release planning: v1.17.0

Question

release planning: v1.17.0

flavorjones opened this issue 7 months ago · comments

See milestone https://github.com/sparklemotion/nokogiri/milestone/31
punchlist
- acknowledge sponsors
  - existing recurring sponsors
  - new sponsors:
    - @velocity-labs via https://opencollective.com/velocity-labs
    - @captn3m0 via https://opencollective.com/nemo
    - @fnando
    - @mrhenry
    - @kwbauson
    - @niccokunzmann
    - @nandangpk
    - @zokioki
    - @orien
    - anonymous/private donor

skurni · Answer 1 · Wed Apr 03 2024 13:21:01 GMT+0800 (China Standard Time)

Hi @flavorjones / team, zlib has released version 1.3.1 which contains a fix for CVE-2023-45853. See madler/zlib#868. Is it possible to update the same in nokogiri? I see that it is pointing to 1.3 in dependencies.yml.

Mike Dalessio · Answer 2 · Wed Apr 03 2024 20:51:52 GMT+0800 (China Standard Time)

@skurni Thanks for asking. Can you please open a new issue for this? If it's a security issue then we shouldn't wait for the next minor. But I also don't know much about this issue or the release, so I'm not sure if it's a security issue. So let's have that conversation in a new issue, thanks!

skurni · Answer 3 · Wed Apr 10 2024 18:51:39 GMT+0800 (China Standard Time)

Thanks @flavorjones, I've opened an issue here: #3172