nokogiri 1.16.0.rc1 → 1.16.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: edb35060c35ecf55ba01f20e731bb2a7866377ee2e06ef97ea6f3a7e5a1ef450
-  data.tar.gz: c698841274ac4d10a894ac456bba6535a7825ed7a836bfbd27fe91b1734c7438
+  metadata.gz: da609d95e9ec1de75acd8ff2b8ef217b23df9431a17c5d37d8968f90bcbd6f5b
+  data.tar.gz: a9573dc8e6cbd63f97104651f38c9bfa06549eab4d77c602dedba2094adc320f
 SHA512:
-  metadata.gz: 2e6907cf3ffe729da72be3ba21cf8af21e2fd448631572713fec65bd37ab2cfec290067f1c8ea3e00564d5b6b4eb1b7c63beb9b8bbeba3a1518599d11023cd84
-  data.tar.gz: 7cdcc4e33d7ee32de3074ed49a55c97f55763ec6f2ab01076cd2712bd07d7df19cb292981435248b6d3fb85741ed78fd4ddcc913b9b565e5e963c38ff3091968
+  metadata.gz: ceb8cb32c790d4f3b9162bc86169373c8b7084e15e7ca9991712aed69f495e8a9e58480e94536fae3072d4b0bb9ee5e553367bb41e896087e24073e667650969
+  data.tar.gz: '094a214ed1c7a5462a6ae2fbc73b0247496e1dd0dcc9542fd5db5cee87a5916776f1f1adb3c04af858fd8d7722cc19473dbde560f483ab3a0efcd9c881fe96ff'

data/Gemfile

@@ -5,30 +5,36 @@ source "https://rubygems.org"
 gemspec
 
 group :development do
+  # ruby 3.4.0-dev removed some gems from the default set
+  #
+  # TODO: we should be able to remove these as our gem dependencies sort it out and we pull them in
+  # transitively.
+  gem "mutex_m"
+
   # bootstrapping
   gem "bundler", "~> 2.3"
   gem "rake", "13.1.0"
 
   # building extensions
-  gem "rake-compiler", "1.2.5"
-  gem "rake-compiler-dock", "1.4.0.rc2"
+  gem "rake-compiler", "1.2.6"
+  gem "rake-compiler-dock", "1.4.0"
 
   # parser generator
   gem "rexical", "= 1.0.7"
 
   # tests
-  gem "minitest", "5.20.0"
+  gem "minitest", "5.21.2"
   gem "minitest-parallel_fork", "2.0.0"
-  gem "ruby_memcheck", "2.2.1"
+  gem "ruby_memcheck", "2.3.0"
   gem "rubyzip", "~> 2.3.2"
   gem "simplecov", "= 0.21.2"
 
   # rubocop
   if Gem::Requirement.new("~> 3.0").satisfied_by?(Gem::Version.new(RUBY_VERSION))
-    gem "rubocop", "1.58.0"
-    gem "rubocop-minitest", "0.33.0"
+    gem "rubocop", "1.60.2"
+    gem "rubocop-minitest", "0.34.5"
     gem "rubocop-packaging", "0.5.2"
-    gem "rubocop-performance", "1.19.1"
+    gem "rubocop-performance", "1.20.2"
     gem "rubocop-rake", "= 0.6.0"
     gem "rubocop-shopify", "2.14.0"
   end
@@ -38,5 +44,5 @@ end
 # `bundle config set --local without rdoc`
 # Then re-run `bundle install`.
 group :rdoc do
-  gem "rdoc", "6.6.1"
+  gem "rdoc", "6.6.2"
 end

data/README.md

@@ -55,6 +55,7 @@ There are a few ways to ask exploratory questions:
 
 - The Nokogiri mailing list is active at https://groups.google.com/group/nokogiri-talk
 - Open an issue using the "Help Request" template at https://github.com/sparklemotion/nokogiri/issues
+- Open a discussion at https://github.com/sparklemotion/nokogiri/discussions
 
 Please do not mail the maintainers at their personal addresses.
 
@@ -90,6 +91,8 @@ We bump `Major.Minor.Patch` versions following this guidance:
 - Updating packaged libraries for non-security-related reasons.
 - Dropping support for EOLed Ruby versions. [Some folks find this objectionable](https://github.com/sparklemotion/nokogiri/issues/1568), but [SemVer says this is OK if the public API hasn't changed](https://semver.org/#what-should-i-do-if-i-update-my-own-dependencies-without-changing-the-public-api).
 - Backwards-incompatible changes to internal or private methods and constants. These are detailed in the "Changes" section of each changelog entry.
+- Removal of deprecated methods or parameters, after a generous transition period; usually when those methods or parameters are rarely-used or dangerous to the user. Essentially, removals that do not justify a major version bump.
+
 
 `Patch`:
 

data/dependencies.yml

@@ -1,8 +1,8 @@
 
 libxml2:
-  version: "2.12.3"
-  sha256: "8c8f1092340a89ff32bc44ad5c9693aff9bc8a7a3e161bb239666e5d15ac9aaa"
-  # sha-256 hash provided in https://download.gnome.org/sources/libxml2/2.12/libxml2-2.12.3.sha256sum
+  version: "2.12.4"
+  sha256: "497360e423cf0bd99eacdb7c6215dea92e6d6e89ee940393c2bae0e77cb9b7d0"
+  # sha-256 hash provided in https://download.gnome.org/sources/libxml2/2.12/libxml2-2.12.4.sha256sum
 
 libxslt:
   version: "1.1.39"

data/ext/nokogiri/xml_document.c

@@ -74,8 +74,10 @@ dealloc(void *data)
 
   ruby_xfree(doc->_private);
 
+#if defined(__GNUC__) && __GNUC__ >= 5
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wdeprecated-declarations" // xmlDeregisterNodeDefault is deprecated as of libxml2 2.11.0
+#endif
   /*
    * libxml-ruby < 3.0.0 uses xmlDeregisterNodeDefault. If the user is using one of those older
    * versions, the registered callback from libxml-ruby will access the _private pointers set by
@@ -90,7 +92,9 @@ dealloc(void *data)
   if (xmlDeregisterNodeDefaultValue) {
     remove_private((xmlNodePtr)doc);
   }
+#if defined(__GNUC__) && __GNUC__ >= 5
 #pragma GCC diagnostic pop
+#endif
 
   xmlFreeDoc(doc);
 }

data/ext/nokogiri/xml_reader.c

@@ -5,8 +5,14 @@ VALUE cNokogiriXmlReader;
 static void
 xml_reader_deallocate(void *data)
 {
+  // free the document separately because we _may_ have triggered preservation by calling
+  // xmlTextReaderCurrentDoc during a read_more.
   xmlTextReaderPtr reader = data;
+  xmlDocPtr doc = xmlTextReaderCurrentDoc(reader);
   xmlFreeTextReader(reader);
+  if (doc) {
+    xmlFreeDoc(doc);
+  }
 }
 
 static const rb_data_type_t xml_reader_type = {
@@ -515,6 +521,7 @@ read_more(VALUE self)
   xmlErrorConstPtr error;
   VALUE error_list;
   int ret;
+  xmlDocPtr c_document;
 
   TypedData_Get_Struct(self, xmlTextReader, &xml_reader_type, reader);
 
@@ -524,6 +531,16 @@ read_more(VALUE self)
   ret = xmlTextReaderRead(reader);
   xmlSetStructuredErrorFunc(NULL, NULL);
 
+  c_document = xmlTextReaderCurrentDoc(reader);
+  if (c_document && c_document->encoding == NULL) {
+    VALUE constructor_encoding = rb_iv_get(self, "@encoding");
+    if (RTEST(constructor_encoding)) {
+      c_document->encoding = xmlStrdup(BAD_CAST StringValueCStr(constructor_encoding));
+    } else {
+      c_document->encoding = xmlStrdup(BAD_CAST "UTF-8");
+    }
+  }
+
   if (ret == 1) { return self; }
   if (ret == 0) { return Qnil; }
 
@@ -707,15 +724,18 @@ rb_xml_reader_encoding(VALUE rb_reader)
   const char *parser_encoding;
   VALUE constructor_encoding;
 
+  TypedData_Get_Struct(rb_reader, xmlTextReader, &xml_reader_type, c_reader);
+  parser_encoding = (const char *)xmlTextReaderConstEncoding(c_reader);
+  if (parser_encoding) {
+    return NOKOGIRI_STR_NEW2(parser_encoding);
+  }
+
   constructor_encoding = rb_iv_get(rb_reader, "@encoding");
   if (RTEST(constructor_encoding)) {
     return constructor_encoding;
   }
 
