nokogiri 1.16.0 → 1.16.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 32e35ebb760d0c42b28ca4c33b0e2a5ce31f2ddc958e99e2d4b0db36d0ef0447
-  data.tar.gz: 89af37b43be9f5e371ee29e1ed632ddda89a540e101da0d8b2e5f718c3cab522
+  metadata.gz: da609d95e9ec1de75acd8ff2b8ef217b23df9431a17c5d37d8968f90bcbd6f5b
+  data.tar.gz: a9573dc8e6cbd63f97104651f38c9bfa06549eab4d77c602dedba2094adc320f
 SHA512:
-  metadata.gz: f09c5b0b8567122114285a73abcf69cea3763381c56b4d5296f238b241caa8a41ffe8bf75aaecd0545582eb4c0c8526b6df44291a40db184ed0669edaae890a0
-  data.tar.gz: 37cd5f0c2f1473a075f2de4a6e0f1823ba91b747b3c6afec48086d23e1630134e4f28882b94ab5c0476c6406c42f462ff5fc93427c68afc3b53a398b6048fe74
+  metadata.gz: ceb8cb32c790d4f3b9162bc86169373c8b7084e15e7ca9991712aed69f495e8a9e58480e94536fae3072d4b0bb9ee5e553367bb41e896087e24073e667650969
+  data.tar.gz: '094a214ed1c7a5462a6ae2fbc73b0247496e1dd0dcc9542fd5db5cee87a5916776f1f1adb3c04af858fd8d7722cc19473dbde560f483ab3a0efcd9c881fe96ff'

data/Gemfile

@@ -5,19 +5,25 @@ source "https://rubygems.org"
 gemspec
 
 group :development do
+  # ruby 3.4.0-dev removed some gems from the default set
+  #
+  # TODO: we should be able to remove these as our gem dependencies sort it out and we pull them in
+  # transitively.
+  gem "mutex_m"
+
   # bootstrapping
   gem "bundler", "~> 2.3"
   gem "rake", "13.1.0"
 
   # building extensions
-  gem "rake-compiler", "1.2.5"
+  gem "rake-compiler", "1.2.6"
   gem "rake-compiler-dock", "1.4.0"
 
   # parser generator
   gem "rexical", "= 1.0.7"
 
   # tests
-  gem "minitest", "5.20.0"
+  gem "minitest", "5.21.2"
   gem "minitest-parallel_fork", "2.0.0"
   gem "ruby_memcheck", "2.3.0"
   gem "rubyzip", "~> 2.3.2"
@@ -25,10 +31,10 @@ group :development do
 
   # rubocop
   if Gem::Requirement.new("~> 3.0").satisfied_by?(Gem::Version.new(RUBY_VERSION))
-    gem "rubocop", "1.59.0"
-    gem "rubocop-minitest", "0.34.2"
+    gem "rubocop", "1.60.2"
+    gem "rubocop-minitest", "0.34.5"
     gem "rubocop-packaging", "0.5.2"
-    gem "rubocop-performance", "1.20.1"
+    gem "rubocop-performance", "1.20.2"
     gem "rubocop-rake", "= 0.6.0"
     gem "rubocop-shopify", "2.14.0"
   end

data/dependencies.yml

@@ -1,8 +1,8 @@
 
 libxml2:
-  version: "2.12.3"
-  sha256: "8c8f1092340a89ff32bc44ad5c9693aff9bc8a7a3e161bb239666e5d15ac9aaa"
-  # sha-256 hash provided in https://download.gnome.org/sources/libxml2/2.12/libxml2-2.12.3.sha256sum
+  version: "2.12.4"
+  sha256: "497360e423cf0bd99eacdb7c6215dea92e6d6e89ee940393c2bae0e77cb9b7d0"
+  # sha-256 hash provided in https://download.gnome.org/sources/libxml2/2.12/libxml2-2.12.4.sha256sum
 
 libxslt:
   version: "1.1.39"

data/ext/nokogiri/xml_document.c

@@ -74,8 +74,10 @@ dealloc(void *data)
 
   ruby_xfree(doc->_private);
 
