Skip to content

Bump nokogiri and qa #73

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

Bump nokogiri and qa #73

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Oct 5, 2020
edited
Loading

Bumps nokogiri and qa. These dependencies needed to be updated together.
Updates nokogiri from 1.6.8.1 to 1.10.10

Release notes

Sourced from nokogiri's releases.

1.10.10 / 2020-07-06

Features

  • [MRI] Cross-built Windows gems now support Ruby 2.7 [#2029]. Note that prior to this release, the v1.11.x prereleases provided this support.

1.10.9 / 2020-03-01

Fixed

  • [MRI] Raise an exception when Nokogiri detects a specific libxml2 edge case involving blank Schema nodes wrapped by Ruby objects that would cause a segfault. Currently no fix is available upstream, so we're preventing a dangerous operation and informing users to code around it if possible. [#1985, #2001]
  • [JRuby] Change NodeSet#to_a to return a RubyArray instead of Object, for compilation under JRuby 9.2.9 and later. [#1968, #1969] (Thanks, @headius!)

1.10.8 / 2020-02-10

Security

[MRI] Pulled in upstream patch from libxml that addresses CVE-2020-7595. Full details are available in #1992. Note that this patch is not yet (as of 2020-02-10) in an upstream release of libxml.

1.10.7 / 2019-12-03

Bug

  • [MRI] Ensure the patch applied in v1.10.6 works with GNU patch. #1954

1.10.6 / 2019-12-03

Bug

  • [MRI] Fix FreeBSD installation of vendored libxml2. [#1941, #1953] (Thanks, @nurse!)

1.10.5 / 2019-10-31

Dependencies

  • [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
  • [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34

1.10.4 / 2019-08-11

... (truncated)

Changelog

Sourced from nokogiri's changelog.

1.10.10 / 2020-07-06

Features

  • [MRI] Cross-built Windows gems now support Ruby 2.7 [#2029]. Note that prior to this release, the v1.11.x prereleases provided this support.

1.10.9 / 2020-03-01

Fixed

  • [MRI] Raise an exception when Nokogiri detects a specific libxml2 edge case involving blank Schema nodes wrapped by Ruby objects that would cause a segfault. Currently no fix is available upstream, so we're preventing a dangerous operation and informing users to code around it if possible. [#1985, #2001]
  • [JRuby] Change NodeSet#to_a to return a RubyArray instead of Object, for compilation under JRuby 9.2.9 and later. [#1968, #1969] (Thanks, @headius!)

1.10.8 / 2020-02-10

Security

[MRI] Pulled in upstream patch from libxml that addresses CVE-2020-7595. Full details are available in #1992. Note that this patch is not yet (as of 2020-02-10) in an upstream release of libxml.

1.10.7 / 2019-12-03

Fixed

  • [MRI] Ensure the patch applied in v1.10.6 works with GNU patch. [#1954]

1.10.6 / 2019-12-03

Fixed

  • [MRI] Fix FreeBSD installation of vendored libxml2. [#1941, #1953] (Thanks, @nurse!)

1.10.5 / 2019-10-31

Security

[MRI] Vendored libxslt upgraded to v1.1.34 which addresses three CVEs for libxslt:

More details are available at #1943.

... (truncated)

Commits
  • a9a3717 version bump to v1.10.10
  • d2d3c18 update CHANGELOG for v1.10.10
  • f0c324c Merge branch '2029-windows-support-for-ruby-27-on-v110x' into v1.10.x
  • c39e1b0 Support fat binary gems for ruby-2.7
  • 9091602 ci: only manage the v1.10.x pipeline on this branch
  • e2e191d version bump to v1.10.9
  • 50f8fde update CHANGELOG
  • 9b5deef Change return type to RubyArray
  • ae054f7 update CHANGELOG for #1985
  • 71bcaf0 Work around a bug in libxml2
  • Additional commits viewable in compare view

Updates qa from 0.3.0 to 5.5.1

Release notes

Sourced from qa's releases.

v5.5.1

Adjust URLs for Library of Congress

Although the main API URLs switched to https, the URLs passed as parameters to identify subauthority, vocabulary, etc. continue to use http. This release reinstates these URLs back to http while keeping the API URLs using https.

v5.5.0

Fix Broken Access to Library of Congress

This release addresses a change in the Library of Congress API URL to use https instead of http. Update to this release to restore access to Library of Congress.