-  TypedData_Get_Struct(rb_reader, xmlTextReader, &xml_reader_type, c_reader);
-  parser_encoding = (const char *)xmlTextReaderConstEncoding(c_reader);
-  if (parser_encoding == NULL) { return Qnil; }
-  return NOKOGIRI_STR_NEW2(parser_encoding);
+  return Qnil;
 }
 
 void

data/ext/nokogiri/xml_sax_parser_context.c

@@ -59,6 +59,10 @@ parse_io(VALUE klass, VALUE io, VALUE encoding)
                                (xmlInputReadCallback)noko_io_read,
                                (xmlInputCloseCallback)noko_io_close,
                                (void *)io, enc);
+  if (!ctxt) {
+    rb_raise(rb_eRuntimeError, "failed to create xml sax parser context");
+  }
+
   if (ctxt->sax) {
     xmlFree(ctxt->sax);
     ctxt->sax = NULL;

data/ext/nokogiri/xslt_stylesheet.c

@@ -71,7 +71,12 @@ Nokogiri_wrap_xslt_stylesheet(xsltStylesheetPtr ss)
  * call-seq:
  *   parse_stylesheet_doc(document)
  *
- * Parse a stylesheet from +document+.
+ * Parse an XSLT::Stylesheet from +document+.
+ *
+ * [Parameters]
+ * - +document+ (Nokogiri::XML::Document) the document to be parsed.
+ *
+ * [Returns] Nokogiri::XSLT::Stylesheet
  */
 static VALUE
 parse_stylesheet_doc(VALUE klass, VALUE xmldocobj)
@@ -104,7 +109,7 @@ parse_stylesheet_doc(VALUE klass, VALUE xmldocobj)
  * call-seq:
  *   serialize(document)
  *
- * Serialize +document+ to an xml string.
+ * Serialize +document+ to an xml string, as specified by the +method+ parameter in the Stylesheet.
  */
 static VALUE
 rb_xslt_stylesheet_serialize(VALUE self, VALUE xmlobj)
@@ -133,7 +138,7 @@ rb_xslt_stylesheet_serialize(VALUE self, VALUE xmlobj)
  *   transform(document)
  *   transform(document, params = {})
  *
- * Apply an XSLT stylesheet to an XML::Document.
+ * Transform an XML::Document as defined by an XSLT::Stylesheet.
  *
  * [Parameters]
  * - +document+ (Nokogiri::XML::Document) the document to be transformed.

data/gumbo-parser/Makefile

@@ -13,6 +13,9 @@ LDFLAGS := -pthread
 
 all: check
 
+oss-fuzz:
+	./fuzzer/build-ossfuzz.sh
+
 fuzzers: fuzzer-normal fuzzer-asan fuzzer-ubsan fuzzer-msan
 
 fuzzer-normal:

data/gumbo-parser/src/parser.c

@@ -4826,14 +4826,17 @@ GumboOutput* gumbo_parse_with_options (
       // to a token.
       if (token.type == GUMBO_TOKEN_END_TAG &&
           token.v.end_tag.tag == GUMBO_TAG_UNKNOWN)
+      {
         gumbo_free(token.v.end_tag.name);
+        token.v.end_tag.name = NULL;
+      }
+      if (unlikely(state->_open_elements.length > max_tree_depth)) {
+        parser._output->status = GUMBO_STATUS_TREE_TOO_DEEP;
+        gumbo_debug("Tree depth limit exceeded.\n");
+        break;
+      }
     }
 
-    if (unlikely(state->_open_elements.length > max_tree_depth)) {
-      parser._output->status = GUMBO_STATUS_TREE_TOO_DEEP;
-      gumbo_debug("Tree depth limit exceeded.\n");
-      break;
-    }
 
     ++loop_count;
     assert(loop_count < 1000000000UL);

data/lib/nokogiri/version/constant.rb

@@ -2,5 +2,5 @@
 
 module Nokogiri
   # The version of Nokogiri you are using
-  VERSION = "1.16.0.rc1"
+  VERSION = "1.16.1"
 end

data/lib/nokogiri/xml/node.rb

@@ -1049,29 +1049,35 @@ module Nokogiri
 
         return Nokogiri::XML::NodeSet.new(document) if contents.empty?
 
-        # libxml2 does not obey the +recover+ option after encountering errors during +in_context+
-        # parsing, and so this horrible hack is here to try to emulate recovery behavior.
-        #
-        # Unfortunately, this means we're no longer parsing "in context" and so namespaces that
-        # would have been inherited from the context node won't be handled correctly. This hack was
-        # written in 2010, and I regret it, because it's silently degrading functionality in a way
-        # that's not easily prevented (or even detected).
-        #
-        # I think preferable behavior would be to either:
-        #
-        # a. add an error noting that we "fell back" and pointing the user to turning off the +recover+ option
-        # b. don't recover, but raise a sensible exception
-        #
-        # For context and background: https://github.com/sparklemotion/nokogiri/issues/313
-        # FIXME bug report: https://github.com/sparklemotion/nokogiri/issues/2092
         error_count = document.errors.length
         node_set = in_context(contents, options.to_i)
-        if node_set.empty? && (document.errors.length > error_count)
-          if options.recover?
+        if document.errors.length > error_count
+          raise document.errors[error_count] unless options.recover?
+
+          if node_set.empty?
+            # libxml2 < 2.13 does not obey the +recover+ option after encountering errors during
+            # +in_context+ parsing, and so this horrible hack is here to try to emulate recovery
+            # behavior.
+            #
+            # (Note that HTML4 fragment parsing seems to have been fixed in abd74186, and XML
+            # fragment parsing is fixed in 1c106edf. Both are in 2.13.)
+            #
+            # Unfortunately, this means we're no longer parsing "in context" and so namespaces that
+            # would have been inherited from the context node won't be handled correctly. This hack
+            # was written in 2010, and I regret it, because it's silently degrading functionality in
+            # a way that's not easily prevented (or even detected).
+            #
+            # I think preferable behavior would be to either:
+            #
+            # a. add an error noting that we "fell back" and pointing the user to turning off the
+            #    +recover+ option
+            # b. don't recover, but raise a sensible exception
+            #
+            # For context and background:
+            # - https://github.com/sparklemotion/nokogiri/issues/313
+            # - https://github.com/sparklemotion/nokogiri/issues/2092
             fragment = document.related_class("DocumentFragment").parse(contents)
             node_set = fragment.children
-          else
-            raise document.errors[error_count]
           end
         end
         node_set

data/lib/nokogiri/xml/reader.rb

@@ -3,9 +3,11 @@
 module Nokogiri
   module XML
     ###
-    # Nokogiri::XML::Reader parses an XML document similar to the way a cursor
-    # would move.  The Reader is given an XML document, and yields nodes
-    # to an each block.
+    # Nokogiri::XML::Reader parses an XML document similar to the way a cursor would move. The
+    # Reader is given an XML document, and yields nodes to an each block.
+    #
+    # The Reader parser might be good for when you need the speed and low memory usage of the SAX
+    # parser, but do not want to write a Document handler.
     #
     # Here is an example of usage:
     #
@@ -22,13 +24,12 @@ module Nokogiri
     #
     #     end
     #
-    # Note that Nokogiri::XML::Reader#each can only be called once!!  Once
-    # the cursor moves through the entire document, you must parse the
-    # document again.  So make sure that you capture any information you
-    # need during the first iteration.
+    # ⚠ Nokogiri::XML::Reader#each can only be called once! Once the cursor moves through the entire
+    # document, you must parse the document again. It may be better to capture all information you
+    # need during a single iteration.
     #
-    # The Reader parser is good for when you need the speed of a SAX parser,
-    # but do not want to write a Document handler.
+    # ⚠ libxml2 does not support error recovery in the Reader parser. The `RECOVER` ParseOption is
+    # ignored. If a syntax error is encountered during parsing, an exception will be raised.
     class Reader
       include Enumerable
 

