Bump nokogiri from 1.10.10 to 1.11.0
The following Merge Request (MR) has been forwarded from GitHub in order to prevent the GNOME Project from losing contributions coming from un-official channels. And for contributors to not see their valuable contributions not being accounted for.
Relevant information:
Github handle: dependabot[bot]
MR URL: https://github.com/GNOME/devdocsgjs/pull/6
Patch URL: https://github.com/GNOME/devdocsgjs/pull/6.patch
Body of the MR:
Bumps nokogiri from 1.10.10 to 1.11.0.
Release notes
Sourced from nokogiri's releases.
v1.11.0 / 2021-01-03
Notes
Faster, more reliable installation: Native Gems for Linux and OSX/Darwin
"Native gems" contain pre-compiled libraries for a specific machine architecture. On supported platforms, this removes the need for compiling the C extension and the packaged libraries. This results in much faster installation and more reliable installation, which as you probably know are the biggest headaches for Nokogiri users.
We've been shipping native Windows gems since 2009, but starting in v1.11.0 we are also shipping native gems for these platforms:
- Linux:
x86-linux
andx86_64-linux
-- including musl platforms like alpine- OSX/Darwin:
x86_64-darwin
andarm64-darwin
We'd appreciate your thoughts and feedback on this work at #2075.
Dependencies
Ruby
This release introduces support for Ruby 2.7 and 3.0 in the precompiled native gems.
This release ends support for:
- Ruby 2.3, for which official support ended on 2019-03-31 [#1886] (Thanks
@ashmaroli
!)- Ruby 2.4, for which official support ended on 2020-04-05
- JRuby 9.1, which is the Ruby 2.3-compatible release.
Gems
- Explicitly add racc as a runtime dependency. [#1988] (Thanks,
@voxik
!)- [MRI] Upgrade mini_portile2 dependency from
~> 2.4.0
to~> 2.5.0
[#2005] (Thanks,@alejandroperea
!)Security
See note below about CVE-2020-26247 in the "Changed" subsection entitled "XML::Schema parsing treats input as untrusted by default".
Added
- Add Node methods for manipulating "keyword attributes" (for example,
class
andrel
):#kwattr_values
,#kwattr_add
,#kwattr_append
, and#kwattr_remove
. [#2000]- Add support for CSS queries
a:has(> b)
,a:has(~ b)
, anda:has(+ b)
. [#688] (Thanks,@jonathanhefner
!)- Add
Node#value?
to better match expected semantics of a Hash-like object. [#1838, #1840] (Thanks,@MatzFan
!)- [CRuby] Add
Nokogiri::XML::Node#line=
for use by downstream libs like nokogumbo. [#1918] (Thanks,@stevecheckoway
!)nokogiri.gemspec
is back after a 10-year hiatus. We still prefer you use the official releases, but master is pretty stable these days, and YOLO.Performance
... (truncated)
Changelog
Sourced from nokogiri's changelog.
1.11.0 / 2021-01-03
Notes
Faster, more reliable installation: Native Gems for Linux and OSX/Darwin
"Native gems" contain pre-compiled libraries for a specific machine architecture. On supported platforms, this removes the need for compiling the C extension and the packaged libraries. This results in much faster installation and more reliable installation, which as you probably know are the biggest headaches for Nokogiri users.
We've been shipping native Windows gems since 2009, but starting in v1.11.0 we are also shipping native gems for these platforms:
- Linux:
x86-linux
andx86_64-linux
-- including musl platforms like alpine- OSX/Darwin:
x86_64-darwin
andarm64-darwin
We'd appreciate your thoughts and feedback on this work at #2075.
Dependencies
Ruby
This release introduces support for Ruby 2.7 and 3.0 in the precompiled native gems.
This release ends support for:
- Ruby 2.3, for which official support ended on 2019-03-31 [#1886] (Thanks
@ashmaroli
!)- Ruby 2.4, for which official support ended on 2020-04-05
- JRuby 9.1, which is the Ruby 2.3-compatible release.
Gems
- Explicitly add racc as a runtime dependency. [#1988] (Thanks,
@voxik
!)- [MRI] Upgrade mini_portile2 dependency from
~> 2.4.0
to~> 2.5.0
[#2005] (Thanks,@alejandroperea
!)Security
See note below about CVE-2020-26247 in the "Changed" subsection entitled "XML::Schema parsing treats input as untrusted by default".
Added
- Add Node methods for manipulating "keyword attributes" (for example,
class
andrel
):#kwattr_values
,#kwattr_add
,#kwattr_append
, and#kwattr_remove
. [#2000]- Add support for CSS queries
a:has(> b)
,a:has(~ b)
, anda:has(+ b)
. [#688] (Thanks,@jonathanhefner
!)- Add
Node#value?
to better match expected semantics of a Hash-like object. [#1838, #1840] (Thanks,@MatzFan
!)- [CRuby] Add
Nokogiri::XML::Node#line=
for use by downstream libs like nokogumbo. [#1918] (Thanks,@stevecheckoway
!)nokogiri.gemspec
is back after a 10-year hiatus. We still prefer you use the official releases, butmain
is pretty stable these days, and YOLO.Performance
... (truncated)
Commits
-
1c1fba5
version bump to v1.11.0 -
c6b17a6
doc: remove versioning policy from CHANGELOG since it's in README -
ff14f06
Create dependabot.yml -
638ab65
doc: tweak logo and "Description" section in README -
340686b
ci: move truffleruby jobs to a separate pipeline -
f6d2742
ci: update nokogiri master-branch git resource with webhook -
4b55ecb
Merge pull request #2162 from parndt/use-ruby-setup-ruby -
e6c0772
Use ruby/setup-ruby action which bundles -
940823f
ci: update macos builds to install latest bundler -
0e6ce7c
gem: fix packaging of native gems without java files - Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -
@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language -
@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language -
@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language -
@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.