b51b0672e7
Upstream changes: https://github.com/sparklemotion/nokogiri/releases/tag/v1.14.4 https://github.com/sparklemotion/nokogiri/releases/tag/v1.14.3 1.14.4 / 2023-05-11 Dependencies * [JRuby] Vendored Xalan-J is updated to v2.7.3. This is the first Xalan release in nine years, and it was done to address CVE-2022-34169. The Nokogiri maintainers wish to stress that Nokogiri users were not vulnerable to this CVE, as we explained in GHSA-qwq9-89rg-ww72, and so upgrading is really at the discretion of users. This release was cut primarily so that JRuby users of v1.14.x can avoid vulnerability scanner alerts on earlier versions of Xalan-J. 1.14.3 / 2023-04-11 Security * [CRuby] Vendored libxml2 is updated to address CVE-2023-29469, CVE-2023-28484, and one other security-related issue. See GHSA-pxvg-2qj5-37jqGHSA-pxvg-2qj5-37jq for more information. Dependencies * [CRuby] Vendored libxml2 is updated to v2.10.4 from v2.10.3. |
||
---|---|---|
.. | ||
ALTERNATIVES | ||
DESCR | ||
distinfo | ||
Makefile | ||
PLIST |