v5.4.0

Features

  • Adding config option for Geonames URLs #312 (jeremyf)

Other

  • Align style practice with current Samvera norms #315 (bess)
  • Updating Rails development dependency #313 (jeremyf)
  • Remove Ruby 2.4 / Rails 6.0 build #311 (bkeese)
  • Adding Ruby 2.7.z and Rails 6.y.z releases to the CircleCI build configuration #310 (jrgriffiniii)
  • Update Geonames URIs to https #307 (no-reply)

v5.3.1

IP Logging failures seen in v5.3.0

IP Logging is off by default and requires setting Qa.config.suppress_ip_data_from_log=false in config/initializers/qa.rb in your app. If you have not done that, then this bug fix is not required.

If you are using IP logging (i.e. Qa.config.suppress_ip_data_from_log==false), then you will want to update to this release. In v5.3.0, the IP logging causes failures if the location cannot be retrieved from the http request.

Patch release includes:

  • bug fix to make ip logging more robust when location cannot be retrieved from the request

v5.3.0

Actions Required to Upgrade

No actions are required for this upgrade other than adjusting your gem file to allow for version 5.3.0 to be included by bundler. The changes in this release are fully backward compatible. The changes impact the linked data module only.

New this release

In the linked data module, this updates supports better logging:

  • provide access to the request_id from the search_query and find_term classes
  • log exception for graph load failures
  • each request gets a marker in the log when the request is strarted, optionally including IP data. It looks like...

Example without IP data...

... (truncated)

Changelog

Sourced from qa's changelog.

5.5.1 (2020-08-14)

Full Changelog

Closed issues:

  • Library of Congress now redirecting HTTP requests to HTTPS #320

Merged pull requests:

v5.5.0 (2020-08-13)

Full Changelog

Merged pull requests:

  • Changes LoC authorities to use https #321 (rotated8)
  • Adding CONTRIBUTING.md

This was uploaded via automation. #318 (jeremyf)

v5.4.0 (2020-06-11)

Full Changelog

Closed issues:

  • Add support for Rails 6.0.z releases #309
  • Add support for Ruby 2.7.z releases #308
  • QA constructs questionable GeoNames URIs #306

Merged pull requests:

  • Prep for 5.4.0 release #317 (bess)
  • Standardize and document release process #316 (bess)
  • Align style practice with current Samvera norms #315 (bess)
  • Updating Rails development dependency #313 (jeremyf)
  • Adding config option for Geonames URLs #312 (jeremyf)
  • Remove Ruby 2.4 / Rails 6.0 build #311 (bkeese)
  • Adding Ruby 2.7.z and Rails 6.y.z releases to the CircleCI build configuration #310 (jrgriffiniii)
  • Update Geonames URIs to https #307 (no-reply)

v5.3.1 (2019-12-17)

Full Changelog

Merged pull requests:

... (truncated)

Commits
  • 3ba314a prep release 5.5.1
  • 8b76bdc Merge pull request #323 from samvera/use-https
  • f6e0021 Fixes issue limiting LoC results to an authority
  • a9244dc Merge pull request #322 from samvera/release/5.5.0
  • bfa5ac8 prep release 5.5.0
  • 9185275 Merge pull request #318 from samvera/autoupdate-20200614220138
  • 7413b7b Update CONTRIBUTING.md
  • 4b571ee Merge pull request #321 from samvera/use-https
  • e75bf79 Changes LoC authorities to use https
  • 4f229a9 Adding CONTRIBUTING.md
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump nokogiri and qa
db738b0 
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) and [qa](https://github.com/projecthydra/questioning_authority). These dependencies needed to be updated together.

Updates `nokogiri` from 1.6.8.1 to 1.10.10
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.6.8.1...v1.10.10)

Updates `qa` from 0.3.0 to 5.5.1
- [Release notes](https://github.com/projecthydra/questioning_authority/releases)
- [Changelog](https://github.com/samvera/questioning_authority/blob/master/CHANGELOG.md)
- [Commits](samvera/questioning_authority@v0.3.0...v5.5.1)

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Oct 5, 2020
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Aug 31, 2021

Superseded by #80.

@dependabot dependabot bot closed this Aug 31, 2021
@dependabot dependabot bot deleted the dependabot/bundler/nokogiri-and-qa-1.10.10 branch August 31, 2021 05:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant