Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump loofah from 2.20.0 to 2.21.2 #3340

Merged
merged 1 commit into from
May 13, 2023
Merged

Bump loofah from 2.20.0 to 2.21.2 #3340

merged 1 commit into from
May 13, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 12, 2023

Bumps loofah from 2.20.0 to 2.21.2.

Release notes

Sourced from loofah's releases.

2.21.2 / 2023-05-11

Dependencies

  • Update the dependency on Nokogiri to be >= 1.12.0. The dependency in 2.21.0 and 2.21.1 was left at >= 1.5.9 but versions before 1.12 would result in a NameError exception. [#266]

2.21.1 / 2023-05-10

Fixed

  • Don't define HTML5::Document and HTML5::DocumentFragment when Nokogiri is < 1.14. In 2.21.0 these classes were defined whenever Nokogiri::HTML5 was defined, but Nokogiri v1.12 and v1.13 do not support Loofah subclassing properly.

2.21.0 / 2023-05-10

HTML5 Support

Classes Loofah::HTML5::Document and Loofah::HTML5::DocumentFragment are introduced, along with helper methods:

  • Loofah.html5_document
  • Loofah.html5_fragment
  • Loofah.scrub_html5_document
  • Loofah.scrub_html5_fragment

These classes and methods use Nokogiri's HTML5 parser to ensure modern web standards are used.

⚠ HTML5 functionality is only available with Nokogiri v1.14.0 and higher.

⚠ HTML5 functionality is not available for JRuby. Please see this upstream Nokogiri issue if you're interested in helping implement and support HTML5 support.

Loofah::HTML4 module and namespace

Loofah::HTML has been renamed to Loofah::HTML4, and Loofah::HTML is aliased to preserve backwards-compatibility. Nokogiri::HTML and Nokogiri::HTML4 parse methods still use libxml2's (or NekoHTML's) HTML4 parser.

Take special note that if you rely on the class name of an object in your code, objects will now report a class of Loofah::HTML4::Foo where they previously reported Loofah::HTML::Foo. Instead of relying on the string returned by Object#class, prefer Class#=== or Object#is_a? or Object#instance_of?.

Future releases of Nokogiri may deprecate HTML classes and methods or otherwise change this behavior, so please start using HTML4 in place of HTML.

Official support for JRuby

This version introduces official support for JRuby. Previously, the test suite had never been green due to differences in behavior in the underlying HTML parser used by Nokogiri. We've updated the test suite to accommodate those differences, and have added JRuby to the CI suite.

2.21.0.rc1 / 2023-04-02

HTML5 Support

Classes Loofah::HTML5::Document and Loofah::HTML5::DocumentFragment are introduced, along with helper methods:

... (truncated)

Changelog

Sourced from loofah's changelog.

2.21.2 / 2023-05-11

Dependencies

  • Update the dependency on Nokogiri to be >= 1.12.0. The dependency in 2.21.0 and 2.21.1 was left at >= 1.5.9 but versions before 1.12 would result in a NameError exception. [#266]

2.21.1 / 2023-05-10

Fixed

  • Don't define HTML5::Document and HTML5::DocumentFragment when Nokogiri is < 1.14. In 2.21.0 these classes were defined whenever Nokogiri::HTML5 was defined, but Nokogiri v1.12 and v1.13 do not support Loofah subclassing properly.

2.21.0 / 2023-05-10

HTML5 Support

Classes Loofah::HTML5::Document and Loofah::HTML5::DocumentFragment are introduced, along with helper methods:

  • Loofah.html5_document
  • Loofah.html5_fragment
  • Loofah.scrub_html5_document
  • Loofah.scrub_html5_fragment

These classes and methods use Nokogiri's HTML5 parser to ensure modern web standards are used.

⚠ HTML5 functionality is only available with Nokogiri v1.14.0 and higher.

⚠ HTML5 functionality is not available for JRuby. Please see this upstream Nokogiri issue if you're interested in helping implement and support HTML5 support.

Loofah::HTML4 module and namespace

Loofah::HTML has been renamed to Loofah::HTML4, and Loofah::HTML is aliased to preserve backwards-compatibility. Nokogiri::HTML and Nokogiri::HTML4 parse methods still use libxml2's (or NekoHTML's) HTML4 parser.

Take special note that if you rely on the class name of an object in your code, objects will now report a class of Loofah::HTML4::Foo where they previously reported Loofah::HTML::Foo. Instead of relying on the string returned by Object#class, prefer Class#=== or Object#is_a? or Object#instance_of?.

Future releases of Nokogiri may deprecate HTML classes and methods or otherwise change this behavior, so please start using HTML4 in place of HTML.

Official support for JRuby

This version introduces official support for JRuby. Previously, the test suite had never been green due to differences in behavior in the underlying HTML parser used by Nokogiri. We've updated the test suite to accommodate those differences, and have added JRuby to the CI suite.

Commits
  • 712067b version bump to v2.21.2
  • 95fcecb Merge pull request #267 from flavorjones/flavorjones-fix-nokogiri-dep
  • 0fc8515 dep: require nokogiri >= 1.12.0
  • bb6653d version bump to v2.21.1
  • f874431 Merge pull request #265 from flavorjones/flavorjones-test-with-old-nokogiri
  • d2744d4 doc: better exception when HTML5 functionality isn't supported
  • 730c135 fix: don't define HTML5 doc and frag classes when not supported
  • a9b51f4 version bump to v2.21.0
  • 5f7efdb Merge pull request #264 from flavorjones/flavorjones-support-libxml-2.10.4
  • d7efe5e test: support libxml 2.10.4 behavior around namespaces
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump loofah from 2.20.0 to 2.21.2
621c43e 
Bumps [loofah](https://github.com/flavorjones/loofah) from 2.20.0 to 2.21.2.
- [Release notes](https://github.com/flavorjones/loofah/releases)
- [Changelog](https://github.com/flavorjones/loofah/blob/main/CHANGELOG.md)
- [Commits](flavorjones/loofah@v2.20.0...v2.21.2)

---
updated-dependencies:
- dependency-name: loofah
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies ruby Pull requests that update Ruby code labels May 12, 2023
@dependabot dependabot bot mentioned this pull request May 12, 2023
Closed
CloCkWeRX
CloCkWeRX approved these changes May 13, 2023
View reviewed changes
Copy link
Collaborator

@CloCkWeRX CloCkWeRX left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dependabot merge

@dependabot dependabot bot merged commit d9e2a24 into dev May 13, 2023
5 checks passed
@dependabot dependabot bot deleted the dependabot/bundler/loofah-2.21.2 branch May 13, 2023 05:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@CloCkWeRX CloCkWeRX CloCkWeRX approved these changes

Assignees
No one assigned
Labels
dependencies ruby Pull requests that update Ruby code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@CloCkWeRX