+#if defined(__GNUC__) && __GNUC__ >= 5
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wdeprecated-declarations" // xmlDeregisterNodeDefault is deprecated as of libxml2 2.11.0
+#endif
   /*
    * libxml-ruby < 3.0.0 uses xmlDeregisterNodeDefault. If the user is using one of those older
    * versions, the registered callback from libxml-ruby will access the _private pointers set by
@@ -90,7 +92,9 @@ dealloc(void *data)
   if (xmlDeregisterNodeDefaultValue) {
     remove_private((xmlNodePtr)doc);
   }
+#if defined(__GNUC__) && __GNUC__ >= 5
 #pragma GCC diagnostic pop
+#endif
 
   xmlFreeDoc(doc);
 }

data/ext/nokogiri/xml_reader.c

@@ -5,8 +5,14 @@ VALUE cNokogiriXmlReader;
 static void
 xml_reader_deallocate(void *data)
 {
+  // free the document separately because we _may_ have triggered preservation by calling
+  // xmlTextReaderCurrentDoc during a read_more.
   xmlTextReaderPtr reader = data;
+  xmlDocPtr doc = xmlTextReaderCurrentDoc(reader);
   xmlFreeTextReader(reader);
+  if (doc) {
+    xmlFreeDoc(doc);
+  }
 }
 
 static const rb_data_type_t xml_reader_type = {
@@ -515,6 +521,7 @@ read_more(VALUE self)
   xmlErrorConstPtr error;
   VALUE error_list;
   int ret;
+  xmlDocPtr c_document;
 
   TypedData_Get_Struct(self, xmlTextReader, &xml_reader_type, reader);
 
@@ -524,6 +531,16 @@ read_more(VALUE self)
   ret = xmlTextReaderRead(reader);
   xmlSetStructuredErrorFunc(NULL, NULL);
 
+  c_document = xmlTextReaderCurrentDoc(reader);
+  if (c_document && c_document->encoding == NULL) {
+    VALUE constructor_encoding = rb_iv_get(self, "@encoding");
+    if (RTEST(constructor_encoding)) {
+      c_document->encoding = xmlStrdup(BAD_CAST StringValueCStr(constructor_encoding));
+    } else {
+      c_document->encoding = xmlStrdup(BAD_CAST "UTF-8");
+    }
+  }
+
   if (ret == 1) { return self; }
   if (ret == 0) { return Qnil; }
 
@@ -707,15 +724,18 @@ rb_xml_reader_encoding(VALUE rb_reader)
   const char *parser_encoding;
   VALUE constructor_encoding;
 
+  TypedData_Get_Struct(rb_reader, xmlTextReader, &xml_reader_type, c_reader);
+  parser_encoding = (const char *)xmlTextReaderConstEncoding(c_reader);
+  if (parser_encoding) {
+    return NOKOGIRI_STR_NEW2(parser_encoding);
+  }
+
   constructor_encoding = rb_iv_get(rb_reader, "@encoding");
   if (RTEST(constructor_encoding)) {
     return constructor_encoding;
   }
 
-  TypedData_Get_Struct(rb_reader, xmlTextReader, &xml_reader_type, c_reader);
-  parser_encoding = (const char *)xmlTextReaderConstEncoding(c_reader);
-  if (parser_encoding == NULL) { return Qnil; }
-  return NOKOGIRI_STR_NEW2(parser_encoding);
+  return Qnil;
 }
 
 void

data/ext/nokogiri/xslt_stylesheet.c

@@ -71,7 +71,12 @@ Nokogiri_wrap_xslt_stylesheet(xsltStylesheetPtr ss)
  * call-seq:
  *   parse_stylesheet_doc(document)
  *
- * Parse a stylesheet from +document+.
+ * Parse an XSLT::Stylesheet from +document+.
+ *
+ * [Parameters]
+ * - +document+ (Nokogiri::XML::Document) the document to be parsed.
+ *
+ * [Returns] Nokogiri::XSLT::Stylesheet
  */
 static VALUE
 parse_stylesheet_doc(VALUE klass, VALUE xmldocobj)
@@ -104,7 +109,7 @@ parse_stylesheet_doc(VALUE klass, VALUE xmldocobj)
  * call-seq:
  *   serialize(document)
  *
- * Serialize +document+ to an xml string.
+ * Serialize +document+ to an xml string, as specified by the +method+ parameter in the Stylesheet.
  */
 static VALUE
 rb_xslt_stylesheet_serialize(VALUE self, VALUE xmlobj)
@@ -133,7 +138,7 @@ rb_xslt_stylesheet_serialize(VALUE self, VALUE xmlobj)
  *   transform(document)
  *   transform(document, params = {})
  *
- * Apply an XSLT stylesheet to an XML::Document.
+ * Transform an XML::Document as defined by an XSLT::Stylesheet.
  *
  * [Parameters]
  * - +document+ (Nokogiri::XML::Document) the document to be transformed.

data/gumbo-parser/Makefile

@@ -13,6 +13,9 @@ LDFLAGS := -pthread
 
 all: check
 
+oss-fuzz:
+	./fuzzer/build-ossfuzz.sh
+
 fuzzers: fuzzer-normal fuzzer-asan fuzzer-ubsan fuzzer-msan
 
 fuzzer-normal:

data/gumbo-parser/src/parser.c

@@ -4826,14 +4826,17 @@ GumboOutput* gumbo_parse_with_options (
       // to a token.
       if (token.type == GUMBO_TOKEN_END_TAG &&
           token.v.end_tag.tag == GUMBO_TAG_UNKNOWN)
+      {
         gumbo_free(token.v.end_tag.name);
+        token.v.end_tag.name = NULL;
+      }
+      if (unlikely(state->_open_elements.length > max_tree_depth)) {
+        parser._output->status = GUMBO_STATUS_TREE_TOO_DEEP;
+        gumbo_debug("Tree depth limit exceeded.\n");
+        break;
+      }
     }
 
-    if (unlikely(state->_open_elements.length > max_tree_depth)) {
-      parser._output->status = GUMBO_STATUS_TREE_TOO_DEEP;
-      gumbo_debug("Tree depth limit exceeded.\n");
-      break;
-    }
 
     ++loop_count;
     assert(loop_count < 1000000000UL);

data/lib/nokogiri/version/constant.rb

@@ -2,5 +2,5 @@
 
 module Nokogiri
   # The version of Nokogiri you are using
-  VERSION = "1.16.0"
+  VERSION = "1.16.1"
 end

data/lib/nokogiri/xml/reader.rb

@@ -3,9 +3,11 @@
 module Nokogiri
   module XML
     ###
-    # Nokogiri::XML::Reader parses an XML document similar to the way a cursor
-    # would move.  The Reader is given an XML document, and yields nodes
-    # to an each block.
+    # Nokogiri::XML::Reader parses an XML document similar to the way a cursor would move. The
+    # Reader is given an XML document, and yields nodes to an each block.
+    #
+    # The Reader parser might be good for when you need the speed and low memory usage of the SAX
+    # parser, but do not want to write a Document handler.
     #
     # Here is an example of usage:
     #
@@ -22,13 +24,12 @@ module Nokogiri
     #
     #     end
     #
-    # Note that Nokogiri::XML::Reader#each can only be called once!!  Once
-    # the cursor moves through the entire document, you must parse the
-    # document again.  So make sure that you capture any information you
-    # need during the first iteration.
+    # ⚠ Nokogiri::XML::Reader#each can only be called once! Once the cursor moves through the entire
+    # document, you must parse the document again. It may be better to capture all information you
+    # need during a single iteration.
     #
-    # The Reader parser is good for when you need the speed of a SAX parser,
-    # but do not want to write a Document handler.
+    # ⚠ libxml2 does not support error recovery in the Reader parser. The `RECOVER` ParseOption is
+    # ignored. If a syntax error is encountered during parsing, an exception will be raised.
     class Reader
       include Enumerable
 

data/lib/nokogiri/xslt/stylesheet.rb

@@ -10,15 +10,37 @@ module Nokogiri
     #   doc   = Nokogiri::XML(File.read('some_file.xml'))
     #   xslt  = Nokogiri::XSLT(File.read('some_transformer.xslt'))
     #
-    #   puts xslt.transform(doc)
+    #   xslt.transform(doc) # => Nokogiri::XML::Document
     #
-    # See Nokogiri::XSLT::Stylesheet#transform for more transformation
-    # information.
+    # Many XSLT transformations include serialization behavior to emit a non-XML document. For these
+    # cases, please take care to invoke the #serialize method on the result of the transformation:
+    #
+    #   doc   = Nokogiri::XML(File.read('some_file.xml'))
+    #   xslt  = Nokogiri::XSLT(File.read('some_transformer.xslt'))
+    #   xslt.serialize(xslt.transform(doc)) # => String
+    #
+    # or use the #apply_to method, which is a shortcut for `serialize(transform(document))`:
+    #
+    #   doc   = Nokogiri::XML(File.read('some_file.xml'))
+    #   xslt  = Nokogiri::XSLT(File.read('some_transformer.xslt'))
+    #   xslt.apply_to(doc) # => String
+    #
+    # See Nokogiri::XSLT::Stylesheet#transform for more information and examples.
     class Stylesheet
-      ###
-      # Apply an XSLT stylesheet to an XML::Document.
-      # +params+ is an array of strings used as XSLT parameters.
-      # returns serialized document
+      # :call-seq:
+      #   apply_to(document, params = []) -> String
+      #
+      # Apply an XSLT stylesheet to an XML::Document and serialize it properly. This method is
+      # equivalent to calling #serialize on the result of #transform.
+      #
+      # [Parameters]
+      # - +document+ is an instance of XML::Document to transform
+      # - +params+ is an array of strings used as XSLT parameters, passed into #transform
+      #
+      # [Returns]
+      #   A string containing the serialized result of the transformation.
+      #
+      # See Nokogiri::XSLT::Stylesheet#transform for more information and examples.
       def apply_to(document, params = [])
         serialize(transform(document, params))
       end

data/patches/libxml2/0012-parser-Fix-crash-in-xmlParseInNodeContext-with-HTML.patch

@@ -0,0 +1,33 @@
+From 95f2a17440568694a6df6a326c5b411e77597be2 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 30 Jan 2024 13:25:17 +0100
+Subject: [PATCH] parser: Fix crash in xmlParseInNodeContext with HTML
+ documents
+
+Ignore namespaces if we have an HTML document with namespaces added
+manually.
+
+Fixes #672.
+---
+ parser.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/parser.c b/parser.c
+index 1038d71b..f7842ed1 100644
+--- a/parser.c
++++ b/parser.c
+@@ -12415,8 +12415,10 @@ xmlParseInNodeContext(xmlNodePtr node, const char *data, int datalen,
+     }
+     xmlAddChild(node, fake);
+ 
+-    if (node->type == XML_ELEMENT_NODE) {
++    if (node->type == XML_ELEMENT_NODE)
+ 	nodePush(ctxt, node);
++
++    if ((ctxt->html == 0) && (node->type == XML_ELEMENT_NODE)) {
+ 	/*
+ 	 * initialize the SAX2 namespaces stack
+ 	 */
+-- 
+2.42.0
+

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nokogiri
 version: !ruby/object:Gem::Version
-  version: 1.16.0
+  version: 1.16.1
 platform: ruby
 authors:
 - Mike Dalessio
@@ -20,7 +20,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-12-27 00:00:00.000000000 Z
+date: 2024-02-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mini_portile2
@@ -271,8 +271,9 @@ files:
 - patches/libxml2/0009-allow-wildcard-namespaces.patch
 - patches/libxml2/0010-update-config.guess-and-config.sub-for-libxml2.patch
 - patches/libxml2/0011-rip-out-libxml2-s-libc_single_threaded-support.patch
+- patches/libxml2/0012-parser-Fix-crash-in-xmlParseInNodeContext-with-HTML.patch
 - patches/libxslt/0001-update-config.guess-and-config.sub-for-libxslt.patch
-- ports/archives/libxml2-2.12.3.tar.xz
+- ports/archives/libxml2-2.12.4.tar.xz
 - ports/archives/libxslt-1.1.39.tar.xz
 homepage: https://nokogiri.org
 licenses: