dep: bump libxml to v2.11.7

Addresses CVE-2024-25062 See related GHSA-xc9x-jj77-9p9j
sparklemotion · Mar 15, 2024 · 83a2571 · 83a2571
1 parent 5745d4b
commit 83a2571
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,19 @@ Nokogiri follows [Semantic Versioning](https://semver.org/), please see the [REA
 
 ---
 
+## 1.15.next / unreleased
+
+### Security
+
+* [CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See [GHSA-xc9x-jj77-9p9j](https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j) for more information.
+
+
+### Dependencies
+
+* [CRuby] Vendored libxml2 is updated to v2.11.7 from v2.11.6. For details please see https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.7
+
+
+
 ## 1.15.5 / 2023-11-17
 
 ### Dependencies

diff --git a/dependencies.yml b/dependencies.yml
@@ -1,8 +1,7 @@
-
 libxml2:
-  version: "2.11.6"
-  sha256: "c90eee7506764abbe07bb616b82da452529609815aefef423d66ef080eb0c300"
-  # sha-256 hash provided in https://download.gnome.org/sources/libxml2/2.11/libxml2-2.11.6.sha256sum
+  version: "2.11.7"
+  sha256: "fb27720e25eaf457f94fd3d7189bcf2626c6dccf4201553bc8874d50e3560162"
+  # sha-256 hash provided in https://download.gnome.org/sources/libxml2/2.11/libxml2-2.11.7.sha256sum
 
 libxslt:
   version: "1.1.39"