Bump nokogiri to 1.13.6
What does this MR do and why?
This MR bumps nokogiri
dependency from 1.13.3
to 1.13.6
.
This new version of nokogiri
upgrades libxml2
HTML parser to v2.9.14
which modifies the way invalid tags are handled. Instead of skipping, it
results in HTML text nodes starting with <!
The tests are also
updated to reflect this new behaviour.
From the nokogiri
changelog:
The libxml2 HTML parser in v2.9.14 recovers from some broken markup differently. Notably, the XML CDATA escape sequence
<![CDATA[
and incorrectly-opened comments will result in HTML text nodes starting with<!
instead of skipping the invalid tag. This behavior is a direct result of the quadratic-behavior fix noted above. The behavior of downstream sanitizers relying on this behavior will also change. Some tests describing the changed behavior are intest/html4/test_comments.rb
.
Full changelog https://my.diffend.io/gems/nokogiri/1.13.3/1.13.6
Relates to !89756 (closed) raised by Renovate Bot
.
How to set up and validate locally
To validate all HTML markup text has been converted correctly, we can run the following specs:
bundle exec spring rspec spec/requests/api/markdown_snapshot_spec.rb -fd
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.