profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/JeremyRubin/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.

JeremyRubin/BTCSpark 33

A toolkit for using apache spark to efficiently query Bitcoin Blockchain data.

JeremyRubin/Graffiti-codes 7

Graffiti Codes is a project out of the MIT Media lab for the creation of QR-like gesture codes. It is a work in progress!

JeremyRubin/judge 7

An algorithm/Library for reducing multiple judge scores into meaningful rankings for hackathons or contests.

JeremyRubin/CTVSims 5

Simulations showing CTV is kickass

JeremyRubin/bitcoin 4

Bitcoin Core integration/staging tree

JeremyRubin/BatteryBalance 2

A script to battery pack organization based on IR values.

JeremyRubin/bips 2

Bitcoin Improvement Proposals

JeremyRubin/dragonchain 2

Dragonchain blockchain platform - simplified integration of advanced blockchain features

Pull request review commentbitcoin/bitcoin

build: Avoid fcntl64@GLIBC_2.28 symbol when --enable-glibc-back-compat

 #include <config/bitcoin-config.h> #endif +#include <cstdarg> #include <cstddef> #include <cstdint>+#include <cstdio>+#include <cstdlib>++#include <fcntl.h>++// See https://stackoverflow.com/a/58472959+#ifdef __i386__+__asm(".symver fcntl64,fcntl@GLIBC_2.1");+#elif defined(__amd64__)+__asm(".symver fcntl64,fcntl@GLIBC_2.2.5");+#elif defined(__arm__)+__asm(".symver fcntl64,fcntl@GLIBC_2.4");+#elif defined(__aarch64__)+__asm(".symver fcntl64,fcntl@GLIBC_2.17");+#elif defined(__powerpc64__)+#  ifdef WORDS_BIGENDIAN+__asm(".symver fcntl64,fcntl@GLIBC_2.3");+#  else+__asm(".symver fcntl64,fcntl@GLIBC_2.17");+#  endif+#elif defined(__riscv)+__asm(".symver fcntl64,fcntl@GLIBC_2.27");+#endif+extern "C" int __wrap_fcntl64(int fd, int cmd, ...)+{+    int result;+    va_list va;+    va_start(va, cmd);++    switch (cmd) {+    //+    // File descriptor flags+    //+    case F_GETFD: goto takes_void;+    case F_SETFD: goto takes_int;++    // File status flags+    //+    case F_GETFL: goto takes_void;+    case F_SETFL: goto takes_int;++    // File byte range locking, not held across fork() or clone()+    //+    case F_SETLK: goto takes_flock_ptr_INCOMPATIBLE;+    case F_SETLKW: goto takes_flock_ptr_INCOMPATIBLE;+    case F_GETLK: goto takes_flock_ptr_INCOMPATIBLE;++    // File byte range locking, held across fork()/clone() -- Not POSIX+    //+    case F_OFD_SETLK: goto takes_flock_ptr_INCOMPATIBLE;+    case F_OFD_SETLKW: goto takes_flock_ptr_INCOMPATIBLE;+    case F_OFD_GETLK: goto takes_flock_ptr_INCOMPATIBLE;++    // Managing I/O availability signals+    //+    case F_GETOWN: goto takes_void;+    case F_SETOWN: goto takes_int;+    case F_GETOWN_EX: goto takes_f_owner_ex_ptr;+    case F_SETOWN_EX: goto takes_f_owner_ex_ptr;+    case F_GETSIG: goto takes_void;+    case F_SETSIG: goto takes_int;++    // Notified when process tries to open or truncate file (Linux 2.4+)+    //+    case F_SETLEASE: goto takes_int;+    case F_GETLEASE: goto takes_void;++    // File and directory change notification+    //+    case F_NOTIFY: goto takes_int;++    // Changing pipe capacity (Linux 2.6.35+)+    //+    case F_SETPIPE_SZ: goto takes_int;+    case F_GETPIPE_SZ: goto takes_void;++    // File sealing (Linux 3.17+)+    //+    case F_ADD_SEALS: goto takes_int;+    case F_GET_SEALS: goto takes_void;++    // File read/write hints (Linux 4.13+)+    //+    case F_GET_RW_HINT: goto takes_uint64_t_ptr;+    case F_SET_RW_HINT: goto takes_uint64_t_ptr;+    case F_GET_FILE_RW_HINT: goto takes_uint64_t_ptr;+    case F_SET_FILE_RW_HINT: goto takes_uint64_t_ptr;++    default:+        fprintf(stderr, "fcntl64 workaround got unknown F_XXX constant");

Don't remove the exit here. This is sort of an assert; if you continue it'll invoke fcntl with who knows what behavior.

hebasto

comment created time in 4 minutes

issue openedtauri-apps/tauri

This version of %1 is not compatible with the version of Windows you're running.

Describe the bug I get the following cryptic error message: Check your computer's system information to see whether you need a x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher. (os error 216).

I assume it's webview2, but I can't be sure? I didn't know how to fill out the other parts, however, I am quite stuck at this stage. I reinstalled webview2, both the x86 and the x64 versions, rebooted, but get the same error message.

Platform and Versions (please complete the following information): Operating System - Windows, version 6.1.7601 X64 Webview2 - 91.0.864.54

Node.js environment Node.js - 12.19.0 @tauri-apps/cli - 1.0.0-beta.1 (outdated, latest: 1.0.0-beta.2) @tauri-apps/api - 1.0.0-beta.1

Global packages npm - 6.14.8 yarn - Not installed

Rust environment rustc - 1.52.1 cargo - 1.52.0

App directory structure /dist /node_modules /src-tauri

App tauri.rs - 1.0.0-beta.1 build-type - bundle CSP - default-src blob: data: filesystem: ws: http: https: 'unsafe-eval' 'unsafe-inline' 'self' img-src: 'self' distDir - ../dist devPath - ../dist

created time in 8 minutes

pull request commentbitcoin/bitcoin

build: Avoid fcntl64@GLIBC_2.28 symbol when --enable-glibc-back-compat

Perhaps you want to make it print the value of cmd, so we can figure out which F_ constants are used but not handled by the wrapper. The partial approach is pretty uncomfortable though.

hebasto

comment created time in 10 minutes

pull request commentbitcoin/bitcoin

build: Replace $(AT) with .SILENCE.

<!--e57a25ab6845829454e8d69fc972939a-->

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

<!--174a7506f384e20aa4161008e828411d-->

Conflicts

Reviewers, this pull request conflicts with the following ones:

  • #22237 (build: Avoid remaking makefiles. by dgoncharov)
  • #22234 (build: Mark print-% target as phony. by dgoncharov)
  • #22126 (build: Disable make builtin rules. by dgoncharov)
  • #21995 (build: Make built dependency packages reproducible by hebasto)
  • #19952 (build, ci: Add file-based logging for individual packages by hebasto)
  • #19882 (depends: Export variables from make to environment explicitly by hebasto)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

dgoncharov

comment created time in 16 minutes

issue commentbitcoin/bitcoin

gitian: GLIBC_2.29 not found error at bitcoind startup on bionic

bitcoind compatibility fixed in #22281 and #22287.

@willyko Do you mind testing suggested fixes?

willyko

comment created time in 31 minutes

PR opened bitcoin/bitcoin

build: Avoid fcntl64@GLIBC_2.28 symbol when --enable-glibc-back-compat Build system

This PR is a partial fix for #21454 (see #22281 for complete fix).

Gitian builds:

Generating report
d2369c6277eedc71f95c7f97ec62e105f5c1dea946d6441d7e65da7e2a484247  bitcoin-2ff4bdd24e14-aarch64-linux-gnu-debug.tar.gz
3c7e9bcbd6770dc178723dd619b8adac45f0d41f82069f0be0aa35bad8c02e00  bitcoin-2ff4bdd24e14-aarch64-linux-gnu.tar.gz
4e355aaccea53031881fa8bbc68b594d7f86609579ffbcb92f36437a33051657  bitcoin-2ff4bdd24e14-arm-linux-gnueabihf-debug.tar.gz
fa16fd5e416cb13f250048a38d9372f01b80533fc3345379e545ff67894b69be  bitcoin-2ff4bdd24e14-arm-linux-gnueabihf.tar.gz
30e3fedebbcac581b4789f63402300b25eeb0f633c1369f1e2f83b2f6d9cbd56  bitcoin-2ff4bdd24e14-powerpc64-linux-gnu-debug.tar.gz
8e5d8c12e479170ec0d9cce76fe2f48c8bdcd48b67509857d2df31f90e5fe6ab  bitcoin-2ff4bdd24e14-powerpc64-linux-gnu.tar.gz
3813383901824aac151962ae14617b755644d70e3ba93bdb4b4f1104931971ae  bitcoin-2ff4bdd24e14-powerpc64le-linux-gnu-debug.tar.gz
4162827c0fd4171ba58bbd7cbb41974c9c41272d1da1c07267e186acccf8e24f  bitcoin-2ff4bdd24e14-powerpc64le-linux-gnu.tar.gz
f7c2dd80f8ee32a71a340fea6dc4e6469b3ce5031ed6456f4d7963ca927443ad  bitcoin-2ff4bdd24e14-riscv64-linux-gnu-debug.tar.gz
c77d351447400f489dd5e044815ce1e8da0ec0001411f4584beda706a4478053  bitcoin-2ff4bdd24e14-riscv64-linux-gnu.tar.gz
521547b5bf908c98294673e7b7ba2fab52bce29993e4c30927a1dc9bfc6eed66  bitcoin-2ff4bdd24e14-x86_64-linux-gnu-debug.tar.gz
97f06d8b7a06d5a4d52c3099fafbf2906dc15aee84aa43f3b6c9a895bb2f4235  bitcoin-2ff4bdd24e14-x86_64-linux-gnu.tar.gz
7576d65d794fe486a3845b31fcdd7738c37d8ae33b7bd347d5cb9c5c885080ea  src/bitcoin-2ff4bdd24e14.tar.gz
7d23e47fcbd68fd09c692f474ec430846a98fc4b6d010450352cbbf3577c5597  bitcoin-core-linux-22-res.yml
Done.
+126 -1

0 comment

3 changed files

pr created time in 34 minutes

pull request commentbitcoin/bitcoin

build: Replace $(AT) with .SILENCE.

