Skip to content

🚨 [security] Update rails-html-sanitizer 1.6.0 → 1.6.1 (patch)#576

Open
depfu[bot] wants to merge 1 commit intodevelopfrom
depfu/update/rails-html-sanitizer-1.6.1
Open

🚨 [security] Update rails-html-sanitizer 1.6.0 → 1.6.1 (patch)#576
depfu[bot] wants to merge 1 commit intodevelopfrom
depfu/update/rails-html-sanitizer-1.6.1

Conversation

@depfu
Copy link
Contributor

@depfu depfu bot commented Dec 2, 2024
edited
Loading

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

↗️ rails-html-sanitizer (indirect, 1.6.0 → 1.6.1) · Repo · Changelog

Security Advisories 🚨

🚨 rails-html-sanitize has XSS vulnerability with certain configurations

Summary

There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0 and Nokogiri < 1.15.7, or 1.16.x < 1.16.8.

  • Versions affected: 1.6.0
  • Not affected: < 1.6.0
  • Fixed versions: 1.6.1

Please note that the fix in v1.6.1 is to update the dependency on Nokogiri to 1.15.7 or >= 1.16.8.

Impact

A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags in either of the following ways:

  • allow both "math" and "style" elements
  • or allow both "svg" and "style" elements

Code is only impacted if Rails is configured to use HTML5 sanitization, please see documentation for config.action_view.sanitizer_vendor and config.action_text.sanitizer_vendor for more information on these configuration options.

Code is only impacted if allowed tags are being overridden. Applications may be doing this in a few different ways:

  1. using application configuration to configure Action View sanitizers' allowed tags:
# In config/application.rb
config.action_view.sanitized_allowed_tags = ["math", "style"]
# or
config.action_view.sanitized_allowed_tags = ["svg", "style"]

see https://guides.rubyonrails.org/configuring.html#configuring-action-view

  1. using a :tags option to the Action View helper sanitize:
<%= sanitize @comment.body, tags: ["math", "style"] %>
<%# or %>
<%= sanitize @comment.body, tags: ["svg", "style"] %>

see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize

  1. setting Rails::HTML5::SafeListSanitizer class attribute allowed_tags:
# class-level option
Rails::HTML5::SafeListSanitizer.allowed_tags = ["math", "style"]
# or
Rails::HTML5::SafeListSanitizer.allowed_tags = ["svg", "style"]

(note that this class may also be referenced as Rails::Html::SafeListSanitizer)

  1. using a :tags options to the Rails::HTML5::SafeListSanitizer instance method sanitize:
# instance-level option
Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: ["math", "style"])
# or
Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: ["svg", "style"])

(note that this class may also be referenced as Rails::Html::SafeListSanitizer)

  1. setting ActionText::ContentHelper module attribute allowed_tags:
ActionText::ContentHelper.allowed_tags = ["math", "style"]
# or
ActionText::ContentHelper.allowed_tags = ["svg", "style"]

All users overriding the allowed tags by any of the above mechanisms to include (("math" or "svg") and "style") should either upgrade or use one of the workarounds.

Workarounds

Any one of the following actions will work around this issue:

References

Credit

This vulnerability was responsibly reported by HackerOne user @taise.

🚨 rails-html-sanitizer has XSS vulnerability with certain configurations

Summary

There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0.

  • Versions affected: 1.6.0
  • Not affected: < 1.6.0
  • Fixed versions: 1.6.1

Impact

A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags in the following way:

  • the "math" and "style" elements are both explicitly allowed

Code is only impacted if Rails is configured to use HTML5 sanitization, please see documentation for config.action_view.sanitizer_vendor and config.action_text.sanitizer_vendor for more information on these configuration options.

The default configuration is to disallow these elements. Code is only impacted if allowed tags are being overridden. Applications may be doing this in a few different ways:

  1. using application configuration to configure Action View sanitizers' allowed tags:
# In config/application.rb
config.action_view.sanitized_allowed_tags = ["math", "style"]

see https://guides.rubyonrails.org/configuring.html#configuring-action-view

  1. using a :tags option to the Action View helper sanitize:
<%= sanitize @comment.body, tags: ["math", "style"] %>

see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize

  1. setting Rails::HTML5::SafeListSanitizer class attribute allowed_tags:
# class-level option
Rails::HTML5::SafeListSanitizer.allowed_tags = ["math", "style"]

(note that this class may also be referenced as Rails::Html::SafeListSanitizer)

  1. using a :tags options to the Rails::HTML5::SafeListSanitizer instance method sanitize:
# instance-level option
Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: ["math", "style"])

(note that this class may also be referenced as Rails::Html::SafeListSanitizer)

  1. setting ActionText::ContentHelper module attribute allowed_tags:
ActionText::ContentHelper.allowed_tags = ["math", "style"]

All users overriding the allowed tags by any of the above mechanisms to include both "math" and "style" should either upgrade or use one of the workarounds.

Workarounds

Any one of the following actions will work around this issue:

References

Credit

This vulnerability was responsibly reported by So Sakaguchi (mokusou).

🚨 rails-html-sanitizer has XSS vulnerability with certain configurations

Summary

There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0.

  • Versions affected: 1.6.0
  • Not affected: < 1.6.0
  • Fixed versions: 1.6.1

Impact

A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags in the following way:

  • the "math", "mtext", "table", and "style" elements are allowed
  • and either "mglyph" or "malignmark" are allowed

Code is only impacted if Rails is configured to use HTML5 sanitization, please see documentation for config.action_view.sanitizer_vendor and config.action_text.sanitizer_vendor for more information on these configuration options.

The default configuration is to disallow all of these elements except for "table". Code is only impacted if allowed tags are being overridden. Applications may be doing this in a few different ways:

  1. using application configuration to configure Action View sanitizers' allowed tags:
# In config/application.rb
config.action_view.sanitized_allowed_tags = ["math", "mtext", "table", "style", "mglyph"]
# or
config.action_view.sanitized_allowed_tags = ["math", "mtext", "table", "style", "malignmark"]

see https://guides.rubyonrails.org/configuring.html#configuring-action-view

  1. using a :tags option to the Action View helper sanitize:
<%= sanitize @comment.body, tags: ["math", "mtext", "table", "style", "mglyph"] %>
<%# or %>
<%= sanitize @comment.body, tags: ["math", "mtext", "table", "style", "malignmark"] %>

see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize

  1. setting Rails::HTML5::SafeListSanitizer class attribute allowed_tags:
# class-level option
Rails::HTML5::SafeListSanitizer.allowed_tags = ["math", "mtext", "table", "style", "mglyph"]
# or
Rails::HTML5::SafeListSanitizer.allowed_tags = ["math", "mtext", "table", "style", "malignmark"]

(note that this class may also be referenced as Rails::Html::SafeListSanitizer)

  1. using a :tags options to the Rails::HTML5::SafeListSanitizer instance method sanitize:
# instance-level option
Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: ["math", "mtext", "table", "style", "mglyph"])
# or
Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: ["math", "mtext", "table", "style", "malignmark"])

(note that this class may also be referenced as Rails::Html::SafeListSanitizer)

  1. setting ActionText::ContentHelper module attribute allowed_tags:
ActionText::ContentHelper.allowed_tags = ["math", "mtext", "table", "style", "mglyph"]
# or
ActionText::ContentHelper.allowed_tags = ["math", "mtext", "table", "style", "malignmark"]

All users overriding the allowed tags by any of the above mechanisms to include ("math" and "mtext" and "table" and "style" and ("mglyph" or "malignmark")) should either upgrade or use one of the workarounds.

Workarounds

Any one of the following actions will work around this issue:

References

Credit

This vulnerability was responsibly reported by So Sakaguchi (mokusou).

🚨 rails-html-sanitizer has XSS vulnerability with certain configurations

Summary

There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0.

  • Versions affected: 1.6.0
  • Not affected: < 1.6.0
  • Fixed versions: 1.6.1

Impact

A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags in the following way:

  • the "style" element is explicitly allowed
  • the "svg" or "math" element is not allowed

Code is only impacted if Rails is configured to use HTML5 sanitization, please see documentation for config.action_view.sanitizer_vendor and config.action_text.sanitizer_vendor for more information on these configuration options.

The default configuration is to disallow all of these elements. Code is only impacted if allowed tags are being overridden. Applications may be doing this in a few different ways:

  1. using application configuration to configure Action View sanitizers' allowed tags:
# In config/application.rb
config.action_view.sanitized_allowed_tags = ["style"]

see https://guides.rubyonrails.org/configuring.html#configuring-action-view

  1. using a :tags option to the Action View helper sanitize:
<%= sanitize @comment.body, tags: ["style"] %>

see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize

  1. setting Rails::HTML5::SafeListSanitizer class attribute allowed_tags:
# class-level option
Rails::HTML5::SafeListSanitizer.allowed_tags = ["style"]

(note that this class may also be referenced as Rails::Html::SafeListSanitizer)

  1. using a :tags options to the Rails::HTML5::SafeListSanitizer instance method sanitize:
# instance-level option
Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: ["style"])

(note that this class may also be referenced as Rails::Html::SafeListSanitizer)

  1. setting ActionText::ContentHelper module attribute allowed_tags:
ActionText::ContentHelper.allowed_tags = ["style"]

All users overriding the allowed tags by any of the above mechanisms to include "style" and omit "svg" or "math" should either upgrade or use one of the workarounds.

Workarounds

Any one of the following actions will work around this issue:

References

Credit

This vulnerability was responsibly reported by So Sakaguchi (mokusou).

🚨 rails-html-sanitizer has XSS vulnerability with certain configurations

Summary

There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0.

  • Versions affected: 1.6.0
  • Not affected: < 1.6.0
  • Fixed versions: 1.6.1

Impact

A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags in the following way:

  • the "noscript" element is explicitly allowed

Code is only impacted if Rails is configured to use HTML5 sanitization, please see documentation for config.action_view.sanitizer_vendor and config.action_text.sanitizer_vendor for more information on these configuration options.

The default configuration is to disallow all of these elements. Code is only impacted if allowed tags are being overridden. Applications may be doing this in a few different ways:

  1. using application configuration to configure Action View sanitizers' allowed tags:
# In config/application.rb
config.action_view.sanitized_allowed_tags = ["noscript"]

see https://guides.rubyonrails.org/configuring.html#configuring-action-view

  1. using a :tags option to the Action View helper sanitize:
<%= sanitize @comment.body, tags: ["noscript"] %>

see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize

  1. setting Rails::HTML5::SafeListSanitizer class attribute allowed_tags:
# class-level option
Rails::HTML5::SafeListSanitizer.allowed_tags = ["noscript"]

(note that this class may also be referenced as Rails::Html::SafeListSanitizer)

  1. using a :tags options to the Rails::HTML5::SafeListSanitizer instance method sanitize:
# instance-level option
Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: ["noscript"])

(note that this class may also be referenced as Rails::Html::SafeListSanitizer)

  1. setting ActionText::ContentHelper module attribute allowed_tags:
ActionText::ContentHelper.allowed_tags = ["noscript"]

All users overriding the allowed tags by any of the above mechanisms to include "noscript" should either upgrade or use one of the workarounds.

Workarounds

Any one of the following actions will work around this issue:

References

Credit

This vulnerability was responsibly reported by HackerOne user @taise.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ loofah (indirect, 2.22.0 → 2.23.1) · Repo · Changelog

Release Notes

2.23.1

2.23.1 / 2024-10-25

Added

  • Allow CSS properties min-height and max-height. [#288] @lazyatom

Full Changelog: v2.23.0...v2.23.1

2.23.0

2.23.0 / 2024-10-24

Added

New Contributors

Full Changelog: v2.22.0...v2.23.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ mini_portile2 (indirect, 2.8.5 → 2.8.8) · Repo · Changelog

Release Notes

2.8.8

2.8.8 / 2024-11-14

Improved

  • Raise an exception with a clear error message when xzcat is needed but is not installed. (#152) @flavorjones

2.8.7

2.8.7 / 2024-05-31

Added

  • When setting the C compiler through the MiniPortile constructor, the preferred keyword argument is now :cc_command. The original :gcc_command is still supported. (#144 by @flavorjones)
  • Add support for extracting xz-compressed tarballs on OpenBSD. (#141 by @postmodern)
  • Add OpenBSD support to the experimental method MakeMakefile#mkmf_config. (#141 by @flavorjones)

Changed

  • MiniPortileCMake now detects the C and C++ compiler the same way MiniPortile does: by examining environment variables, then using kwargs, then looking in RbConfig (in that order). (#144 by @flavorjones)
  • GPG file verification error messages are captured in the raised exception. Previously these errors went to stderr. (#145 by @flavorjones)

2.8.6

2.8.6 / 2024-04-14

Added

  • When using CMake on FreeBSD, default to clang's "cc" and "c++" compilers. (#139 by @mudge)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ nokogiri (indirect, 1.15.4 → 1.15.7) · Repo · Changelog

Security Advisories 🚨

🚨 Use-after-free in libxml2 via Nokogiri::XML::Reader

Summary

Nokogiri upgrades its dependency libxml2 as follows:

  • v1.15.6 upgrades libxml2 to 2.11.7 from 2.11.6
  • v1.16.2 upgrades libxml2 to 2.12.5 from 2.12.4

libxml2 v2.11.7 and v2.12.5 address the following vulnerability:

CVE-2024-25062 / https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25062

Please note that this advisory only applies to the CRuby implementation of Nokogiri, and only if
the packaged libraries are being used. If you've overridden defaults at installation time to use
system libraries instead of packaged libraries, you should instead pay attention to your distro's
libxml2 release announcements.

JRuby users are not affected.

Severity

The Nokogiri maintainers have evaluated this as Moderate.

Impact

From the CVE description, this issue applies to the xmlTextReader module (which underlies
Nokogiri::XML::Reader):

When using the XML Reader interface with DTD validation and XInclude expansion enabled,
processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

Mitigation

Upgrade to Nokogiri ~> 1.15.6 or >= 1.16.2.

Users who are unable to upgrade Nokogiri may also choose a more complicated mitigation: compile
and link Nokogiri against patched external libxml2 libraries which will also address these same
issues.

🚨 Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062

Summary

Nokogiri upgrades its dependency libxml2 as follows:

  • Nokogiri v1.15.6 upgrades libxml2 to 2.11.7 from 2.11.6
  • Nokogiri v1.16.2 upgrades libxml2 to 2.12.5 from 2.12.4

libxml2 v2.11.7 and v2.12.5 address the following vulnerability:

Please note that this advisory only applies to the CRuby implementation of Nokogiri, and only if the packaged libraries are being used. If you've overridden defaults at installation time to use system libraries instead of packaged libraries, you should instead pay attention to your distro's libxml2 release announcements.

JRuby users are not affected.

Mitigation

Upgrade to Nokogiri ~> 1.15.6 or >= 1.16.2.

Users who are unable to upgrade Nokogiri may also choose a more complicated mitigation: compile
and link Nokogiri against patched external libxml2 libraries which will also address these same
issues.

Impact

From the CVE description, this issue applies to the xmlTextReader module (which underlies Nokogiri::XML::Reader):

When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

Timeline

  • 2024-02-04 10:35 EST - this GHSA is drafted without complete details about when the upstream issue was introduced; a request is made of libxml2 maintainers for more detailed information
  • 2024-02-04 10:48 EST - updated GHSA to reflect libxml2 maintainers' confirmation of affected versions
  • 2024-02-04 11:54 EST - v1.16.2 published, this GHSA made public
  • 2024-02-05 10:18 EST - updated with MITRE link to the CVE information, and updated "Impact" section
  • 2024-03-16 09:03 EDT - v1.15.6 published (see discussion at #3146), updated mitigation information
  • 2024-03-18 22:12 EDT - update "affected products" range with v1.15.6 information
Release Notes

