rexml
for security"}},{"before":"f05d44d8279231fe0173d9b0bdd611ee1007cad7","after":null,"ref":"refs/heads/upgrade-lighthouse","pushedAt":"2024-06-19T02:00:15.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"G-Rath","name":"Gareth Jones","path":"/G-Rath","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3151613?s=80&v=4"}},{"before":"9e51bcea0703547077247642f4a00b0351e7a3a6","after":"f2bcfb0565535fa8200a369baf6b8ecdb36a7f79","ref":"refs/heads/main","pushedAt":"2024-06-19T02:00:14.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"G-Rath","name":"Gareth Jones","path":"/G-Rath","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3151613?s=80&v=4"},"commit":{"message":"ci: upgrade `lighthouse` to v10 (#641)\n\nNewer versions of lighthouse are always better and this helps ensure we\r\ncan apply the latest security patches - we can't go any higher than v10\r\nright now because v11 required Node v18 or higher but this is still an\r\nimprovement and we plan to upgrade Node later this year","shortMessageHtmlLink":"ci: upgrade lighthouse
to v10 (#641)"}},{"before":null,"after":"f05d44d8279231fe0173d9b0bdd611ee1007cad7","ref":"refs/heads/upgrade-lighthouse","pushedAt":"2024-06-19T01:27:17.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"G-Rath","name":"Gareth Jones","path":"/G-Rath","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3151613?s=80&v=4"},"commit":{"message":"ci: upgrade `lighthouse` to v10","shortMessageHtmlLink":"ci: upgrade lighthouse
to v10"}},{"before":"87a927194872b1fb8978342c610b59d99acbb0b7","after":"cb0b486fec157bb182a9bcc2aea23f1fe04891f8","ref":"refs/heads/production","pushedAt":"2024-06-09T20:34:37.000Z","pushType":"pr_merge","commitsCount":3,"pusher":{"login":"G-Rath","name":"Gareth Jones","path":"/G-Rath","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3151613?s=80&v=4"},"commit":{"message":"Merge pull request #640 from ackama/main\n\nstaging -> production","shortMessageHtmlLink":"Merge pull request #640 from ackama/main"}},{"before":"df1172bc0c626ab2b7aa796ca6e252ce0e5f7788","after":null,"ref":"refs/heads/dependabot/bundler/actionpack-7.1.3.4","pushedAt":"2024-06-09T20:13:25.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"25c0627e2b04cc36e130475d4b87fab94f09b516","after":null,"ref":"refs/heads/update-rails","pushedAt":"2024-06-09T20:12:39.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"G-Rath","name":"Gareth Jones","path":"/G-Rath","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3151613?s=80&v=4"}},{"before":"2735cd646d6b5ef5b101cd345e7e015b13912da0","after":"9e51bcea0703547077247642f4a00b0351e7a3a6","ref":"refs/heads/main","pushedAt":"2024-06-09T20:12:38.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"G-Rath","name":"Gareth Jones","path":"/G-Rath","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3151613?s=80&v=4"},"commit":{"message":"fix: update `rails` for security (#639)\n\nIn addition to updating Rails, I've also locked it to v7.0.x so that\r\nfuture security updates (including those opened by dependabot) don't try\r\nto upgrade us to Rails v7.1, which is why #637 is failing\r\n\r\nAddresses GHSA-fwhr-88qx-h9g7\r\nAddresses GHSA-qjqp-xr96-cj99","shortMessageHtmlLink":"fix: update rails
for security (#639)"}},{"before":null,"after":"25c0627e2b04cc36e130475d4b87fab94f09b516","ref":"refs/heads/update-rails","pushedAt":"2024-06-09T19:37:55.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"G-Rath","name":"Gareth Jones","path":"/G-Rath","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3151613?s=80&v=4"},"commit":{"message":"fix: update `rails` for security\n\nAddresses GHSA-fwhr-88qx-h9g7\nAddresses GHSA-qjqp-xr96-cj99","shortMessageHtmlLink":"fix: update rails
for security"}},{"before":"2d159b94d673e66a9ecbffc7351436cc7eba15a7","after":"df1172bc0c626ab2b7aa796ca6e252ce0e5f7788","ref":"refs/heads/dependabot/bundler/actionpack-7.1.3.4","pushedAt":"2024-06-06T02:17:56.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump actionpack from 7.0.8.1 to 7.1.3.4\n\nBumps [actionpack](https://github.com/rails/rails) from 7.0.8.1 to 7.1.3.4.\n- [Release notes](https://github.com/rails/rails/releases)\n- [Changelog](https://github.com/rails/rails/blob/v7.1.3.4/actionpack/CHANGELOG.md)\n- [Commits](https://github.com/rails/rails/compare/v7.0.8.1...v7.1.3.4)\n\n---\nupdated-dependencies:\n- dependency-name: actionpack\n dependency-type: indirect\n...\n\nSigned-off-by: dependabot[bot] Sourced from rexml's\r\nreleases.
\r\n\r\n\r\nREXML 3.2.8 - 2024-05-16
\r\nFixes
\r\n\r\n
\r\n- Suppressed a warning
\r\nREXML 3.2.7 - 2024-05-16
\r\nImprovements
\r\n\r\n
\r\n- \r\n
\r\nImprove parse performance by using
\r\n\r\nStringScanner
.- \r\n
\r\nImproved parse performance when an attribute has many\r\n
\r\n<
s.\r\n
\r\n- GH-124
\r\nFixes
\r\n\r\n
\r\n\r\n- \r\n
\r\nXPath: Fixed a bug of
\r\n\r\nnormalize_space(array)
.- \r\n
\r\nXPath: Fixed a bug that wrong position is used with nested path.
\r\n\r\n- \r\n
\r\nFixed a bug that an exception message can't be generated for\r\ninvalid encoding XML.
\r\n
... (truncated)
\r\nSourced from rexml's\r\nchangelog.
\r\n\r\n\r\n3.2.8 - 2024-05-16 {#version-3-2-8}
\r\nFixes
\r\n\r\n
\r\n- Suppressed a warning
\r\n3.2.7 - 2024-05-16 {#version-3-2-7}
\r\nImprovements
\r\n\r\n
\r\n- \r\n
\r\nImprove parse performance by using
\r\n\r\nStringScanner
.- \r\n
\r\nImproved parse performance when an attribute has many\r\n
\r\n<
s.\r\n
\r\n- GH-124
\r\nFixes
\r\n\r\n
\r\n\r\n- \r\n
\r\nXPath: Fixed a bug of
\r\n\r\nnormalize_space(array)
.- \r\n
\r\nXPath: Fixed a bug that wrong position is used with nested path.
\r\n\r\n- \r\n
\r\nFixed a bug that an exception message can't be generated for
\r\n
... (truncated)
\r\n1cf37ba
\r\nAdd 3.2.8 entryb67081c
\r\nRemove an unused variable (#128)94e180e
\r\nSuppress a warningd574ba5
\r\nci: install only gems required for running tests (#129)4670f8f
\r\nAdd missing Thanks section9ba35f9
\r\nBump version085def0
\r\nAdd 3.2.7 entry4325835
\r\nRead quoted attributes in chunks (#126)e77365e
\r\nExclude older than 2.6 on macos-14bf2c8ed
\r\nMove development dependencies to Gemfile (#124)Sourced from nokogiri's\r\nreleases.
\r\n\r\n\r\nv1.16.5 / 2024-05-13
\r\nSecurity
\r\n\r\n
\r\n- [CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See\r\nGHSA-r95h-9x8f-r3f7\r\nfor more information.
\r\nDependencies
\r\n\r\n
\r\n- [CRuby] Vendored libxml2 is updated to v2.12.7\r\nfrom v2.12.6. (
\r\n@flavorjones
)
\r\nsha256 checksums:
\r\n\r\n\r\naf0f44fa3e664dfb2aa10de8b551447d720c1e8d1f0aa3f35783dcc43e40a874\r\nnokogiri-1.16.5-aarch64-linux.gem\r\n23dc2357b26409a5c33b7e32a82902f0e9995305420f16d1a03ab3ea1a482fec\r\nnokogiri-1.16.5-arm-linux.gem\r\n950d037530edb49f75ad35de0b8038b970a7dda57e2b6326895b0e49fadf6214\r\nnokogiri-1.16.5-arm64-darwin.gem\r\nb7aefc94370c62476b8528e8d8abb6160203abd84a1f4eceda8f1aa8974d9989\r\nnokogiri-1.16.5-java.gem\r\nec2167160df8fec3137bf95d574ed80ebc1d002bb3b281546b60b4aa9002466e\r\nnokogiri-1.16.5-x64-mingw-ucrt.gem\r\n6984200491fac69974005ecfa2de129d61843d345eafa5d6f58e8b908d1cf107\r\nnokogiri-1.16.5-x64-mingw32.gem\r\nabdc389ab1ec6604492da16bd9d06ad746fdb6bd6a1bd274c400d61ffcadb3c4\r\nnokogiri-1.16.5-x86-linux.gem\r\n63d24981345856f2baf7f4089870a62d3042fb8d3021b280fb04fc052532e3c4\r\nnokogiri-1.16.5-x86-mingw32.gem\r\n71b5f54e378c433d13df67c3b71acc4716129da62402d8181f310c4216a63279\r\nnokogiri-1.16.5-x86_64-darwin.gem\r\n0ca238da870066bed2f7837af6f35791bb9b76c4c5638999c46aac44818a6a97\r\nnokogiri-1.16.5-x86_64-linux.gem\r\nec36162c68984fa0a90a5c4ae7ab7759460639e716cc1ce75f34c3cb54158ad2\r\nnokogiri-1.16.5.gem\r\n
v1.16.4 / 2024-04-10
\r\nDependencies
\r\n\r\n
\r\n- [CRuby] Vendored zlib in the precompiled native gems is updated to\r\nv1.3.1 from v1.3. Nokogiri\r\nis not affected by the minizip CVE patched in this version, but this\r\nupdate may satisfy some security scanners. Related, see this\r\ndiscussion about removing the compression libraries altogether in a\r\nfuture version of Nokogiri.
\r\n
\r\nsha256 checksums:
\r\n\r\n\r\nbdb1dc4378ebcf3ade8f440c7df68f6d76946a1a96c4823a2b4c53c01a320cd5\r\nnokogiri-1.16.4-aarch64-linux.gem\r\n0c994b9996d5576eddcc3201a94ef2bff6fc3627c4ae4d2708b0ec9b9743ec6a\r\nnokogiri-1.16.4-arm-linux.gem\r\n8e86abb64c93c06d3c588042a0e757279e8f1dc88b5210a00be892a9a7a27196\r\nnokogiri-1.16.4-arm64-darwin.gem\r\nbf84fa28be4943692bd64772186e0832fb1061f80714ccb93e111e9d72b1cadc\r\nnokogiri-1.16.4-java.gem\r\na46808467c1f63a2031e1ca0715cd5336bb4ec759e9c0e2f4c951c1cc30994ae\r\nnokogiri-1.16.4-x64-mingw-ucrt.gem\r\n4cdf64bc5e9443ec3e0b595347ecc8affe21968d9ae934c0825d26630ef96468\r\nnokogiri-1.16.4-x64-mingw32.gem\r\nd86d21bae47dd9f6f5223055e45d33fae08b0b89aad94cbc0ece4f4274fa7af5\r\nnokogiri-1.16.4-x86-linux.gem\r\nd488b872884844686780fda7cf5da44ee884d32faa713a55aeb4736d76718168\r\nnokogiri-1.16.4-x86-mingw32.gem\r\na896e52a56951ffb0e6a9279afbf485d683e357a053d27f4cfcb2a73b0824628\r\nnokogiri-1.16.4-x86_64-darwin.gem\r\n92ff4f09910255fec84b3bc4c4b182e94cada3ed12b9f7a6ea058e0af186fb31\r\nnokogiri-1.16.4-x86_64-linux.gem\r\n</tr></table> \r\n
... (truncated)
\r\nSourced from nokogiri's\r\nchangelog.
\r\n\r\n\r\nv1.16.5
\r\nSecurity
\r\n\r\n
\r\n- [CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See\r\nGHSA-r95h-9x8f-r3f7\r\nfor more information.
\r\nDependencies
\r\n\r\n
\r\n- [CRuby] Vendored libxml2 is updated to v2.12.7\r\nfrom v2.12.6. (
\r\n@flavorjones
)v1.16.4 / 2024-04-10
\r\nDependencies
\r\n\r\n
\r\n- [CRuby] Vendored zlib in the precompiled native gems is updated to\r\nv1.3.1 from v1.3. Nokogiri\r\nis not affected by the minizip CVE patched in this version, but this\r\nupdate may satisfy some security scanners. Related, see this\r\ndiscussion about removing the compression libraries altogether in a\r\nfuture version of Nokogiri.
\r\nv1.16.3 / 2024-03-15
\r\nDependencies
\r\n\r\n
\r\n- [CRuby] Vendored libxml2 is updated to v2.12.6\r\nfrom v2.12.5. (
\r\n@flavorjones
)Changed
\r\n\r\n
\r\n- [CRuby]
\r\nXML::Reader
sets the@encoding
\r\ninstance variable during reading if it is not passed into the\r\ninitializer. Previously, it would remainnil
. The behavior\r\nofReader#encoding
has not changed. This works around\r\nchanges to how libxml2 reports the encoding used in v2.12.6.
cd70bd3
\r\nversion bump to v1.16.5afc36de
\r\ndep: update vendored libxml2 to v2.12.7 (#3191)41b4f08
\r\nci: add arm64-darwin coverage using macos-1467b9e86
\r\ndep: update libxml2 to v2.12.717c0362
\r\nversion bump to v1.16.41c329e9
\r\ndep: update to zlib 1.3.1 (v1.16.x) (#3175)edeac07
\r\ndep: update to zlib 1.3.180fb608
\r\nversion bump to v1.16.3710bd96
\r\ndep: update libxml 2.12.6 (branch v1.16.x) (#3151)461a96e
\r\nfix: Reader#read sets @encoding
if it is\r\nunsetSourced from tar's\r\nchangelog.
\r\n\r\n\r\nChangelog
\r\n7.0
\r\n\r\n
\r\n- Rewrite in TypeScript, provide ESM and CommonJS hybrid\r\ninterface
\r\n- Add tree-shake friendly exports, like\r\n
\r\nimport('tar/create')
\r\nandimport('tar/read-entry')
to get individual functions or\r\nclasses.- Add
\r\nchmod
option that defaults to false, and deprecate\r\nnoChmod
. That is, reverse the default option regarding\r\nexplicitly setting file system modes to match tar entry\r\nsettings.- Add
\r\nprocessUmask
option to avoid having to call\r\nprocess.umask()
whenchmod: true
(or\r\nnoChmod: false
) is\r\nset.6.2
\r\n\r\n
\r\n- Add support for brotli compression
\r\n- Add
\r\nmaxDepth
option to prevent extraction into\r\nexcessively\r\ndeep folders.6.1
\r\n\r\n
\r\n- remove dead link to benchmarks (#313)\r\n(
\r\n@yetzt
)- add examples/explanation of using tar.t (
\r\n@isaacs
)- ensure close event is emited after stream has ended (
\r\n@webark
)- replace deprecated String.prototype.substr() (
\r\n@CommanderRoot
,\r\n@lukekarrys
)6.0
\r\n\r\n
\r\n- Drop support for node 6 and 8
\r\n- fix symlinks and hardlinks on windows being packed with\r\n
\r\n\\
-style path targets5.0
\r\n\r\n
\r\n\r\n- Address unpack race conditions using path reservations
\r\n- Change large-numbers errors from TypeError to Error
\r\n- Add
\r\nTAR_*
error codes- Raise
\r\nTAR_BAD_ARCHIVE
warning/error when there are no\r\nvalid\r\nentries found in an archive- do not treat ignored entries as an invalid archive
\r\n- drop support for node v4
\r\n- unpack: conditionally use a file mapping to write files on\r\nWindows
\r\n- Set more portable 'mode' value in portable mode
\r\n- Set
\r\nportable
gzip option in portable mode
... (truncated)
\r\nbef7b1e
\r\n6.2.1fe8cd57
\r\nprevent extraction in excessively deep subfoldersfe7ebfd
\r\nremove security.md5bc9d40
\r\n6.2.0fe1ef5e
\r\nchangelog 6.2e483220
\r\nget rid of npm lint stuff689928a
\r\nci that works outside of npm orgdb6f539
\r\nfile inference improvements for .tbr and .tgz336fa8f
\r\nrefactor: dry and other pr commentseeba222
\r\nchore: lint fixes