Skip to content

chore(deps): bump nokogiri from 1.19.2 to 1.19.3#2057

Merged
zkoppert merged 1 commit into
masterfrom
dependabot/bundler/nokogiri-1.19.3
May 14, 2026
Merged

chore(deps): bump nokogiri from 1.19.2 to 1.19.3#2057
zkoppert merged 1 commit into
masterfrom
dependabot/bundler/nokogiri-1.19.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 8, 2026
edited
Loading

Bumps nokogiri from 1.19.2 to 1.19.3.

Release notes

Sourced from nokogiri's releases.

v1.19.3 / 2026-04-27

Fixed / Security

  • Address exponential regex backtracking in CSS selector tokenizer. See GHSA-c4rq-3m3g-8wgx for more information.
  • [CRuby] Address memory leak in XSLT::Stylesheet#transform. See GHSA-v2fc-qm4h-8hqv for more information.
46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639  nokogiri-1.19.3-aarch64-linux-gnu.gem
8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7  nokogiri-1.19.3-aarch64-linux-musl.gem
3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f  nokogiri-1.19.3-arm-linux-gnu.gem
9ce1cb6346bb9c67b1550eb537aa183ead91e4b6eadb2f36ade02d8dd2a79fb6  nokogiri-1.19.3-arm-linux-musl.gem
71b9bd424b1b7abc18b05052a1a3cfd3627abdca62be280854cc411791357e42  nokogiri-1.19.3-arm64-darwin.gem
40ea6ebf5cf2005dae1dee26dd557d3afb41fb6de6c9764aca8cf06fdb841db1  nokogiri-1.19.3-java.gem
8bb7132cad356c879a1286eaabcb5e68326cb2490317984280fbc62f456d506a  nokogiri-1.19.3-x64-mingw-ucrt.gem
77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d  nokogiri-1.19.3-x86_64-darwin.gem
2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976  nokogiri-1.19.3-x86_64-linux-gnu.gem
248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f  nokogiri-1.19.3-x86_64-linux-musl.gem
78312cbac32a40c812780d9678221b79d51288eec00054c1a8d15f7ce05960e8  nokogiri-1.19.3.gem
Changelog

Sourced from nokogiri's changelog.

v1.19.3 / 2026-04-27

Fixed / Security

  • Address exponential regex backtracking in CSS selector tokenizer. See GHSA-c4rq-3m3g-8wgx for more information.
  • [CRuby] Address memory leak in XSLT::Stylesheet#transform. See GHSA-v2fc-qm4h-8hqv for more information.
Commits
  • c139a3d version bump to v1.19.3
  • 7501a63 fix: backtracking in CSS tokenizer rules (v1.19.x backport) (#3627)
  • 03e7968 test: skip CSS tokenizer benchmarks on JRuby
  • b984b7e fix: ReDoS in CSS tokenizer ident rule
  • 0092623 fix: ReDoS in CSS tokenizer STRING rule
  • ee17d33 fix: memory leak in XSLT transform (backport to v1.19.x) (#3624)
  • ce188a3 doc: update CHANGELOG
  • caeaac4 fix: memory leak in XSLT transform
  • 25220bf dep(test): test against libxml-ruby v6 (#3618)
  • 0caeb21 doc: add security warnings for untrusted XSLT stylesheets
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels May 8, 2026
@zkoppert zkoppert mentioned this pull request May 14, 2026
Merged
@zkoppert
Copy link
Copy Markdown
Member

zkoppert commented May 14, 2026

@dependabot rebase

@dependabot
chore(deps): bump nokogiri from 1.19.2 to 1.19.3
457b7fa 
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.19.2 to 1.19.3.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.19.2...v1.19.3)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-version: 1.19.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/bundler/nokogiri-1.19.3 branch from 8e01c23 to 457b7fa Compare May 14, 2026 07:51
@zkoppert zkoppert merged commit d9ec604 into master May 14, 2026
7 checks passed
@zkoppert zkoppert deleted the dependabot/bundler/nokogiri-1.19.3 branch May 14, 2026 07:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zkoppert zkoppert zkoppert approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@zkoppert