1.15.7

1.15.7 / 2024-12-02

Fixed

  • [CRuby] When serializing HTML5 documents, properly escape foreign content "style" elements. Normally, a "style" tag contains raw text that does not need entity-escaping, but when it appears in either SVG or MathML foreign content, the "style" tag is now correctly escaped when serialized. @flavorjones

sha256 checksums:

ef5ef17d956009c2701f06ed37e4e8bd335c1004555114715c5b012f057279b5  nokogiri-1.15.7-aarch64-linux.gem
169e3d403b09c3b990435ffda954e3846120adfc48f17849c31f6b4c84ee87ea  nokogiri-1.15.7-arm64-darwin.gem
4f53e34447898ffc266fb28a56f5923d79af0c757207f91da41d86f2cf617be3  nokogiri-1.15.7-arm-linux.gem
9a0efa6de9d12f134a30674f3a86ef6064441143d200eeb15adc313f1025869b  nokogiri-1.15.7.gem
678a8abf54b9021ee246f44e5a472dfa6a96933e5569a43ff8105e18c6f36f46  nokogiri-1.15.7-java.gem
23c5a5ada10e629f9c663b83dbaab6b1f2e265a18c1b71e783da86f51ac41a87  nokogiri-1.15.7-x64-mingw32.gem
31cd869f8fe96995eca0e3e06487b0813fcdc9c821096da6a7c17038f0abcedd  nokogiri-1.15.7-x64-mingw-ucrt.gem
37d3d58b3a0b0d8aaa8aa658d4238ee4952dde55a0d4dcaead161ce5484ce16a  nokogiri-1.15.7-x86_64-darwin.gem
98c54b218171d05105962f6542cbccd70e8d80aee1e0270e573ed26483ec6873  nokogiri-1.15.7-x86_64-linux.gem
6132a1a4e8e859ef8d464f2fd975e68d06fa635787948e6e83a69f140d684d87  nokogiri-1.15.7-x86-linux.gem
1c3b22c19c0487e2a9f8462dda263785d4fafefba818885d151d74057e090862  nokogiri-1.15.7-x86-mingw32.gem

1.15.6

1.15.6 / 2024-03-16

Note

This security release is a backport to the unsupported v1.15.x branch. Current stable is v1.16.x, which addressed the referenced CVE in v1.16.2 on 2024-02-04.

Security

Dependencies

sha256 checksums:

d79f713dffff149d60ab272d206a3ca96db2b891ab6a9f65362bfb78aface37a  gems/nokogiri-1.15.6-aarch64-linux.gem
62b5b7b387ec6c61c1ea5f889b7bc579eedd37f265f7cc1dc392484938549f1a  gems/nokogiri-1.15.6-arm-linux.gem
ba93c63f5c03047778abf16c80676fe67e7eb7d871ab0aaa7e2c2dfe4ec20027  gems/nokogiri-1.15.6-arm64-darwin.gem
d24639a546ba58c86d18da1ed124eaecbd45c5ae4c4dec41751b730a2b732ac3  gems/nokogiri-1.15.6-java.gem
e36887d89ec1b080e4a01dd2ff52650003db01d2a5edf5e6ab19e4c0bdb1385f  gems/nokogiri-1.15.6-x64-mingw-ucrt.gem
852c59a398499c8fcb6478d76396dcd50afa8f8902563b76265cd7dc90a731a1  gems/nokogiri-1.15.6-x64-mingw32.gem
19e0a5fbfa4393353fbcf6801f8f62350b6e16f43c907680c5884896858a23a2  gems/nokogiri-1.15.6-x86-linux.gem
9d464bbbaad6721a5a73181165fda67573f64ef2803c3337f6f733603e9d309a  gems/nokogiri-1.15.6-x86-mingw32.gem
32d045cdb0ce097e4543a5e7a79efd13ff05d904e32f4328732149dbea3c7f15  gems/nokogiri-1.15.6-x86_64-darwin.gem
26a79da0377100d6938ae2f1b115230a8a4a4595e35b89164d8495af32091186  gems/nokogiri-1.15.6-x86_64-linux.gem
70ce799b4b3e23b358501f1da3914f70b1c7a113fb12e96a7d53558481146e08  gems/nokogiri-1.15.6.gem

1.15.5

1.15.5 / 2023-11-17

Dependencies

sha256 checksums:

6dfa1d9837ddb233e234d56e244560ab1bc545d3d1744478060e18691f44ded7  nokogiri-1.15.5-aarch64-linux.gem
e3ac6608c6e1714bc11ff04e29a43fedf4cac2aea1bd88256cc3b927c06f347f  nokogiri-1.15.5-arm-linux.gem
4d7b15d53c0397d131376a19875aa97dd1c8b404c2c03bd2171f9b77e9592d40  nokogiri-1.15.5-arm64-darwin.gem
5f87e71aaeb4f7479b94698737a0aacea77836b4805c7433b655e9565bd56cfe  nokogiri-1.15.5-java.gem
7612be800909ae51e0a7cfbe1f768757857a9ff0339686814ca67d9bae271ca2  nokogiri-1.15.5-x64-mingw-ucrt.gem
28fd78d98e12005fe017db5ceccb74b2497f30582e6e26a3344200625fe46aae  nokogiri-1.15.5-x64-mingw32.gem
0d1b564d7f148a6766380966bb48b23afa72c72c992c69c71d21acd4a7f5c0e4  nokogiri-1.15.5-x86-linux.gem
d27dbf44c19b83e570e65b660a8a921441d1e8b6063ab1b985b516f78e0a2854  nokogiri-1.15.5-x86-mingw32.gem
10bafa54935f68aebd23235cb0fc7dfb8f6f5e52131379484771247eb3a0cc70  nokogiri-1.15.5-x86_64-darwin.gem
c5d9453cc155dc15f08ac699cc1293fd994ec6cfacec48e67653aa95ee946adf  nokogiri-1.15.5-x86_64-linux.gem
22448ca35dbcbdcec60dbe25ccf452b685a5436c28f21b2fec2e20917aba9100  nokogiri-1.15.5.gem

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ racc (indirect, 1.7.3 → 1.8.1) · Repo · Changelog

Release Notes

1.8.1

What's Changed

New Contributors

Full Changelog: v1.8.0...v1.8.1

1.8.0

What's Changed

  • Generate jar to build gem by @nobu in #255
  • Fix trivial typos by @ydah in #257
  • Try to fix test failure with Ruby 3.3 by @hsbt in #260
  • Reformat the rdoc so it renders correctly both locally and on github. by @zenspider in #258
  • Allow racc cmdline to read from stdin if no path specified. by @zenspider in #259
  • Add more grammars by @nurse in #222
  • Exclude 2.5 on macos-latest by @nobu in #263
  • Drop code for Ruby 1.6 by @nobu in #264
  • Refactor command line options by @nobu in #265
  • Change encode EUC-JP to UTF-8 by @ydah in #267
  • Organize README.ja.rdoc by @ydah in #266
  • Support error_on_expect_mismatch declaration in Racc grammar file by @yui-knk in #262
  • Bump up v1.8.0 by @yui-knk in #268

New Contributors

Full Changelog: v1.7.3...v1.8.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

Depfu Status

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands
@​depfu rebase
Rebases against your default branch and redoes this update
@​depfu recreate
Recreates this PR, overwriting any edits that you've made to it
@​depfu merge
Merges this PR once your tests are passing and conflicts are resolved
@​depfu cancel merge
Cancels automatic merging of this PR
@​depfu close
Closes this PR and deletes the branch
@​depfu reopen
Restores the branch and reopens this PR (if it's closed)
@​depfu pause
Ignores all future updates for this dependency and closes this PR
@​depfu pause [minor|major]
Ignores all future minor/major updates for this dependency and closes this PR
@​depfu resume
Future versions of this dependency will create PRs again (leaves this PR as is)

@depfu depfu bot added the depfu label Dec 2, 2024
@depfu depfu bot assigned marsz Dec 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@marsz marsz

Labels

depfu

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@marsz