Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump nokogiri from 1.14.2 to 1.15.0 in /src/supermarket #3109

Closed

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 16, 2023

Bumps nokogiri from 1.14.2 to 1.15.0.

Release notes

Sourced from nokogiri's releases.

1.15.0 / 2023-05-15

Notes

Ability to opt into system malloc and free

Since 2009, Nokogiri has configured libxml2 to use ruby_xmalloc et al for memory management. This has provided benefits for memory management, but comes with a performance penalty.

Users can now opt into using system malloc for libxml2 memory management by setting an environment variable:

# "default" here means "libxml2's default" which is system malloc
NOKOGIRI_LIBXML_MEMORY_MANAGEMENT=default

Benchmarks show that this setting will significantly improve performance, but be aware that the tradeoff may involve poorer memory management including bloated heap sizes and/or OOM conditions.

You can read more about this in the decision record at https://github.com/sparklemotion/nokogiri/blob/HEAD/adr/2023-04-libxml-memory-management.md.

Dependencies

Added

Changed

  • [CRuby] Schema.from_document now makes a defensive copy of the document if it has blank text nodes with Ruby objects instantiated for them. This prevents unsafe behavior in libxml2 from causing a segfault. There is a small performance cost, but we think this has the virtue of being "what the user meant" since modifying the original is surprising behavior for most users. Previously this was addressed in v1.10.9 by raising an exception.

Fixed

  • [CRuby] XSLT.transform now makes a defensive copy of the document if it has blank text nodes with Ruby objects instantiated for them and the template uses xsl:strip-spaces. This prevents unsafe behavior in libxslt from causing a segfault. There is a small performance cost, but we think this has the virtue of being "what the user meant" since modifying the original is surprising behavior for most users. Previously this would allow unsafe memory access and potentially segfault. [#2800]

Improved

  • Nokogiri::XML::Node::SaveOptions#inspect now shows the names of the options set in the bitmask, similar to ParseOptions. [#2767]

... (truncated)

Changelog

Sourced from nokogiri's changelog.

1.15.0 / 2023-05-15

Notes

Ability to opt into system malloc and free

Since 2009, Nokogiri has configured libxml2 to use ruby_xmalloc et al for memory management. This has provided benefits for memory management, but comes with a performance penalty.

Users can now opt into using system malloc for libxml2 memory management by setting an environment variable:

# "default" here means "libxml2's default" which is system malloc
NOKOGIRI_LIBXML_MEMORY_MANAGEMENT=default

Benchmarks show that this setting will significantly improve performance, but be aware that the tradeoff may involve poorer memory management including bloated heap sizes and/or OOM conditions.

You can read more about this in the decision record at https://github.com/sparklemotion/nokogiri/blob/main/adr/2023-04-libxml-memory-management.md.

Dependencies

Added

Changed

  • [CRuby] Schema.from_document now makes a defensive copy of the document if it has blank text nodes with Ruby objects instantiated for them. This prevents unsafe behavior in libxml2 from causing a segfault. There is a small performance cost, but we think this has the virtue of being "what the user meant" since modifying the original is surprising behavior for most users. Previously this was addressed in v1.10.9 by raising an exception.

Fixed

  • [CRuby] XSLT.transform now makes a defensive copy of the document if it has blank text nodes with Ruby objects instantiated for them and the template uses xsl:strip-spaces. This prevents unsafe behavior in libxslt from causing a segfault. There is a small performance cost, but we think this has the virtue of being "what the user meant" since modifying the original is surprising behavior for most users. Previously this would allow unsafe memory access and potentially segfault. [#2800]

Improved

  • Nokogiri::XML::Node::SaveOptions#inspect now shows the names of the options set in the bitmask, similar to ParseOptions. [#2767]

... (truncated)

Commits
  • ebb9eca version bump to v1.15.0
  • 0bf048e doc: update changelog with libxslt version
  • 32c7543 Merge pull request #2866 from sparklemotion/flavorjones-upgrade-libxml2-2.11.0
  • 1987d80 doc: v1.14.4 release notes
  • 8dd3ddb Merge pull request #2873 from chadlwilson/xalan-273
  • cd79753 dep: update libxml2 to v2.11.3 from v2.11.2
  • 1081682 dep(xalan): ensure output property method is set
  • 73c3b1c test: updating tests to match xalan 2.7.3 behavior
  • 82e3ab5 Merge pull request #2874 from sparklemotion/dependabot/bundler/rubocop-minite...
  • 84edfa5 dep: update jar files for xalan
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.14.2 to 1.15.0.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.14.2...v1.15.0)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested review from a team as code owners May 16, 2023 14:12
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels May 16, 2023
@netlify
Copy link

netlify bot commented May 16, 2023

👷 Deploy Preview for chef-supermarket processing.

Name Link
🔨 Latest commit 3876a69
🔍 Latest deploy log https://app.netlify.com/sites/chef-supermarket/deploys/64638f5ca8977100083c3d35

@sonarcloud
Copy link

sonarcloud bot commented May 16, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github May 19, 2023

Superseded by #3112.

@dependabot dependabot bot closed this May 19, 2023
@dependabot dependabot bot deleted the dependabot/bundler/src/supermarket/nokogiri-1.15.0 branch May 19, 2023 14:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants