diff --git a/CHANGELOG.md b/CHANGELOG.md index a9232fe0ef8..f0f1c6fa134 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,18 @@ Nokogiri follows [Semantic Versioning](https://semver.org/), please see the [REA --- +## next + +### Security + +* [CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See [GHSA-r95h-9x8f-r3f7](https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7) for more information. + + +### Dependencies + +* [CRuby] Vendored libxml2 is updated to [v2.12.7](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7) from v2.12.6. (@flavorjones) + + ## v1.16.4 / 2024-04-10 ### Dependencies diff --git a/dependencies.yml b/dependencies.yml index a02f11cd12e..33ba95930c0 100644 --- a/dependencies.yml +++ b/dependencies.yml @@ -1,8 +1,8 @@ --- libxml2: - version: "2.12.6" - sha256: "889c593a881a3db5fdd96cc9318c87df34eb648edfc458272ad46fd607353fbb" - # sha-256 hash provided in https://download.gnome.org/sources/libxml2/2.12/libxml2-2.12.6.sha256sum + version: "2.12.7" + sha256: "24ae78ff1363a973e6d8beba941a7945da2ac056e19b53956aeb6927fd6cfb56" + # sha-256 hash provided in https://download.gnome.org/sources/libxml2/2.12/libxml2-2.12.7.sha256sum libxslt: version: "1.1.39"