Skip to content

chore(deps): bump the dependencies group across 1 directory with 2 updates#3623

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/bundler/dependencies-731b4efbe0
Open

chore(deps): bump the dependencies group across 1 directory with 2 updates#3623
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/bundler/dependencies-731b4efbe0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 30, 2026

Bumps the dependencies group with 2 updates in the / directory: nokogiri and html-proofer.

Updates nokogiri from 1.19.0 to 1.19.2

Release notes

Sourced from nokogiri's releases.

v1.19.2 / 2026-03-19

Dependencies

  • [JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. #3611 @​flavorjones

SHA256 Checksums

c34d5c8208025587554608e98fd88ab125b29c80f9352b821964e9a5d5cfbd19  nokogiri-1.19.2-aarch64-linux-gnu.gem
7f6b4b0202d507326841a4f790294bf75098aef50c7173443812e3ac5cb06515  nokogiri-1.19.2-aarch64-linux-musl.gem
b7fa1139016f3dc850bda1260988f0d749934a939d04ef2da13bec060d7d5081  nokogiri-1.19.2-arm-linux-gnu.gem
61114d44f6742ff72194a1b3020967201e2eb982814778d130f6471c11f9828c  nokogiri-1.19.2-arm-linux-musl.gem
58d8ea2e31a967b843b70487a44c14c8ba1866daa1b9da9be9dbdf1b43dee205  nokogiri-1.19.2-arm64-darwin.gem
e9d67034bc80ca71043040beea8a91be5dc99b662daa38a2bfb361b7a2cc8717  nokogiri-1.19.2-java.gem
8ccf25eea3363a2c7b3f2e173a3400582c633cfead27f805df9a9c56d4852d1a  nokogiri-1.19.2-x64-mingw-ucrt.gem
7d9af11fda72dfaa2961d8c4d5380ca0b51bc389dc5f8d4b859b9644f195e7a4  nokogiri-1.19.2-x86_64-darwin.gem
fa8feca882b73e871a9845f3817a72e9734c8e974bdc4fbad6e4bc6e8076b94f  nokogiri-1.19.2-x86_64-linux-gnu.gem
93128448e61a9383a30baef041bf1f5817e22f297a1d400521e90294445069a8  nokogiri-1.19.2-x86_64-linux-musl.gem
38fdd8b59db3d5ea9e7dfb14702e882b9bf819198d5bf976f17ebce12c481756  nokogiri-1.19.2.gem

Full Changelog: sparklemotion/nokogiri@v1.19.1...v1.19.2

v1.19.1 / 2026-02-16

Security

cfdb0eafd9a554a88f12ebcc688d2b9005f9fce42b00b970e3dc199587b27f32  nokogiri-1.19.1-aarch64-linux-gnu.gem
1e2150ab43c3b373aba76cd1190af7b9e92103564063e48c474f7600923620b5  nokogiri-1.19.1-aarch64-linux-musl.gem
0a39ed59abe3bf279fab9dd4c6db6fe8af01af0608f6e1f08b8ffa4e5d407fa3  nokogiri-1.19.1-arm-linux-gnu.gem
3a18e559ee499b064aac6562d98daab3d39ba6cbb4074a1542781b2f556db47d  nokogiri-1.19.1-arm-linux-musl.gem
dfe2d337e6700eac47290407c289d56bcf85805d128c1b5a6434ddb79731cb9e  nokogiri-1.19.1-arm64-darwin.gem
1e0bda88b1c6409f0edb9e0c25f1bf9ff4fa94c3958f492a10fcf50dda594365  nokogiri-1.19.1-java.gem
110d92ae57694ae7866670d298a5d04cd150fae5a6a7849957d66f171e6aec9b  nokogiri-1.19.1-x64-mingw-ucrt.gem
7093896778cc03efb74b85f915a775862730e887f2e58d6921e3fa3d981e68bf  nokogiri-1.19.1-x86_64-darwin.gem
1a4902842a186b4f901078e692d12257678e6133858d0566152fe29cdb98456a  nokogiri-1.19.1-x86_64-linux-gnu.gem
4267f38ad4fc7e52a2e7ee28ed494e8f9d8eb4f4b3320901d55981c7b995fc23  nokogiri-1.19.1-x86_64-linux-musl.gem
598b327f36df0b172abd57b68b18979a6e14219353bca87180c31a51a00d5ad3  nokogiri-1.19.1.gem
Changelog