data/lib/nokogiri/xslt/stylesheet.rb

@@ -10,15 +10,37 @@ module Nokogiri
     #   doc   = Nokogiri::XML(File.read('some_file.xml'))
     #   xslt  = Nokogiri::XSLT(File.read('some_transformer.xslt'))
     #
-    #   puts xslt.transform(doc)
+    #   xslt.transform(doc) # => Nokogiri::XML::Document
     #
-    # See Nokogiri::XSLT::Stylesheet#transform for more transformation
-    # information.
+    # Many XSLT transformations include serialization behavior to emit a non-XML document. For these
+    # cases, please take care to invoke the #serialize method on the result of the transformation:
+    #
+    #   doc   = Nokogiri::XML(File.read('some_file.xml'))
+    #   xslt  = Nokogiri::XSLT(File.read('some_transformer.xslt'))
+    #   xslt.serialize(xslt.transform(doc)) # => String
+    #
+    # or use the #apply_to method, which is a shortcut for `serialize(transform(document))`:
+    #
+    #   doc   = Nokogiri::XML(File.read('some_file.xml'))
+    #   xslt  = Nokogiri::XSLT(File.read('some_transformer.xslt'))
+    #   xslt.apply_to(doc) # => String
+    #
+    # See Nokogiri::XSLT::Stylesheet#transform for more information and examples.
     class Stylesheet
-      ###
-      # Apply an XSLT stylesheet to an XML::Document.
-      # +params+ is an array of strings used as XSLT parameters.
-      # returns serialized document
+      # :call-seq:
+      #   apply_to(document, params = []) -> String
+      #
+      # Apply an XSLT stylesheet to an XML::Document and serialize it properly. This method is
+      # equivalent to calling #serialize on the result of #transform.
+      #
+      # [Parameters]
+      # - +document+ is an instance of XML::Document to transform
+      # - +params+ is an array of strings used as XSLT parameters, passed into #transform
+      #
+      # [Returns]
+      #   A string containing the serialized result of the transformation.
+      #
+      # See Nokogiri::XSLT::Stylesheet#transform for more information and examples.
       def apply_to(document, params = [])
         serialize(transform(document, params))
       end

data/patches/libxml2/0012-parser-Fix-crash-in-xmlParseInNodeContext-with-HTML.patch

@@ -0,0 +1,33 @@
+From 95f2a17440568694a6df6a326c5b411e77597be2 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 30 Jan 2024 13:25:17 +0100
+Subject: [PATCH] parser: Fix crash in xmlParseInNodeContext with HTML
+ documents
+
+Ignore namespaces if we have an HTML document with namespaces added
+manually.
+
+Fixes #672.
+---
+ parser.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/parser.c b/parser.c
+index 1038d71b..f7842ed1 100644
+--- a/parser.c
++++ b/parser.c
+@@ -12415,8 +12415,10 @@ xmlParseInNodeContext(xmlNodePtr node, const char *data, int datalen,
+     }
+     xmlAddChild(node, fake);
+ 
+-    if (node->type == XML_ELEMENT_NODE) {
++    if (node->type == XML_ELEMENT_NODE)
+ 	nodePush(ctxt, node);
++
++    if ((ctxt->html == 0) && (node->type == XML_ELEMENT_NODE)) {
+ 	/*
+ 	 * initialize the SAX2 namespaces stack
+ 	 */
+-- 
+2.42.0
+

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nokogiri
 version: !ruby/object:Gem::Version
-  version: 1.16.0.rc1
+  version: 1.16.1
 platform: ruby
 authors:
 - Mike Dalessio
@@ -20,7 +20,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-12-13 00:00:00.000000000 Z
+date: 2024-02-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mini_portile2
@@ -271,8 +271,9 @@ files:
 - patches/libxml2/0009-allow-wildcard-namespaces.patch
 - patches/libxml2/0010-update-config.guess-and-config.sub-for-libxml2.patch
 - patches/libxml2/0011-rip-out-libxml2-s-libc_single_threaded-support.patch
+- patches/libxml2/0012-parser-Fix-crash-in-xmlParseInNodeContext-with-HTML.patch
 - patches/libxslt/0001-update-config.guess-and-config.sub-for-libxslt.patch
-- ports/archives/libxml2-2.12.3.tar.xz
+- ports/archives/libxml2-2.12.4.tar.xz
 - ports/archives/libxslt-1.1.39.tar.xz
 homepage: https://nokogiri.org
 licenses:
@@ -297,9 +298,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 3.0.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubygems_version: 3.4.19
 signing_key: