Bump nokogiri from 1.13.9 to 1.13.10 #40
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
|
Seems to fail in CI like this:
I'm really sick and tired of this website being maintained with Jekyll TBH; we should spend the time to convert it to sitegen instead: #26 |
The underlying cause is probably the change from Ubuntu 20.04 in e.g. https://github.com/perlun/perlun.eu.org/actions/runs/3535409818 to 22.04 in the CI job in this PR: https://github.com/perlun/perlun.eu.org/actions/runs/3645334300/jobs/6155393582. This change dropped Python 2.7 support entirely. We'll probably need to figure out a way to make (Or wait, can we just revert the Actions CI image to Ubuntu 20.04? Maybe we can. We seem to have specified |
I think I fixed this in 81254d8. The commit message has lots more details there. |
|
@dependabot rebase |
|
Superseded by #43. |
|
@dependabot reopen #43 doesn't work for us since we still use Ruby 2.6. |
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.9 to 1.13.10. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](sparklemotion/nokogiri@v1.13.9...v1.13.10) --- updated-dependencies: - dependency-name: nokogiri dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
force-pushed
the
dependabot/bundler/nokogiri-1.13.10
branch
from
2b556af to
60a7041
Compare
This paves the way for #40. We could outright upgrade Nokogiri in this PR, but I'll let Dependabot take the credit for that since it was the one who prompted the upgrade in the first place. :) The problem with #40 as it currently stands is that it tries to use Nokogiri 1.16.0, which has dropped both Ruby 2.6 support (in 1.14.0) and Ruby 2.7 (in 1.16.0). Both of these Ruby versions have reached EOL, so we should certainly upgrade our Ruby version as well but let's begin with addressing these security-related PRs first.
This paves the way for #40. We could outright upgrade Nokogiri in this PR, but I'll let Dependabot take the credit for that since it was the one who prompted the upgrade in the first place. :) The problem with #40 as it currently stands is that it tries to use Nokogiri 1.16.0, which has dropped both Ruby 2.6 support (in 1.14.0) and Ruby 2.7 (in 1.16.0). Both of these Ruby versions have reached EOL, so we should certainly upgrade our Ruby version as well but let's begin with addressing these security-related PRs first.
This paves the way for #40. We could outright upgrade Nokogiri in this PR, but I'll let Dependabot take the credit for that since it was the one who prompted the upgrade in the first place. :) The problem with #40 as it currently stands is that it tries to use Nokogiri 1.16.0, which has dropped both Ruby 2.6 support (in 1.14.0) and Ruby 2.7 (in 1.16.0). Both of these Ruby versions have reached EOL, so we should certainly upgrade our Ruby version as well but let's begin with addressing these security-related PRs first.
|
@dependabot rebase |
|
@dependabot recreate |
|
Btw, regarding this comment:
I am not fully convinced about this part. Sitegen can perhaps be useful for some cases, but... isn't it easier to just use something more "mainstream" when we can? Also, I'm using some fairly advanced features in Jekyll here: perlun.eu.org/_includes/category/programming.md Lines 138 to 145 in f9db825 Maybe it's just easiest to stick with Jekyll for this web site for the time being. 🤔 I should perhaps aggregate this comment + some of these other comments + the details from 81254d8 into a proper issue, to improve discoverability. |
|
Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
Bumps nokogiri from 1.13.9 to 1.13.10.
Release notes
Sourced from nokogiri's releases.
Changelog
Sourced from nokogiri's changelog.
Commits
4c80121version bump to v1.13.1085410e3Merge pull request #2715 from sparklemotion/flavorjones-fix-reader-error-hand...9fe0761fix(cruby): XML::Reader#attribute_hash returns nil on error3b9c736Merge pull request #2717 from sparklemotion/flavorjones-lock-psych-to-fix-bui...2efa87btest: skip large cdata test on system libxml23187d67dep(dev): pin psych to v4 until v5 builds in CIa16b4bfstyle(rubocop): disable Minitest/EmptyLineBeforeAssertionMethodsYou can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.