Bump nokogiri to 1.13.6
What does this MR do and why?
This MR bumps nokogiri dependency from 1.13.3 to 1.13.6.
This new version of nokogiri upgrades libxml2 HTML parser to v2.9.14
which modifies the way invalid tags are handled. Instead of skipping, it
results in HTML text nodes starting with <! The tests are also
updated to reflect this new behaviour.
From the nokogiri changelog:
The libxml2 HTML parser in v2.9.14 recovers from some broken markup differently. Notably, the XML CDATA escape sequence
<![CDATA[and incorrectly-opened comments will result in HTML text nodes starting with<!instead of skipping the invalid tag. This behavior is a direct result of the quadratic-behavior fix noted above. The behavior of downstream sanitizers relying on this behavior will also change. Some tests describing the changed behavior are intest/html4/test_comments.rb.
Full changelog https://my.diffend.io/gems/nokogiri/1.13.3/1.13.6
Relates to !89756 (closed) raised by Renovate Bot.
How to set up and validate locally
To validate all HTML markup text has been converted correctly, we can run the following specs:
bundle exec spring rspec spec/requests/api/markdown_snapshot_spec.rb -fdMR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.