Nokogiri v1.16.2 has been released with a security update for CRuby users.
The release notes [1] are reproduced here for your convenience.
[1]: https://github.com/sparklemotion/nokogiri/releases/tag/v1.16.2
---
v1.16.2 / 2024-02-04Security
- [CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See
GHSA-xc9x-jj77-9p9j
<https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj7…>
for
more information.
Dependencies
- [CRuby] Vendored libxml2 is updated to v2.12.5
<https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5> from
v2.12.4. (@flavorjones <https://github.com/flavorjones>)
------------------------------
sha256 checksums:
69ba15d2a2498324489ed63850997f0b8f684260114ea81116d3082f16551d2d
nokogiri-1.16.2-aarch64-linux.gem
6a05ce42e3587a40cf8936ece0beaa5d32922254215d2e8cf9ad40588bb42e57
nokogiri-1.16.2-arm-linux.gem
c957226c8e36b31be6a3afb8602e2128282bf8b40ea51016c4cd21aa2608d3f8
nokogiri-1.16.2-arm64-darwin.gem
122652bfc338cd8a54a692ac035e245e41fd3b8283299202ca26e7a7d50db310
nokogiri-1.16.2-java.gem
7344b5072ca69fc5bedb61cb01a3b765b93a27aae5a2a845c2ba7200e4345074
nokogiri-1.16.2-x64-mingw-ucrt.gem
a2a5e184a424111a0d5b77947986484920ad708009c667f061e8d02035c562dd
nokogiri-1.16.2-x64-mingw32.gem
833efddeb51a6c2c9f6356295623c2b2e0d50050d468695c59bd929162953323
nokogiri-1.16.2-x86-linux.gem
e67fc0418dffaff9dc8b1dc65f0605282c3fee9488832d0223b620b4319e0b53
nokogiri-1.16.2-x86-mingw32.gem
5def799e5f139f21a79d7cf71172313a7b6fb0e4b2a31ab9bd5d4ad305994539
nokogiri-1.16.2-x86_64-darwin.gem
5b146240ac6ec6c40fd4367623e74442bca45a542bd3282b1d4d18b07b8e5dfe
nokogiri-1.16.2-x86_64-linux.gem
68922ee5cde27497d995c46f2821957bae961947644eed2822d173daf7567f9c
nokogiri-1.16.2.gem
minitest-server version 1.0.8 has been released!
* home: <https://github.com/seattlerb/minitest-server>
* rdoc: <http://docs.seattlerb.org/minitest-server>
minitest-server provides a client/server setup with your minitest
process, allowing your test run to send its results directly to a
handler.
Changes:
### 1.0.8 / 2024-02-26
* 1 bug fix:
* Add drb as a dependency. (y-yagi)
minitest-gcstats version 1.3.1 has been released!
* home: <https://github.com/seattlerb/minitest-gcstats>
* rdoc: <http://docs.seattlerb.org/minitest-gcstats>
A minitest plugin that adds a report of the top tests by number of
objects allocated.
Changes:
### 1.3.1 / 2024-02-26
* 1 minor enhancement:
* Remove a bunch of ancient versioned code now that <2.3 is way behind us.
* 1 bug fix:
* Fix Result.from to include gc_stats. (fatkodima)
I will be giving a Montreal.rb Ruby meetup talk titled "Frontend Ruby with
Glimmer DSL for Web" on Wednesday, March 6 2023 at 7pm ET (doors open at
6:15pm ET). The event will be hosted at Lexop (506 McGill St Suite 400,
Montreal, Quebec, Canada). The talk description is below. In my opinion,
this is the most exciting Ruby topic in 2024 for doubling productivity and
halving cost and time in developing and maintaining Rails Frontends
compared to using inferior JS technologies like React, Angular, Vue,
Svelte, etc... I strongly believe this will be the most important Ruby
investment in 2024. Anyone who ignores it will be stuck in what feels like
the Ice Age of Frontend Development by comparison, kinda like riding horse
carriage compared to driving a Ferrari.
RSVP :
https://www.meetup.com/montrealrb/events/298445180/
Talk Description :
"Rubyists would rather leverage the productivity, readability, and
maintainability benefits of Ruby in Frontend Web Development than
JavaScript to cut down development cost and time by half compared to using
popular yet inferior JavaScript frameworks with bloated JavaScript code as
per Matz's suggestion in his RubyConf 2022 keynote speech to replace
JavaScript with Ruby. Fortunately, this is possible in 2024!
This talk is a continuation of the previous Montreal.rb talk "Intro to Ruby
in the Browser", which ended by promising a new way in the future for
developing Web Frontends that would completely revolutionize the way we
think about and do Frontend Development using Ruby instead of JavaScript.
The future is now!!! The simplest, most intuitive, most straight-forward,
and most productive Frontend Framework in existence is here! It is an
open-source Ruby gem called Glimmer DSL for Web.
Think of Glimmer DSL for Web as the Rails of Frontend Frameworks. With it,
you can finally live in Rubyland in both the Frontend and Backend on the
Web! That opens up the door to ideas like rendering Frontend Components in
the Backend as Server Components, eliminating the conflict between ERB and
JS frontend rendering technologies by leveraging highly readable,
maintainable, and productive Ruby code isomorphically."
Blog Post Announcement :
https://andymaleh.blogspot.com/
The JRuby community is pleased to announce the release of JRuby 9.4.6.0.
- Homepage: https://www.jruby.org/
- Download: https://www.jruby.org/download
JRuby 9.4.x targets Ruby 3.1 compatibility.
Thank you to our contributors this release, you help keep JRuby moving
forward! @evaniainbrooks, @ahorek, @kares, @most00, @ntkme, @sk757a
Ruby Compatibility
- Support for the new Prism parser for Ruby code has been merged in. A
blog post will follow soon. #8103
- IO#fcntl had inverted logic for setting O_NONBLOCK (setting it cleared
the value, etc). [#8081], [#8090]
- Many fixes to language and core class compatibility, see issue list.
- Warnings should match verbosity levels of CRuby, with many unwanted
warnings now properly omitted without verbose enabled. #7183, #8071
Standard Library
- json is updated to 2.7.1. #7752, #7954
- io-console is updated to 0.7.2. This version fixes IRB on Apple
M-series by using stty for console manipulation. #8012
- nkf is now supported by gem version 0.2.0. #8077
- strscan is updated to 3.1.0. #8074, [#8086]
- reline is updated to 0.4.2 #8102
- jruby-openssl is updated to 0.14.3 #8107
JVM Integration
- Ruby Symbols can be use as arguments to JVM methods that receive Java
String. #8015, #8057
- Starting with Java 17, package-private methods will no longer be bound
automatically even if they can be made visible. #8061, #8093
Native Integration
- The subsystem used for native calls has been updated to support
RHEL/CentOS 7 and the Java 9+ Cleaner API. [#8104]
Performance
- Performance of keyword argument handling has been improved. #8021
- Pattern matching is now supported in JRuby’s JIT compiler. #8026, #8027
77 Github Issues resolved for 9.4.6.0
#4808 Rework global variables, caching to eliminate race conditions
#6430 Using <internal: for core library methods defined in Ruby
#7151 File.identical? should use stat to compare files
#7183 Various alias forms warn on redefine when they should not
#7523 Define IO::READABLE, WRITABLE, PRIORITY for IO#wait
#7695 jffi ships with binaries requiring glibc 2.27
#7721 jirb on win10 : The signal TSTP is in use by the JVM and will not
work correctly on this platform
#7729 Sock fixes
#7752 Update JSON gem to not use Bigdecimal.new
#7759 irb on CentOS7, JRuby 9.4.2.0 , and JDK 1.8
#7760 Failure to load FFI gives an outdated message
#7845 Including a module again after prepending another module to it
isn’t idempotent
#7862 Ruby 2.7 conformance: ObjectSpace::WeakMap is broken for FixNum
keys
#7939 Yaml exception when trying to install rdoc-data
#7954 Update json for BigDecimal.new fix
#7958 Prepend internal marker to internal sources
#7974 [ji] support java_alias with constructor
#7981 Less instrs
#7996 Add %aA for printf and friends
#8001 Fix various specs
#8002 Time spec fixes
#8003 Fix issues in global variable thread-safety
#8005 New MRI test failures on less common architectures
#8007 Fix intermittent fails in CI
#8009 Expand WeakMap to allow floats and fixnums
#8010 Kernel#send does not strip off empty keywords hashes before
calling eventual method
#8011 Fixes #8010. Kernel#send + empty kwargs hash error
#8012 Update io-console
#8013 Tag sweep2
#8014 Fixes language specs involving blocks/yield
#8015 Java method lookup for arity-1 method with inexact argument fails
in the presence of arity-2 method with same name
#8016 Lang specs
#8021 Reduce overhead of kwargs for no-arg methods and blocks
#8022 Remove implicit prologue state to methods/blocks if that state is
unused
#8026 Full JIT support for pattern matching
#8027 Pattern jit
#8031 Reuse thread-local jump exceptions to avoid construction
#8033 Implement Exception.to_tty?
#8039 Implement Exception.to_tty?
#8040 Match Exception#full_message with MRI 3.2
#8045 Try to find class resource to avoid exception
#8046 Socket::IFF_* are missing
#8047 add socket flags for zeroconf
#8048 Try and make UDP look a little more like MRI (and hopefully make
it more functional)
#8049 Fix String#unpack from using capacity() and causing wrong error
#8050 Various cleanups for String operations
#8052 ignore codes logic was not doing anything in unpack
#8053 More arity splitting
#8054 A bit confusing error: “FrozenError: can’t modify frozen NilClass”
#8055 override getDelegate in PrependedModule to return origin
#8056 Add hex exponential notation for Kernel::Float
#8057 recognize RubySymbol as assignable to String
#8060 Inspect frozen object for error
#8061 enumerable.map raise wrong number of arguments only when Ruby
script is executed from Gradle using JDK 21
#8063 Fix typos in cli options
#8070 Attribute definition on singleton should call
singleton_method_added
#8071 Update some warnings to deprecated
#8072 Added Module#refinements and Refinement#refined_class
#8074 Update strscan to fix improper sharing
#8077 Switch to default gem for nkf
#8080 [fix] avoid Class#subclasses deprecation with class.rb ext
#8083 (master) rdoc test suite failing with
Java::JavaLang::ArrayIndexOutOfBoundsException
#8088 Update strscan to 3.1.0 for OOB fix
#8091 Ripper is not returning unary minus with proper symbol
#8093 Rework visibility checks for Java integration
#8095 Tweak kwargs logic to improve JIT inlining
#8099 [ji] fix java_import when constant exists in Object
#8100 Extra splat instr which did nothing
#8101 Flip File.identical? logic to try native first
#8102 Update reline to 0.4.2
#8103 Prism pluggable integration work
#8105 Update JNR dependencies
#8107 update jruby-openssl to 0.14.3
#8108 fix undef_method error message
#8109 Simple error string mismatch. Also corrected for m17n naming to
prin…
#8110 Re-arrange indexerror string when matching group name cannot be
found
#8111 NameError and NoMethodError should be dup’ing receiver
--
blog: http://blog.enebo.com twitter: tom_enebo
mail: tom.enebo(a)gmail.com
The JRuby community is pleased to announce the release of JRuby 9.3.14.0
- Homepage: https://www.jruby.org/
- Download: https://www.jruby.org/download
JRuby 9.3.x is compatible with Ruby 2.6.x and stays in sync with C Ruby. As
always there is a mix of miscellaneous fixes so be sure to read the issue
list below.
Ruby Compatibility
- IO#fcntl had inverted logic for setting O_NONBLOCK (setting it cleared
the value, etc). #8081, #8090
Standard Library
- strscan is updated to the 3.1.0 version #8086
Native Integration
- The subsystem used for native calls has been updated to support
RHEL/CentOS 7 and the Java 9+ Cleaner API. #8104 Note: Due to a mistake in
the release process 9.3.12.0 released yesterday only changed in version
number. It was essentially 9.3.11.0 with a new version.
5 Github Issues resolved for 9.3.14.0
#8081 IO#fcntl logic for F_SETFL, O_NONBLOCK is inverted
#8086 Update strscan for 9.3
#8089 Update strscan from gem v3.1.0
#8090 Invert this logic to match O_NONBLOCK flag
#8104 Update JNR dependencies
--
blog: http://blog.enebo.com twitter: tom_enebo
mail: tom.enebo(a)gmail.com
minitest version 5.22.2 has been released!
* home: <https://github.com/minitest/minitest>
* bugs: <https://github.com/minitest/minitest/issues>
* rdoc: <https://docs.seattlerb.org/minitest>
* clog: <https://github.com/minitest/minitest/blob/master/History.rdoc>
* vim: <https://github.com/sunaku/vim-ruby-minitest>
* emacs: <https://github.com/arthurnn/minitest-emacs>
minitest provides a complete suite of testing facilities supporting
TDD, BDD, mocking, and benchmarking.
"I had a class with Jim Weirich on testing last week and we were
allowed to choose our testing frameworks. Kirk Haines and I were
paired up and we cracked open the code for a few test
frameworks...
I MUST say that minitest is *very* readable / understandable
compared to the 'other two' options we looked at. Nicely done and
thank you for helping us keep our mental sanity."
-- Wayne E. Seguin
minitest/test is a small and incredibly fast unit testing framework.
It provides a rich set of assertions to make your tests clean and
readable.
minitest/spec is a functionally complete spec engine. It hooks onto
minitest/test and seamlessly bridges test assertions over to spec
expectations.
minitest/benchmark is an awesome way to assert the performance of your
algorithms in a repeatable manner. Now you can assert that your newb
co-worker doesn't replace your linear algorithm with an exponential
one!
minitest/mock by Steven Baker, is a beautifully tiny mock (and stub)
object framework.
minitest/pride shows pride in testing and adds coloring to your test
output. I guess it is an example of how to write IO pipes too. :P
minitest/test is meant to have a clean implementation for language
implementors that need a minimal set of methods to bootstrap a working
test suite. For example, there is no magic involved for test-case
discovery.
"Again, I can't praise enough the idea of a testing/specing
framework that I can actually read in full in one sitting!"
-- Piotr Szotkowski
Comparing to rspec:
rspec is a testing DSL. minitest is ruby.
-- Adam Hawkins, "Bow Before MiniTest"
minitest doesn't reinvent anything that ruby already provides, like:
classes, modules, inheritance, methods. This means you only have to
learn ruby to use minitest and all of your regular OO practices like
extract-method refactorings still apply.
Changes:
### 5.22.2 / 2024-02-07
* 1 bug fix:
* Third time's a charm? Remember: 'ensure' is almost always the
wrong way to go (for results... it's great for cleaning up).