Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump nokogiri from 1.16.3 to 1.16.5 #168

Closed
wants to merge 1,451 commits into from
Closed

Bump nokogiri from 1.16.3 to 1.16.5 #168

wants to merge 1,451 commits into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 13, 2024

Bumps nokogiri from 1.16.3 to 1.16.5.

Release notes

Sourced from nokogiri's releases.

v1.16.5 / 2024-05-13

Security

Dependencies

sha256 checksums:

af0f44fa3e664dfb2aa10de8b551447d720c1e8d1f0aa3f35783dcc43e40a874  nokogiri-1.16.5-aarch64-linux.gem
23dc2357b26409a5c33b7e32a82902f0e9995305420f16d1a03ab3ea1a482fec  nokogiri-1.16.5-arm-linux.gem
950d037530edb49f75ad35de0b8038b970a7dda57e2b6326895b0e49fadf6214  nokogiri-1.16.5-arm64-darwin.gem
b7aefc94370c62476b8528e8d8abb6160203abd84a1f4eceda8f1aa8974d9989  nokogiri-1.16.5-java.gem
ec2167160df8fec3137bf95d574ed80ebc1d002bb3b281546b60b4aa9002466e  nokogiri-1.16.5-x64-mingw-ucrt.gem
6984200491fac69974005ecfa2de129d61843d345eafa5d6f58e8b908d1cf107  nokogiri-1.16.5-x64-mingw32.gem
abdc389ab1ec6604492da16bd9d06ad746fdb6bd6a1bd274c400d61ffcadb3c4  nokogiri-1.16.5-x86-linux.gem
63d24981345856f2baf7f4089870a62d3042fb8d3021b280fb04fc052532e3c4  nokogiri-1.16.5-x86-mingw32.gem
71b5f54e378c433d13df67c3b71acc4716129da62402d8181f310c4216a63279  nokogiri-1.16.5-x86_64-darwin.gem
0ca238da870066bed2f7837af6f35791bb9b76c4c5638999c46aac44818a6a97  nokogiri-1.16.5-x86_64-linux.gem
ec36162c68984fa0a90a5c4ae7ab7759460639e716cc1ce75f34c3cb54158ad2  nokogiri-1.16.5.gem

v1.16.4 / 2024-04-10

Dependencies

  • [CRuby] Vendored zlib in the precompiled native gems is updated to v1.3.1 from v1.3. Nokogiri is not affected by the minizip CVE patched in this version, but this update may satisfy some security scanners. Related, see this discussion about removing the compression libraries altogether in a future version of Nokogiri.

sha256 checksums:

bdb1dc4378ebcf3ade8f440c7df68f6d76946a1a96c4823a2b4c53c01a320cd5  nokogiri-1.16.4-aarch64-linux.gem
0c994b9996d5576eddcc3201a94ef2bff6fc3627c4ae4d2708b0ec9b9743ec6a  nokogiri-1.16.4-arm-linux.gem
8e86abb64c93c06d3c588042a0e757279e8f1dc88b5210a00be892a9a7a27196  nokogiri-1.16.4-arm64-darwin.gem
bf84fa28be4943692bd64772186e0832fb1061f80714ccb93e111e9d72b1cadc  nokogiri-1.16.4-java.gem
a46808467c1f63a2031e1ca0715cd5336bb4ec759e9c0e2f4c951c1cc30994ae  nokogiri-1.16.4-x64-mingw-ucrt.gem
4cdf64bc5e9443ec3e0b595347ecc8affe21968d9ae934c0825d26630ef96468  nokogiri-1.16.4-x64-mingw32.gem
d86d21bae47dd9f6f5223055e45d33fae08b0b89aad94cbc0ece4f4274fa7af5  nokogiri-1.16.4-x86-linux.gem
d488b872884844686780fda7cf5da44ee884d32faa713a55aeb4736d76718168  nokogiri-1.16.4-x86-mingw32.gem
a896e52a56951ffb0e6a9279afbf485d683e357a053d27f4cfcb2a73b0824628  nokogiri-1.16.4-x86_64-darwin.gem
92ff4f09910255fec84b3bc4c4b182e94cada3ed12b9f7a6ea058e0af186fb31  nokogiri-1.16.4-x86_64-linux.gem
</tr></table>

... (truncated)

Changelog

Sourced from nokogiri's changelog.

v1.16.5

Security

Dependencies

v1.16.4 / 2024-04-10

Dependencies

  • [CRuby] Vendored zlib in the precompiled native gems is updated to v1.3.1 from v1.3. Nokogiri is not affected by the minizip CVE patched in this version, but this update may satisfy some security scanners. Related, see this discussion about removing the compression libraries altogether in a future version of Nokogiri.
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

cpcwood and others added 30 commits May 26, 2021 21:25
@cpcwood
update ruby version, fix syntax of html
ae1f1ac
@cpcwood
update sass syntax
23cce31
@cpcwood
update ruby version in CI
387eb98
@cpcwood
extract environment variables from application code into inital config
4baaf6a
@cpcwood
CircleCI automerge dependency-update >> master
a320022 
Dependency updates
@dependabot
Bump addressable from 2.7.0 to 2.8.0
fa289bf 
Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.7.0 to 2.8.0.
- [Release notes](https://github.com/sporkmonger/addressable/releases)
- [Changelog](https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md)
- [Commits](sporkmonger/addressable@addressable-2.7.0...addressable-2.8.0)

---
updated-dependencies:
- dependency-name: addressable
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump tar from 6.1.0 to 6.1.4
8378a71 
Bumps [tar](https://github.com/npm/node-tar) from 6.1.0 to 6.1.4.
- [Release notes](https://github.com/npm/node-tar/releases)
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v6.1.0...v6.1.4)

---
updated-dependencies:
- dependency-name: tar
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@cpcwood
CircleCI automerge dependabot/npm_and_yarn/tar-6.1.4 >> master
07c78ab 
Bump tar from 6.1.0 to 6.1.4
@dependabot
Bump ws from 6.2.1 to 6.2.2
a15163d 
Bumps [ws](https://github.com/websockets/ws) from 6.2.1 to 6.2.2.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@6.2.1...6.2.2)

---
updated-dependencies:
- dependency-name: ws
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@cpcwood
CircleCI automerge dependabot/npm_and_yarn/ws-6.2.2 >> master
fc4ceb5 
Bump ws from 6.2.1 to 6.2.2
@cpcwood
CircleCI automerge dependabot/bundler/addressable-2.8.0 >> master
0564a2d 
Bump addressable from 2.7.0 to 2.8.0
@dependabot
Bump tar from 6.1.4 to 6.1.11
ad3700e 
Bumps [tar](https://github.com/npm/node-tar) from 6.1.4 to 6.1.11.
- [Release notes](https://github.com/npm/node-tar/releases)
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v6.1.4...v6.1.11)

---
updated-dependencies:
- dependency-name: tar
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@cpcwood
CircleCI automerge dependabot/npm_and_yarn/tar-6.1.11 >> master
97c7b4f 
Bump tar from 6.1.4 to 6.1.11
@dependabot
Bump url-parse from 1.5.1 to 1.5.3
e28d62e 
Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.5.1 to 1.5.3.
- [Release notes](https://github.com/unshiftio/url-parse/releases)
- [Commits](unshiftio/url-parse@1.5.1...1.5.3)

---
updated-dependencies:
- dependency-name: url-parse
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@cpcwood
CircleCI automerge dependabot/npm_and_yarn/url-parse-1.5.3 >> master
52e455a 
Bump url-parse from 1.5.1 to 1.5.3
@dependabot
Bump object-path from 0.11.5 to 0.11.6
ae5c96f 
Bumps [object-path](https://github.com/mariocasciaro/object-path) from 0.11.5 to 0.11.6.
- [Release notes](https://github.com/mariocasciaro/object-path/releases)
- [Commits](https://github.com/mariocasciaro/object-path/commits)

---
updated-dependencies:
- dependency-name: object-path
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@cpcwood
CircleCI automerge dependabot/npm_and_yarn/object-path-0.11.6 >> master
9885c21 
Bump object-path from 0.11.5 to 0.11.6
@dependabot
Bump object-path from 0.11.6 to 0.11.8
1bb3243 
Bumps [object-path](https://github.com/mariocasciaro/object-path) from 0.11.6 to 0.11.8.
- [Release notes](https://github.com/mariocasciaro/object-path/releases)
- [Commits](https://github.com/mariocasciaro/object-path/commits)

---
updated-dependencies:
- dependency-name: object-path
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@cpcwood
CircleCI automerge dependabot/npm_and_yarn/object-path-0.11.8 >> master
94849c5 
Bump object-path from 0.11.6 to 0.11.8
@dependabot
Bump tmpl from 1.0.4 to 1.0.5
d886af8 
Bumps [tmpl](https://github.com/daaku/nodejs-tmpl) from 1.0.4 to 1.0.5.
- [Release notes](https://github.com/daaku/nodejs-tmpl/releases)
- [Commits](https://github.com/daaku/nodejs-tmpl/commits/v1.0.5)

---
updated-dependencies:
- dependency-name: tmpl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@cpcwood
CircleCI automerge dependabot/npm_and_yarn/tmpl-1.0.5 >> master
b603eb7 
Bump tmpl from 1.0.4 to 1.0.5
@cpcwood
fix typo in readme
057c575
@cpcwood
update gems
74a1238
@cpcwood
update node packages
22e4944
@cpcwood
CircleCI automerge maintenance-2021-09 >> master
f9b1c43 
Maintenance 2021-09
@dependabot
Bump nokogiri from 1.12.4 to 1.12.5
f68cd59 
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.12.4 to 1.12.5.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.12.4...v1.12.5)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@cpcwood
CircleCI automerge dependabot/bundler/nokogiri-1.12.5 >> master
e3395be 
Bump nokogiri from 1.12.4 to 1.12.5
@cpcwood
update node packages
764b3b0
@cpcwood
update js test environment
85effd9
@cpcwood
CircleCI automerge dependency-updates-2021-09 >> master
c76e50e 
Dependency Update - 2021-09
cpcwood and others added 24 commits July 7, 2023 23:07
@cpcwood
CircleCI automerge dependabot/npm_and_yarn/stylelint-15.10.1 >> master
21f91f4 
Bump stylelint from 14.16.1 to 15.10.1
@dependabot
Bump tough-cookie from 4.1.2 to 4.1.3
be7ed99 
Bumps [tough-cookie](https://github.com/salesforce/tough-cookie) from 4.1.2 to 4.1.3.
- [Release notes](https://github.com/salesforce/tough-cookie/releases)
- [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md)
- [Commits](salesforce/tough-cookie@v4.1.2...v4.1.3)

---
updated-dependencies:
- dependency-name: tough-cookie
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@cpcwood
CircleCI automerge dependabot/npm_and_yarn/tough-cookie-4.1.3 >> master
b21a0ae 
Bump tough-cookie from 4.1.2 to 4.1.3
@dependabot
Bump semver from 5.7.1 to 5.7.2
9eb397c 
Bumps [semver](https://github.com/npm/node-semver) from 5.7.1 to 5.7.2.
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md)
- [Commits](npm/node-semver@v5.7.1...v5.7.2)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@cpcwood
CircleCI automerge dependabot/npm_and_yarn/semver-5.7.2 >> master
db01704 
Bump semver from 5.7.1 to 5.7.2
update base image
03ef841
@dependabot
Bump word-wrap from 1.2.3 to 1.2.4
d8a419c 
Bumps [word-wrap](https://github.com/jonschlinkert/word-wrap) from 1.2.3 to 1.2.4.
- [Release notes](https://github.com/jonschlinkert/word-wrap/releases)
- [Commits](jonschlinkert/word-wrap@1.2.3...1.2.4)

---
updated-dependencies:
- dependency-name: word-wrap
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@cpcwood
CircleCI automerge dependabot/npm_and_yarn/word-wrap-1.2.4 >> master
9d4b8d2 
Bump word-wrap from 1.2.3 to 1.2.4
Update default branch to main
bf96ea5
fix bug where gallery images page renders duplicate image
2fedb7b
update circleci orbs
822e73b
update deps
708feb8
add https://googlechromelabs.github.io to webmock whitelist
7b62b69
update webmock whitelist to include test webdrivers
ee4eb4d
rubocop linting
71a8af0
update ruby deps
e1005e3
update nodejs
622c3fa
update nodejs
8664366
fix nav menu on ios
1025100
update order of admin gallery images
b54f4b1
Add titles to footer links
5801b5d
refactor about and contact pages
d1dc661
ensure uploaded image names are removed
0917663
@dependabot
Bump nokogiri from 1.16.3 to 1.16.5
8172e01 
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.16.3 to 1.16.5.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.16.3...v1.16.5)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels May 13, 2024
@cpcwood cpcwood closed this Aug 25, 2024
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 25, 2024

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/bundler/nokogiri-1.16.5 branch August 25, 2024 22:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@cpcwood