:
Note that two additional CVEs were addressed upstream but are not relevant to this release. CVE-2021-3516 via
xmllint
is not present in Nokogiri, and CVE-2020-7595 has been patched in Nokogiri since v1.10.8 (see #1992).Please see nokogiri/GHSA-7rrm-v45f-jp64 or #2233 for a more complete analysis of these CVEs and patches.
의존 관계
- [CRuby] vendored libxml2 is updated from 2.9.10 to 2.9.12. (Note that 2.9.11 was skipped because it was superseded by 2.9.12 a few hours after its release.)
1.11.3 / 2021-04-07
고정했어
- [CRuby] Passing non-
Node
objects toDocument#root=
now raises anArgumentError
exception. Previously this likely segfaulted. [#1900]- [JRuby] Passing non-
Node
objects toDocument#root=
now raises anArgumentError
exception. Previously this raised aTypeError
exception.- [CRuby] arm64/aarch64 systems (like Apple's M1) can now compile libxml2 and libxslt from source (though we continue to strongly advise users to install the native gems for the best possible experience)
1.11.2 / 2021-03-11
고정했어
- [CRuby]
NodeSet
may now safely containNode
objects from multiple documents. Previously the GC lifecycle of the parentDocument
objects could lead to nodes being GCed while still in scope. [#1952]- [CRuby] Patch libxml2 to avoid "huge input lookup" errors on large CDATA elements. (See upstream GNOME/libxml2#200 and GNOME/libxml2!100.) [#2132].
- [CRuby+Windows] Enable Nokogumbo (and other downstream gems) to compile and link against
nokogiri.so
by includingLDFLAGS
inNokogiri::VERSION_INFO
. [#2167]- [CRuby]
{XML,HTML}::Document.parse
now invokes#initialize
exactly once. Previously#initialize
was invoked twice on each object.- [JRuby]
{XML,HTML}::Document.parse
now invokes#initialize
exactly once. Previously#initialize
was not called, which was a problem for subclassing such as done byLoofah
.개진
- Reduce the number of object allocations needed when parsing an HTML::DocumentFragment. [#2087] (Thanks,
@ashmaroli
!)- [JRuby] Update the algorithm used to calculate
Node#line
to be wrong less-often. The underlying parser, Xerces, does not track line numbers, and so we've always used a hacky solution for this method. [#1223, #2177]- Introduce
--enable-system-libraries
and--disable-system-libraries
flags toextconf.rb
. These flags provide the same functionality as--use-system-libraries
and theNOKOGIRI_USE_SYSTEM_LIBRARIES
environment variable, but are more idiomatic. [#2193] (Thanks,@eregon
!)- [TruffleRuby]
--disable-static
is now the default on TruffleRuby when the packaged libraries are used. This is more flexible and compiles faster. (Note, though, that the default on TR is still to use system libraries.) [#2191, #2193] (Thanks,@eregon
!)
... (자르기)
변경 로그
출처nokogiri's changelog.
1.11.4 / 2021-05-14
보안
[CRuby] Vendored libxml2 upgraded to v2.9.12 which addresses:
Note that two additional CVEs were addressed upstream but are not relevant to this release. CVE-2021-3516 via
xmllint
is not present in Nokogiri, and CVE-2020-7595 has been patched in Nokogiri since v1.10.8 (see #1992).Please see nokogiri/GHSA-7rrm-v45f-jp64 or #2233 for a more complete analysis of these CVEs and patches.
의존 관계
- [CRuby] vendored libxml2 is updated from 2.9.10 to 2.9.12. (Note that 2.9.11 was skipped because it was superseded by 2.9.12 a few hours after its release.)
1.11.3 / 2021-04-07
고정했어
- [CRuby] Passing non-
Node
objects toDocument#root=
now raises anArgumentError
exception. Previously this likely segfaulted. [#1900]- [JRuby] Passing non-
Node
objects toDocument#root=
now raises anArgumentError
exception. Previously this raised aTypeError
exception.- [CRuby] arm64/aarch64 systems (like Apple's M1) can now compile libxml2 and libxslt from source (though we continue to strongly advise users to install the native gems for the best possible experience)
1.11.2 / 2021-03-11
고정했어
- [CRuby]
NodeSet
may now safely containNode
objects from multiple documents. Previously the GC lifecycle of the parentDocument
objects could lead to nodes being GCed while still in scope. [#1952]- [CRuby] Patch libxml2 to avoid "huge input lookup" errors on large CDATA elements. (See upstream GNOME/libxml2#200 and GNOME/libxml2!100.) [#2132].
- [CRuby+Windows] Enable Nokogumbo (and other downstream gems) to compile and link against
nokogiri.so
by includingLDFLAGS
inNokogiri::VERSION_INFO
. [#2167]- [CRuby]
{XML,HTML}::Document.parse
now invokes#initialize
exactly once. Previously#initialize
was invoked twice on each object.- [JRuby]
{XML,HTML}::Document.parse
now invokes#initialize
exactly once. Previously#initialize
was not called, which was a problem for subclassing such as done byLoofah
.개진
- Reduce the number of object allocations needed when parsing an
HTML::DocumentFragment
. [#2087] (Thanks,@ashmaroli
!)- [JRuby] Update the algorithm used to calculate
Node#line
to be wrong less-often. The underlying parser, Xerces, does not track line numbers, and so we've always used a hacky solution for this method. [#1223, #2177]- Introduce
--enable-system-libraries
and--disable-system-libraries
flags toextconf.rb
. These flags provide the same functionality as--use-system-libraries
and theNOKOGIRI_USE_SYSTEM_LIBRARIES
environment variable, but are more idiomatic. [#2193] (Thanks,@eregon
!)- [TruffleRuby]
--disable-static
is now the default on TruffleRuby when the packaged libraries are used. This is more flexible and compiles faster. (Note, though, that the default on TR is still to use system libraries.) [#2191, #2193] (Thanks,@eregon
!)
... (자르기)
언약
9d69b44
버전이 v1로 업그레이드되었습니다.11.4 058e87f
전체 CVE 정보로 변경 로그 업데이트9285251
합병 요청#2234/2233-upgrade-to-libxml-2-9-125436f61
업데이트 변경 로그761d320
패치:리콜libxml2패치889ee2a
테스트: HTML에서 이름 공간을 업데이트하는 행위9751d85
테스트: xpathgc테스트를libxml2의 최대 귀속 깊이9fcb7d2
패치:backport libxslt configure.libxml2 설정ac 변경 1c99019
패치:isnan/isinf패치를 복원하여libxml2.9.1282a253f
compare view
이 PR과의 충돌은 사용자가 직접 변경하지 않는 한 해결될 수 있습니다.주석
@dependabot rebase
을 사용하여 수동으로 재기준을 트리거할 수도 있습니다.신뢰성 명령 및 옵션
이 PR에 의견을 달면 Cortebot 작업을 트리거할 수 있습니다.
- "@relateot rebase"는 이 PR의 기초를 재설정합니다.
- "@relateot recreate"는 이 PR을 다시 만들고 편집한 내용을 덮어씁니다.
- "@cordenot merge"는 CI 전송 후 이 PR을 병합합니다.
- "@relateot squash and merge"는 CI 전송 후 이 PR을 누르고 병합합니다.
- "@Correlot cancel merge"는 이전에 요청한 병합을 취소하고 자동 병합을 차단합니다.
- 이 PR이 종료되면 @Correlot Recover에서 다시 열립니다.
- @CorrelotClose가 PR을 닫고 Correlott를 중지하고 다시 생성합니다.수동으로 닫아서 같은 결과를 얻을 수 있습니다
- "@corderot ignore this main version"은 이 PR을 닫고 Corderot가 이 주요 버전의 콘텐츠를 다시 만드는 것을 중지합니다. (PR을 다시 열거나 업그레이드하지 않는 한)
- "@corderot ignore this minor version"은 이 PR을 닫고 corderot가 이 minor version에 대해 더 많은 PR을 만드는 것을 중지합니다. (PR을 다시 열거나 PR로 업그레이드하지 않는 한)
- "@corderot ignore this dependency"는 이 PR을 닫고 이 의존항에 대한 corderot의 내용을 다시 만들지 않습니다(PR을 다시 열거나 PR로 업그레이드하지 않는 한)
- "@cordeot use this label"현재 태그를 재구매 프로토콜 및 언어의 미래 PRs 기본 태그로 설정
- "@cordenot use this reviewers"현재 검토자를 해당 재구매 계약 및 언어의 미래 PRs에 대한 기본 검토자로 설정
- "@corderiot use this assignees"는 현재 소유자를 재구매 프로토콜과 언어의 미래 PRs에 대한 기본값으로 설정합니다.
- "@cordeot use this milestone"은 현재 이정표를 재구매 계약 및 언어의 미래 PRs에 대한 기본 이정표로 설정
[보안 경고 페이지]에서 재구매 계약의 자동 보안 수정 PRs를 비활성화할 수 있습니다(https://github.com/engineyard/ey-docs/network/alerts).
토론 #1
#331로 대체됩니다.Reference
이 문제에 관하여(노코지리를 1.5.0에서 1.11.4로 올리다), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다 https://github.com/engineyard/ey-docs/issues/330텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념 (Collection and Share based on the CC Protocol.)