Sourced from nokogiri's changelog.

v1.19.2 / 2026-03-19

Dependencies

  • [JRuby] Saxon-HE is updated to 12.7, from 9.6.0-4. Saxon-HE is a transitive dependency of nu.validator:jing, and this update addresses CVEs in Saxon-HE's own transitive dependencies JDOM and dom4j. We don't think this warrants a security release, however we're cutting a patch release to help users whose security scanners are flagging this. #3611 @​flavorjones

v1.19.1 / 2026-02-16

Security

Commits
  • 6f5d025 version bump to v1.19.2
  • 6d4677f dep: upgrade Saxon-HE from 9.6.0-4 to 12.7 [v1.19.x backport] (#3614)
  • acf9527 dep: upgrade Saxon-HE from 9.6.0-4 to 12.7
  • b42e620 Skip compressed file SAX test on libxml2 >= 2.15
  • d913045 version bump to v1.19.1
  • b81cb98 doc: update CHANGELOG for upcoming v1.19.1
  • 8e66809 C14n raise on failure (#3600)
  • 5b77f3d Raise RuntimeError when canonicalization fails
  • edc5595 Thank sponsors in the README
  • d4dc245 dep: update rdoc to v7
  • See full diff in compare view

Updates html-proofer from 5.2.0 to 5.2.1

Release notes

Sourced from html-proofer's releases.

v5.2.1

What's Changed

New Contributors

Full Changelog: gjtorikian/html-proofer@v5.2.0...v5.2.1

Changelog

Sourced from html-proofer's changelog.

[v5.2.1] - 29-03-2026

What's Changed

New Contributors

Full Changelog: gjtorikian/html-proofer@v5.2.0...v5.2.1

Commits
  • 68a8936 Merge pull request #874 from gjtorikian/release/v5.2.1
  • e78eb51 [skip test] update changelog
  • 53a456f Merge pull request #873 from ZoeLeBlanc/fix-internal-hash-validation
  • 3bb7947 bump to 5.2.1
  • dc3907c correct rubocop again
  • f0e8f8c correct Rubocop issues
  • 06d6fe4 Revert "Fix Rubocop offenses"
  • 07495d8 Fix Rubocop offenses
  • 68b1812 Add test for hash validation on index URLs
  • 1e53fb0 Fix XPath syntax errors and hash validation false positives
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the dependencies group across 1 directory with 2 up…
e522d23 
…dates

Bumps the dependencies group with 2 updates in the / directory: [nokogiri](https://github.com/sparklemotion/nokogiri) and [html-proofer](https://github.com/gjtorikian/html-proofer).


Updates `nokogiri` from 1.19.0 to 1.19.2
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/nokogiri@v1.19.0...v1.19.2)

Updates `html-proofer` from 5.2.0 to 5.2.1
- [Release notes](https://github.com/gjtorikian/html-proofer/releases)
- [Changelog](https://github.com/gjtorikian/html-proofer/blob/main/CHANGELOG.md)
- [Commits](gjtorikian/html-proofer@v5.2.0...v5.2.1)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-version: 1.19.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: html-proofer
  dependency-version: 5.2.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies ruby Pull requests that update Ruby code labels Mar 30, 2026
@dependabot dependabot bot requested a review from a team as a code owner March 30, 2026 04:37
@dependabot dependabot bot added dependencies ruby Pull requests that update Ruby code labels Mar 30, 2026
@dependabot dependabot bot temporarily deployed to Pages Preview March 30, 2026 04:37 Inactive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies ruby Pull requests that update Ruby code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants