mirror of
https://github.com/facebook/rocksdb.git
synced 2024-11-25 22:44:05 +00:00
345f4c9462
Summary: Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.11.4 to 1.12.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/releases">nokogiri's releases</a>.</em></p> <blockquote> <h2>1.12.5 / 2021-09-27</h2> <h3>Security</h3> <p>[JRuby] Address CVE-2021-41098 (<a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h">GHSA-2rr5-8q37-2w7h</a>).</p> <p>In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parsers resolve external entities (XXE) by default. This fix turns off entity-resolution-by-default in the JRuby SAX parsers to match the CRuby SAX parsers' behavior.</p> <p>CRuby users are not affected by this CVE.</p> <h3>Fixed</h3> <ul> <li>[CRuby] <code>Document#to_xhtml</code> properly serializes self-closing tags in libxml > 2.9.10. A behavior change introduced in libxml 2.9.11 resulted in emitting start and and tags (e.g., <code><br></br></code>) instead of a self-closing tag (e.g., <code><br/></code>) in previous Nokogiri versions. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2324">https://github.com/facebook/rocksdb/issues/2324</a>]</li> </ul> <hr /> <p>SHA256 checksums:</p> <pre><code>36bfa3a07aced069b3f3c9b39d9fb62cb0728d284d02b079404cd55780beaeff nokogiri-1.12.5-arm64-darwin.gem 16b1a9ddbb70a9c998462912a5972097cbc79c3e01eb373906886ef8a469f589 nokogiri-1.12.5-java.gem 218dcc6edd1b49cc6244b5f88afb978739bb2f3f166c271557fe5f51e4bc713c nokogiri-1.12.5-x64-mingw32.gem e33bb919d64c16d931a5f26dc880969e587d225cfa97e6b56e790fb52179f527 nokogiri-1.12.5-x86-linux.gem e13c2ed011b8346fbd589e96fe3542d763158bc2c7ad0f4f55f6d801afd1d9ff nokogiri-1.12.5-x86-mingw32.gem 1ed64f7db7c1414b87fce28029f2a10128611d2037e0871ba298d00f9a00edd6 nokogiri-1.12.5-x86_64-darwin.gem 0868c8d0a147904d4dedaaa05af5f06656f2d3c67e4432601718559bf69d6cea nokogiri-1.12.5-x86_64-linux.gem 2b20905942acc580697c8c496d0d1672ab617facb9d30d156b3c7676e67902ec nokogiri-1.12.5.gem </code></pre> <h2>1.12.4 / 2021-08-29</h2> <h3>Notable fix: Namespace inheritance</h3> <p>Namespace behavior when reparenting nodes has historically been poorly specified and the behavior diverged between CRuby and JRuby. As a result, making this behavior consistent in v1.12.0 introduced a breaking change.</p> <p>This patch release reverts the Builder behavior present in v1.12.0..v1.12.3 but keeps the Document behavior. This release also introduces a Document attribute to allow affected users to easily change this behavior for their legacy code without invasive changes.</p> <h4>Compensating Feature in XML::Document</h4> <p>This release of Nokogiri introduces a new <code>Document</code> boolean attribute, <code>namespace_inheritance</code>, which controls whether children should inherit a namespace when they are reparented. <code>Nokogiri::XML:Document</code> defaults this attribute to <code>false</code> meaning "do not inherit," thereby making explicit the behavior change introduced in v1.12.0.</p> <p>CRuby users who desire the pre-v1.12.0 behavior may set <code>document.namespace_inheritance = true</code> before reparenting nodes.</p> <p>See <a href="https://nokogiri.org/rdoc/Nokogiri/XML/Document.html#namespace_inheritance-instance_method">https://nokogiri.org/rdoc/Nokogiri/XML/Document.html#namespace_inheritance-instance_method</a> for example usage.</p> <h4>Fix for XML::Builder</h4> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md">nokogiri's changelog</a>.</em></p> <blockquote> <h2>1.12.5 / 2021-09-27</h2> <h3>Security</h3> <p>[JRuby] Address CVE-2021-41098 (<a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h">GHSA-2rr5-8q37-2w7h</a>).</p> <p>In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parsers resolve external entities (XXE) by default. This fix turns off entity-resolution-by-default in the JRuby SAX parsers to match the CRuby SAX parsers' behavior.</p> <p>CRuby users are not affected by this CVE.</p> <h3>Fixed</h3> <ul> <li>[CRuby] <code>Document#to_xhtml</code> properly serializes self-closing tags in libxml > 2.9.10. A behavior change introduced in libxml 2.9.11 resulted in emitting start and and tags (e.g., <code><br></br></code>) instead of a self-closing tag (e.g., <code><br/></code>) in previous Nokogiri versions. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2324">https://github.com/facebook/rocksdb/issues/2324</a>]</li> </ul> <h2>1.12.4 / 2021-08-29</h2> <h3>Notable fix: Namespace inheritance</h3> <p>Namespace behavior when reparenting nodes has historically been poorly specified and the behavior diverged between CRuby and JRuby. As a result, making this behavior consistent in v1.12.0 introduced a breaking change.</p> <p>This patch release reverts the Builder behavior present in v1.12.0..v1.12.3 but keeps the Document behavior. This release also introduces a Document attribute to allow affected users to easily change this behavior for their legacy code without invasive changes.</p> <h4>Compensating Feature in XML::Document</h4> <p>This release of Nokogiri introduces a new <code>Document</code> boolean attribute, <code>namespace_inheritance</code>, which controls whether children should inherit a namespace when they are reparented. <code>Nokogiri::XML:Document</code> defaults this attribute to <code>false</code> meaning "do not inherit," thereby making explicit the behavior change introduced in v1.12.0.</p> <p>CRuby users who desire the pre-v1.12.0 behavior may set <code>document.namespace_inheritance = true</code> before reparenting nodes.</p> <p>See <a href="https://nokogiri.org/rdoc/Nokogiri/XML/Document.html#namespace_inheritance-instance_method">https://nokogiri.org/rdoc/Nokogiri/XML/Document.html#namespace_inheritance-instance_method</a> for example usage.</p> <h4>Fix for XML::Builder</h4> <p>However, recognizing that we want <code>Builder</code>-created children to inherit namespaces, Builder now will set <code>namespace_inheritance=true</code> on the underlying document for both JRuby and CRuby. This means that, on CRuby, the pre-v1.12.0 behavior is restored.</p> <p>Users who want to turn this behavior off may pass a keyword argument to the Builder constructor like so:</p> <pre lang="ruby"><code>Nokogiri::XML::Builder.new(namespace_inheritance: false) </code></pre> <p>See <a href="https://nokogiri.org/rdoc/Nokogiri/XML/Builder.html#label-Namespace+inheritance">https://nokogiri.org/rdoc/Nokogiri/XML/Builder.html#label-Namespace+inheritance</a> for example usage.</p> <h4>Downstream gem maintainers</h4> <p>Note that any downstream gems may want to specifically omit Nokogiri v1.12.0--v1.12.3 from their dependency specification if they rely on child namespace inheritance:</p> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="47f6a461fd
"><code>47f6a46</code></a> version bump to v1.12.5</li> <li><a href="2a0ac88518
"><code>2a0ac88</code></a> update CHANGELOG</li> <li><a href="6b6063782c
"><code>6b60637</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2329">https://github.com/facebook/rocksdb/issues/2329</a> from sparklemotion/flavorjones-GHSA-2rr5-8q37-2w7h_1...</li> <li><a href="4bd943cae3
"><code>4bd943c</code></a> fix(jruby): SAX parser uses an entity resolver</li> <li><a href="f943ee4108
"><code>f943ee4</code></a> refactor(jruby): handle errors more consistently</li> <li><a href="2790122748
"><code>2790122</code></a> format: test files</li> <li><a href="01e1618f75
"><code>01e1618</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2327">https://github.com/facebook/rocksdb/issues/2327</a> from sparklemotion/2324-xhtml-self-closing-tags_v1.12.x</li> <li><a href="a0180c72c5
"><code>a0180c7</code></a> fix: HTML4::Document.to_xhtml self-closing tags</li> <li><a href="564ac17873
"><code>564ac17</code></a> release v1.12.4</li> <li><a href="4d5754baed
"><code>4d5754b</code></a> backport <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2320">https://github.com/facebook/rocksdb/issues/2320</a></li> <li>Additional commits viewable in <a href="https://github.com/sparklemotion/nokogiri/compare/v1.11.4...v1.12.5">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=nokogiri&package-manager=bundler&previous-version=1.11.4&new-version=1.12.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `dependabot rebase` will rebase this PR - `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `dependabot merge` will merge this PR after your CI passes on it - `dependabot squash and merge` will squash and merge this PR after your CI passes on it - `dependabot cancel merge` will cancel a previously requested merge and block automerging - `dependabot reopen` will reopen this PR if it is closed - `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/facebook/rocksdb/network/alerts). </details> Pull Request resolved: https://github.com/facebook/rocksdb/pull/8965 Reviewed By: akankshamahajan15 Differential Revision: D31217632 Pulled By: ltamasi fbshipit-source-id: c98c5a42f29eb45164a266edd91569737595ab2a
268 lines
7.2 KiB
Plaintext
268 lines
7.2 KiB
Plaintext
GEM
|
|
remote: https://rubygems.org/
|
|
specs:
|
|
activesupport (6.0.3.4)
|
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
|
i18n (>= 0.7, < 2)
|
|
minitest (~> 5.1)
|
|
tzinfo (~> 1.1)
|
|
zeitwerk (~> 2.2, >= 2.2.2)
|
|
addressable (2.8.0)
|
|
public_suffix (>= 2.0.2, < 5.0)
|
|
coffee-script (2.4.1)
|
|
coffee-script-source
|
|
execjs
|
|
coffee-script-source (1.11.1)
|
|
colorator (1.1.0)
|
|
commonmarker (0.17.13)
|
|
ruby-enum (~> 0.5)
|
|
concurrent-ruby (1.1.7)
|
|
dnsruby (1.61.5)
|
|
simpleidn (~> 0.1)
|
|
em-websocket (0.5.2)
|
|
eventmachine (>= 0.12.9)
|
|
http_parser.rb (~> 0.6.0)
|
|
ethon (0.12.0)
|
|
ffi (>= 1.3.0)
|
|
eventmachine (1.2.7)
|
|
execjs (2.7.0)
|
|
faraday (1.3.0)
|
|
faraday-net_http (~> 1.0)
|
|
multipart-post (>= 1.2, < 3)
|
|
ruby2_keywords
|
|
faraday-net_http (1.0.0)
|
|
ffi (1.14.2)
|
|
forwardable-extended (2.6.0)
|
|
gemoji (3.0.1)
|
|
github-pages (209)
|
|
github-pages-health-check (= 1.16.1)
|
|
jekyll (= 3.9.0)
|
|
jekyll-avatar (= 0.7.0)
|
|
jekyll-coffeescript (= 1.1.1)
|
|
jekyll-commonmark-ghpages (= 0.1.6)
|
|
jekyll-default-layout (= 0.1.4)
|
|
jekyll-feed (= 0.15.1)
|
|
jekyll-gist (= 1.5.0)
|
|
jekyll-github-metadata (= 2.13.0)
|
|
jekyll-mentions (= 1.6.0)
|
|
jekyll-optional-front-matter (= 0.3.2)
|
|
jekyll-paginate (= 1.1.0)
|
|
jekyll-readme-index (= 0.3.0)
|
|
jekyll-redirect-from (= 0.16.0)
|
|
jekyll-relative-links (= 0.6.1)
|
|
jekyll-remote-theme (= 0.4.2)
|
|
jekyll-sass-converter (= 1.5.2)
|
|
jekyll-seo-tag (= 2.6.1)
|
|
jekyll-sitemap (= 1.4.0)
|
|
jekyll-swiss (= 1.0.0)
|
|
jekyll-theme-architect (= 0.1.1)
|
|
jekyll-theme-cayman (= 0.1.1)
|
|
jekyll-theme-dinky (= 0.1.1)
|
|
jekyll-theme-hacker (= 0.1.2)
|
|
jekyll-theme-leap-day (= 0.1.1)
|
|
jekyll-theme-merlot (= 0.1.1)
|
|
jekyll-theme-midnight (= 0.1.1)
|
|
jekyll-theme-minimal (= 0.1.1)
|
|
jekyll-theme-modernist (= 0.1.1)
|
|
jekyll-theme-primer (= 0.5.4)
|
|
jekyll-theme-slate (= 0.1.1)
|
|
jekyll-theme-tactile (= 0.1.1)
|
|
jekyll-theme-time-machine (= 0.1.1)
|
|
jekyll-titles-from-headings (= 0.5.3)
|
|
jemoji (= 0.12.0)
|
|
kramdown (= 2.3.1)
|
|
kramdown-parser-gfm (= 1.1.0)
|
|
liquid (= 4.0.3)
|
|
mercenary (~> 0.3)
|
|
minima (= 2.5.1)
|
|
nokogiri (>= 1.10.4, < 2.0)
|
|
rouge (= 3.23.0)
|
|
terminal-table (~> 1.4)
|
|
github-pages-health-check (1.16.1)
|
|
addressable (~> 2.3)
|
|
dnsruby (~> 1.60)
|
|
octokit (~> 4.0)
|
|
public_suffix (~> 3.0)
|
|
typhoeus (~> 1.3)
|
|
html-pipeline (2.14.0)
|
|
activesupport (>= 2)
|
|
nokogiri (>= 1.4)
|
|
http_parser.rb (0.6.0)
|
|
i18n (0.9.5)
|
|
concurrent-ruby (~> 1.0)
|
|
jekyll (3.9.0)
|
|
addressable (~> 2.4)
|
|
colorator (~> 1.0)
|
|
em-websocket (~> 0.5)
|
|
i18n (~> 0.7)
|
|
jekyll-sass-converter (~> 1.0)
|
|
jekyll-watch (~> 2.0)
|
|
kramdown (>= 1.17, < 3)
|
|
liquid (~> 4.0)
|
|
mercenary (~> 0.3.3)
|
|
pathutil (~> 0.9)
|
|
rouge (>= 1.7, < 4)
|
|
safe_yaml (~> 1.0)
|
|
jekyll-avatar (0.7.0)
|
|
jekyll (>= 3.0, < 5.0)
|
|
jekyll-coffeescript (1.1.1)
|
|
coffee-script (~> 2.2)
|
|
coffee-script-source (~> 1.11.1)
|
|
jekyll-commonmark (1.3.1)
|
|
commonmarker (~> 0.14)
|
|
jekyll (>= 3.7, < 5.0)
|
|
jekyll-commonmark-ghpages (0.1.6)
|
|
commonmarker (~> 0.17.6)
|
|
jekyll-commonmark (~> 1.2)
|
|
rouge (>= 2.0, < 4.0)
|
|
jekyll-default-layout (0.1.4)
|
|
jekyll (~> 3.0)
|
|
jekyll-feed (0.15.1)
|
|
jekyll (>= 3.7, < 5.0)
|
|
jekyll-gist (1.5.0)
|
|
octokit (~> 4.2)
|
|
jekyll-github-metadata (2.13.0)
|
|
jekyll (>= 3.4, < 5.0)
|
|
octokit (~> 4.0, != 4.4.0)
|
|
jekyll-mentions (1.6.0)
|
|
html-pipeline (~> 2.3)
|
|
jekyll (>= 3.7, < 5.0)
|
|
jekyll-optional-front-matter (0.3.2)
|
|
jekyll (>= 3.0, < 5.0)
|
|
jekyll-paginate (1.1.0)
|
|
jekyll-readme-index (0.3.0)
|
|
jekyll (>= 3.0, < 5.0)
|
|
jekyll-redirect-from (0.16.0)
|
|
jekyll (>= 3.3, < 5.0)
|
|
jekyll-relative-links (0.6.1)
|
|
jekyll (>= 3.3, < 5.0)
|
|
jekyll-remote-theme (0.4.2)
|
|
addressable (~> 2.0)
|
|
jekyll (>= 3.5, < 5.0)
|
|
jekyll-sass-converter (>= 1.0, <= 3.0.0, != 2.0.0)
|
|
rubyzip (>= 1.3.0, < 3.0)
|
|
jekyll-sass-converter (1.5.2)
|
|
sass (~> 3.4)
|
|
jekyll-seo-tag (2.6.1)
|
|
jekyll (>= 3.3, < 5.0)
|
|
jekyll-sitemap (1.4.0)
|
|
jekyll (>= 3.7, < 5.0)
|
|
jekyll-swiss (1.0.0)
|
|
jekyll-theme-architect (0.1.1)
|
|
jekyll (~> 3.5)
|
|
jekyll-seo-tag (~> 2.0)
|
|
jekyll-theme-cayman (0.1.1)
|
|
jekyll (~> 3.5)
|
|
jekyll-seo-tag (~> 2.0)
|
|
jekyll-theme-dinky (0.1.1)
|
|
jekyll (~> 3.5)
|
|
jekyll-seo-tag (~> 2.0)
|
|
jekyll-theme-hacker (0.1.2)
|
|
jekyll (> 3.5, < 5.0)
|
|
jekyll-seo-tag (~> 2.0)
|
|
jekyll-theme-leap-day (0.1.1)
|
|
jekyll (~> 3.5)
|
|
jekyll-seo-tag (~> 2.0)
|
|
jekyll-theme-merlot (0.1.1)
|
|
jekyll (~> 3.5)
|
|
jekyll-seo-tag (~> 2.0)
|
|
jekyll-theme-midnight (0.1.1)
|
|
jekyll (~> 3.5)
|
|
jekyll-seo-tag (~> 2.0)
|
|
jekyll-theme-minimal (0.1.1)
|
|
jekyll (~> 3.5)
|
|
jekyll-seo-tag (~> 2.0)
|
|
jekyll-theme-modernist (0.1.1)
|
|
jekyll (~> 3.5)
|
|
jekyll-seo-tag (~> 2.0)
|
|
jekyll-theme-primer (0.5.4)
|
|
jekyll (> 3.5, < 5.0)
|
|
jekyll-github-metadata (~> 2.9)
|
|
jekyll-seo-tag (~> 2.0)
|
|
jekyll-theme-slate (0.1.1)
|
|
jekyll (~> 3.5)
|
|
jekyll-seo-tag (~> 2.0)
|
|
jekyll-theme-tactile (0.1.1)
|
|
jekyll (~> 3.5)
|
|
jekyll-seo-tag (~> 2.0)
|
|
jekyll-theme-time-machine (0.1.1)
|
|
jekyll (~> 3.5)
|
|
jekyll-seo-tag (~> 2.0)
|
|
jekyll-titles-from-headings (0.5.3)
|
|
jekyll (>= 3.3, < 5.0)
|
|
jekyll-watch (2.2.1)
|
|
listen (~> 3.0)
|
|
jemoji (0.12.0)
|
|
gemoji (~> 3.0)
|
|
html-pipeline (~> 2.2)
|
|
jekyll (>= 3.0, < 5.0)
|
|
kramdown (2.3.1)
|
|
rexml
|
|
kramdown-parser-gfm (1.1.0)
|
|
kramdown (~> 2.0)
|
|
liquid (4.0.3)
|
|
listen (3.4.0)
|
|
rb-fsevent (~> 0.10, >= 0.10.3)
|
|
rb-inotify (~> 0.9, >= 0.9.10)
|
|
mercenary (0.3.6)
|
|
mini_portile2 (2.6.1)
|
|
minima (2.5.1)
|
|
jekyll (>= 3.5, < 5.0)
|
|
jekyll-feed (~> 0.9)
|
|
jekyll-seo-tag (~> 2.1)
|
|
minitest (5.14.3)
|
|
multipart-post (2.1.1)
|
|
nokogiri (1.12.5)
|
|
mini_portile2 (~> 2.6.1)
|
|
racc (~> 1.4)
|
|
octokit (4.20.0)
|
|
faraday (>= 0.9)
|
|
sawyer (~> 0.8.0, >= 0.5.3)
|
|
pathutil (0.16.2)
|
|
forwardable-extended (~> 2.6)
|
|
public_suffix (3.1.1)
|
|
racc (1.5.2)
|
|
rb-fsevent (0.10.4)
|
|
rb-inotify (0.10.1)
|
|
ffi (~> 1.0)
|
|
rexml (3.2.5)
|
|
rouge (3.23.0)
|
|
ruby-enum (0.8.0)
|
|
i18n
|
|
ruby2_keywords (0.0.2)
|
|
rubyzip (2.3.0)
|
|
safe_yaml (1.0.5)
|
|
sass (3.7.4)
|
|
sass-listen (~> 4.0.0)
|
|
sass-listen (4.0.0)
|
|
rb-fsevent (~> 0.9, >= 0.9.4)
|
|
rb-inotify (~> 0.9, >= 0.9.7)
|
|
sawyer (0.8.2)
|
|
addressable (>= 2.3.5)
|
|
faraday (> 0.8, < 2.0)
|
|
simpleidn (0.1.1)
|
|
unf (~> 0.1.4)
|
|
terminal-table (1.8.0)
|
|
unicode-display_width (~> 1.1, >= 1.1.1)
|
|
thread_safe (0.3.6)
|
|
typhoeus (1.4.0)
|
|
ethon (>= 0.9.0)
|
|
tzinfo (1.2.9)
|
|
thread_safe (~> 0.1)
|
|
unf (0.1.4)
|
|
unf_ext
|
|
unf_ext (0.0.7.7)
|
|
unicode-display_width (1.7.0)
|
|
webrick (1.7.0)
|
|
zeitwerk (2.4.2)
|
|
|
|
PLATFORMS
|
|
ruby
|
|
|
|
DEPENDENCIES
|
|
github-pages (~> 209)
|
|
webrick (~> 1.7)
|
|
|
|
BUNDLED WITH
|
|
2.2.3
|