Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bump nokogiri from 1.10.5 to 1.10.8 (#1429)
Summary: Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.5 to 1.10.8. <details> <summary>Release notes</summary> *Sourced from [nokogiri's releases](https://github.com/sparklemotion/nokogiri/releases).* > ## 1.10.8 / 2020-02-10 > > ### Security > > [MRI] Pulled in upstream patch from libxml that addresses CVE-2020-7595. Full details are available in [#1992](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1992). Note that this patch is not yet (as of 2020-02-10) in an upstream release of libxml. > > > > ## 1.10.7 / 2019-12-03 > > ### Bug > > * [MRI] Ensure the patch applied in v1.10.6 works with GNU `patch`. [#1954](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1954) > > > > ## 1.10.6 / 2019-12-03 > > ### Bug > > * [MRI] Fix FreeBSD installation of vendored libxml2. [#1941, [#1953](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1953)] (Thanks, [@​nurse](https://github.com/nurse)!) > > </details> <details> <summary>Changelog</summary> *Sourced from [nokogiri's changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md).* > ## 1.10.8 / 2020-02-10 > > ### Security > > [MRI] Pulled in upstream patch from libxml that addresses CVE-2020-7595. Full details are available in [#1992](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1992). Note that this patch is not yet (as of 2020-02-10) in an upstream release of libxml. > > > ## 1.10.7 / 2019-12-03 > > ### Fixed > > * [MRI] Ensure the patch applied in v1.10.6 works with GNU `patch`. [[#1954](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1954)] > > > ## 1.10.6 / 2019-12-03 > > ### Fixed > > * [MRI] Fix FreeBSD installation of vendored libxml2. [[#1941](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1941), [#1953](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1953)] (Thanks, [@​nurse](https://github.com/nurse)!) </details> <details> <summary>Commits</summary> - [`6ce10d1`](sparklemotion/nokogiri@6ce10d1) version bump to v1.10.8 - [`2320f5b`](sparklemotion/nokogiri@2320f5b) update CHANGELOG for v1.10.8 - [`4a77fdb`](sparklemotion/nokogiri@4a77fdb) remove patches from the hoe Manifest - [`570b6cb`](sparklemotion/nokogiri@570b6cb) update to use rake-compiler ~1.1.0 - [`2cdb68e`](sparklemotion/nokogiri@2cdb68e) backport libxml2 patch for CVE-2020-7595 - [`e6b3229`](sparklemotion/nokogiri@e6b3229) version bump to v1.10.7 - [`4f9d443`](sparklemotion/nokogiri@4f9d443) update CHANGELOG - [`80e67ef`](sparklemotion/nokogiri@80e67ef) Fix the patch from [#1953](https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1953) to work with both `git` and `patch` - [`7cf1b85`](sparklemotion/nokogiri@7cf1b85) Fix typo in generated metadata - [`d76180d`](sparklemotion/nokogiri@d76180d) add gem metadata - Additional commits viewable in [compare view](sparklemotion/nokogiri@v1.10.5...v1.10.8) </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=nokogiri&package-manager=bundler&previous-version=1.10.5&new-version=1.10.8)](https://help.github.com/articles/configuring-automated-security-fixes) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `dependabot rebase` will rebase this PR - `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `dependabot merge` will merge this PR after your CI passes on it - `dependabot squash and merge` will squash and merge this PR after your CI passes on it - `dependabot cancel merge` will cancel a previously requested merge and block automerging - `dependabot reopen` will reopen this PR if it is closed - `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Instagram/IGListKit/network/alerts). </details> Pull Request resolved: #1429 Differential Revision: D20124605 Pulled By: lorixx fbshipit-source-id: 05e6117da1ff1eb92da518b0bf08bd7142a1f797
- Loading branch information