Skip to content

build(deps): bump nokogiri from 1.19.2 to 1.19.3 in /docs/v3#5074

Merged
philippthun merged 1 commit intomainfrom
dependabot/bundler/docs/v3/nokogiri-1.19.3
May 5, 2026
Merged

build(deps): bump nokogiri from 1.19.2 to 1.19.3 in /docs/v3#5074
philippthun merged 1 commit intomainfrom
dependabot/bundler/docs/v3/nokogiri-1.19.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 1, 2026

Bumps nokogiri from 1.19.2 to 1.19.3.

Release notes

Sourced from nokogiri's releases.

v1.19.3 / 2026-04-27

Fixed / Security

  • Address exponential regex backtracking in CSS selector tokenizer. See GHSA-c4rq-3m3g-8wgx for more information.
  • [CRuby] Address memory leak in XSLT::Stylesheet#transform. See GHSA-v2fc-qm4h-8hqv for more information.
46b89e5d7b9e844c2ee360794240c6ea2a4e6fa0c5892a4ed487db621224b639  nokogiri-1.19.3-aarch64-linux-gnu.gem
8392dfdcd21be7a94dbbe9ccc138dea01b97b24cb2dc02a114ca98bfb1d9a0b7  nokogiri-1.19.3-aarch64-linux-musl.gem
3919d5ffc334ad778a4a9eb88fda7dcb8b1fb58c8a52ac640c6dcd2f038e774f  nokogiri-1.19.3-arm-linux-gnu.gem
9ce1cb6346bb9c67b1550eb537aa183ead91e4b6eadb2f36ade02d8dd2a79fb6  nokogiri-1.19.3-arm-linux-musl.gem
71b9bd424b1b7abc18b05052a1a3cfd3627abdca62be280854cc411791357e42  nokogiri-1.19.3-arm64-darwin.gem
40ea6ebf5cf2005dae1dee26dd557d3afb41fb6de6c9764aca8cf06fdb841db1  nokogiri-1.19.3-java.gem
8bb7132cad356c879a1286eaabcb5e68326cb2490317984280fbc62f456d506a  nokogiri-1.19.3-x64-mingw-ucrt.gem
77f3fba57d46c53ab31e62fc6c28f705109d1bf6264356c76f132b2be5728d4d  nokogiri-1.19.3-x86_64-darwin.gem
2f5078620fe12e83669b5b17311b32532a8153d02eee7ad06948b926d6080976  nokogiri-1.19.3-x86_64-linux-gnu.gem
248c906d2166eca5efb56d52fdee5f9a1f51d69a72e2b64fdac647b4ce39ea3f  nokogiri-1.19.3-x86_64-linux-musl.gem
78312cbac32a40c812780d9678221b79d51288eec00054c1a8d15f7ce05960e8  nokogiri-1.19.3.gem
Changelog

Sourced from nokogiri's changelog.

v1.19.3 / 2026-04-27

Fixed / Security

  • Address exponential regex backtracking in CSS selector tokenizer. See GHSA-c4rq-3m3g-8wgx for more information.
  • [CRuby] Address memory leak in XSLT::Stylesheet#transform. See GHSA-v2fc-qm4h-8hqv for more information.
Commits
  • c139a3d version bump to v1.19.3
  • 7501a63 fix: backtracking in CSS tokenizer rules (v1.19.x backport) (#3627)
  • 03e7968 test: skip CSS tokenizer benchmarks on JRuby
  • b984b7e fix: ReDoS in CSS tokenizer ident rule
  • 0092623 fix: ReDoS in CSS tokenizer STRING rule
  • ee17d33 fix: memory leak in XSLT transform (backport to v1.19.x) (#3624)
  • ce188a3 doc: update CHANGELOG
  • caeaac4 fix: memory leak in XSLT transform
  • 25220bf dep(test): test against libxml-ruby v6 (#3618)
  • 0caeb21 doc: add security warnings for untrusted XSLT stylesheets
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump nokogiri from 1.19.2 to 1.19.3 in /docs/v3
d45ba0f 
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.19.2 to 1.19.3.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.19.2...v1.19.3)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-version: 1.19.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels May 1, 2026
@philippthun philippthun merged commit 29c25dc into main May 5, 2026
6 checks passed
@philippthun philippthun deleted the dependabot/bundler/docs/v3/nokogiri-1.19.3 branch May 5, 2026 11:56
ari-wg-gitbot added a commit to cloudfoundry/capi-release that referenced this pull request May 5, 2026
@ari-wg-gitbot
Bump cloud_controller_ng
f3372e6 
Changes in cloud_controller_ng:

- Remove unnecessary explicit adapter requires from monkeypatch
    PR: cloudfoundry/cloud_controller_ng#5086
    Author: Philipp Thun <philipp.thun@sap.com>

Dependency updates in cloud_controller_ng:

- build(deps): bump rubyzip from 3.2.2 to 3.3.0
    PR: cloudfoundry/cloud_controller_ng#5081
    Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

- build(deps): bump rake from 13.3.1 to 13.4.2 in /docs/v3
    PR: cloudfoundry/cloud_controller_ng#5075
    Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

- build(deps): bump nokogiri from 1.19.2 to 1.19.3 in /docs/v3
    PR: cloudfoundry/cloud_controller_ng#5074
    Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

- build(deps): bump minitest from 6.0.5 to 6.0.6
    PR: cloudfoundry/cloud_controller_ng#5077
    Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

- build(deps): bump mini_racer from 0.20.0 to 0.21.0 in /docs/v3
    PR: cloudfoundry/cloud_controller_ng#5073
    Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

- build(deps): bump json from 2.19.3 to 2.19.4 in /docs/v3
    PR: cloudfoundry/cloud_controller_ng#5076
    Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

- build(deps-dev): bump spring from 4.4.2 to 4.5.0
    PR: cloudfoundry/cloud_controller_ng#5078
    Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

- build(deps): bump sequel from 5.103.0 to 5.104.0
    PR: cloudfoundry/cloud_controller_ng#5082
    Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@philippthun philippthun philippthun approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@philippthun