Skip to content

Commit dab5186

Browse files
build(deps-dev): bump nokogiri from 1.19.2 to 1.19.3 (#244)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.19.2 to 1.19.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/releases">nokogiri's releases</a>.</em></p> <blockquote> <h2>v1.19.3 / 2026-04-27</h2> <h3>Fixed / Security</h3> <ul> <li>Address exponential regex backtracking in CSS selector tokenizer. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx">GHSA-c4rq-3m3g-8wgx</a> for more information.</li> <li>[CRuby] Address memory leak in <code>XSLT::Stylesheet#transform</code>. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv">GHSA-v2fc-qm4h-8hqv</a> for more information.</li> </ul> <!-- raw HTML omitted --> <pre><code>46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639 nokogiri-1.19.3-aarch64-linux-gnu.gem 8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7 nokogiri-1.19.3-aarch64-linux-musl.gem 3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f nokogiri-1.19.3-arm-linux-gnu.gem 9ce1cb6346bb9c67b1550eb537aa183ead91e4b6eadb2f36ade02d8dd2a79fb6 nokogiri-1.19.3-arm-linux-musl.gem 71b9bd424b1b7abc18b05052a1a3cfd3627abdca62be280854cc411791357e42 nokogiri-1.19.3-arm64-darwin.gem 40ea6ebf5cf2005dae1dee26dd557d3afb41fb6de6c9764aca8cf06fdb841db1 nokogiri-1.19.3-java.gem 8bb7132cad356c879a1286eaabcb5e68326cb2490317984280fbc62f456d506a nokogiri-1.19.3-x64-mingw-ucrt.gem 77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d nokogiri-1.19.3-x86_64-darwin.gem 2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976 nokogiri-1.19.3-x86_64-linux-gnu.gem 248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f nokogiri-1.19.3-x86_64-linux-musl.gem 78312cbac32a40c812780d9678221b79d51288eec00054c1a8d15f7ce05960e8 nokogiri-1.19.3.gem </code></pre> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md">nokogiri's changelog</a>.</em></p> <blockquote> <h2>v1.19.3 / 2026-04-27</h2> <h3>Fixed / Security</h3> <ul> <li>Address exponential regex backtracking in CSS selector tokenizer. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx">GHSA-c4rq-3m3g-8wgx</a> for more information.</li> <li>[CRuby] Address memory leak in <code>XSLT::Stylesheet#transform</code>. See <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv">GHSA-v2fc-qm4h-8hqv</a> for more information.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sparklemotion/nokogiri/commit/c139a3da0fe0cae7499a0bafa20f2875877c585b"><code>c139a3d</code></a> version bump to v1.19.3</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/7501a63b9f4246d12516e35b91fed8be34f854c0"><code>7501a63</code></a> fix: backtracking in CSS tokenizer rules (v1.19.x backport) (<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3627">#3627</a>)</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/03e7968a730a6544ab56a8d6c3e82dd630ad4339"><code>03e7968</code></a> test: skip CSS tokenizer benchmarks on JRuby</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/b984b7e47f622d1aa97d54c16d5cd596c3eb9538"><code>b984b7e</code></a> fix: ReDoS in CSS tokenizer ident rule</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/00926231e28d5a20e5b4873efba36099aea0d5c6"><code>0092623</code></a> fix: ReDoS in CSS tokenizer STRING rule</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/ee17d33aff3adb30c14e71d3d4c8163465acaccf"><code>ee17d33</code></a> fix: memory leak in XSLT transform (backport to v1.19.x) (<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3624">#3624</a>)</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/ce188a395192e3757d8701949afb643dc025084c"><code>ce188a3</code></a> doc: update CHANGELOG</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/caeaac41f874f0944f9397c78bf6c1bfac2cb472"><code>caeaac4</code></a> fix: memory leak in XSLT transform</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/25220bf268c9808e28415563ed7f8ea8d5c332bf"><code>25220bf</code></a> dep(test): test against libxml-ruby v6 (<a href="https://redirect.github.com/sparklemotion/nokogiri/issues/3618">#3618</a>)</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/0caeb21a5c5e9ff45bbede88fb53655f6753bb0e"><code>0caeb21</code></a> doc: add security warnings for untrusted XSLT stylesheets</li> <li>See full diff in <a href="https://github.com/sparklemotion/nokogiri/compare/v1.19.2...v1.19.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=nokogiri&package-manager=bundler&previous-version=1.19.2&new-version=1.19.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/github/rubocop-rails-accessibility/network/alerts). </details>
2 parents 2c5e100 + 26bc540 commit dab5186

1 file changed

Lines changed: 3 additions & 3 deletions

File tree

Gemfile.lock

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -48,11 +48,11 @@ GEM
4848
minitest (6.0.6)
4949
drb (~> 2.0)
5050
prism (~> 1.5)
51-
nokogiri (1.19.2-arm64-darwin)
51+
nokogiri (1.19.3-arm64-darwin)
5252
racc (~> 1.4)
53-
nokogiri (1.19.2-x86_64-darwin)
53+
nokogiri (1.19.3-x86_64-darwin)
5454
racc (~> 1.4)
55-
nokogiri (1.19.2-x86_64-linux-gnu)
55+
nokogiri (1.19.3-x86_64-linux-gnu)
5656
racc (~> 1.4)
5757
parallel (1.28.0)
5858
parser (3.3.11.1)

0 commit comments

Comments
 (0)