On master, for debugging purpose one could easy enable echoing for particular lines in a recipe by removing $(AT).

How to achieve the same goal with this PR?

dgoncharov

comment created time in an hour

pull request commentbitcoin/bitcoin

build: Replace $(AT) with .SILENCE.

s/.SILENCE/.SILENT/ in the PR name?

dgoncharov

comment created time in an hour

Pull request review commentbitcoin/bitcoin

Add feerate histogram to getmempoolinfo

 void RPCNotifyBlockChange(const CBlockIndex*); /** Block description to JSON */ UniValue blockToJSON(const CBlock& block, const CBlockIndex* tip, const CBlockIndex* blockindex, bool txDetails = false) LOCKS_EXCLUDED(cs_main); +typedef std::vector<CAmount> MempoolHistogramFeeRates;+ /** Mempool information to JSON */-UniValue MempoolInfoToJSON(const CTxMemPool& pool);+UniValue MempoolInfoToJSON(const CTxMemPool& pool, const std::optional<MempoolHistogramFeeRates> feeLimits);

Need to #include <optional> in this header

kiminuo

comment created time in 3 hours

pull request commentbitcoin/bitcoin

Add feerate histogram to getmempoolinfo

Note: This PR drops the REST support

kiminuo

comment created time in 3 hours

Pull request review commentbitcoin/bitcoin

Add feerate histogram to getmempoolinfo

 UniValue MempoolInfoToJSON(const CTxMemPool& pool)     ret.pushKV("mempoolminfee", ValueFromAmount(std::max(pool.GetMinFee(maxmempool), ::minRelayTxFee).GetFeePerK()));     ret.pushKV("minrelaytxfee", ValueFromAmount(::minRelayTxFee.GetFeePerK()));     ret.pushKV("unbroadcastcount", uint64_t{pool.GetUnbroadcastTxs().size()});++    if (feeLimits) {+        const MempoolHistogramFeeRates& limits{feeLimits.value()};++        /* Keep histogram per...+         * ... cumulated tx sizes+         * ... txns (count)+         * ... cumulated fees */+        std::vector<uint64_t> sizes(limits.size(), 0);+        std::vector<uint64_t> count(limits.size(), 0);+        std::vector<CAmount> fees(limits.size(), 0);++        for (const CTxMemPoolEntry& e : pool.mapTx) {+            const CAmount fee{e.GetFee()}, afees{e.GetModFeesWithAncestors()}, dfees{e.GetModFeesWithDescendants()};+            const uint32_t size{(uint32_t)e.GetTxSize()}, asize{(uint32_t)e.GetSizeWithAncestors()}, dsize{(uint32_t)e.GetSizeWithDescendants()};++            const CAmount fpb{CFeeRate{fee, size}.GetFee(1)};     // Fee rate per byte+            const CAmount afpb{CFeeRate{afees, asize}.GetFee(1)}; // Fee rate per byte including ancestors+            const CAmount dfpb{CFeeRate{dfees, dsize}.GetFee(1)}; // Fee rate per byte including descendants++            // Fee rate per byte including ancestors & descendants+            const CAmount tfpb{CFeeRate{afees + dfees - fee, asize + dsize - size}.GetFee(1)};+            const CAmount fee_rate_per_byte{std::max(std::min(dfpb, tfpb), std::min(fpb, afpb))};++            // Distribute fee rates into fee limits+            for (int i = limits.size() - 1; i >= 0; --i) {

Should probably check for overflow explicitly if you use int here.

Or something like:

            for (size_t i = limits.size(); i-- > 0; ) {
kiminuo

comment created time in a day

Pull request review commentbitcoin/bitcoin

Add feerate histogram to getmempoolinfo

+#!/usr/bin/env python3+# Copyright (c) 2021 The Bitcoin Core developers+# Distributed under the MIT software license, see the accompanying+# file COPYING or http://www.opensource.org/licenses/mit-license.php.+"""Test mempool fee histogram."""++from decimal import Decimal++from test_framework.test_framework import BitcoinTestFramework+from test_framework.util import (+    assert_equal,+    assert_greater_than,+    assert_greater_than_or_equal,+    assert_no_key,+)++class MempoolFeeHistogramTest(BitcoinTestFramework):+    def set_test_params(self):+        self.setup_clean_chain = True+        self.num_nodes = 1++    def skip_test_if_missing_module(self):+        self.skip_if_no_wallet()++    def run_test(self):+        node = self.nodes[0]+        node.generate(102)++        # We have two utxos and we do this:+        #+        # coinbase-tx-101 <- tx1 (5 sat/vB) <- tx2 (14 sat/vB) <----\+        # coinbase-tx-102 <--------------------------------------- tx3 (6 sat/vB)++        self.log.info("Test getmempoolinfo does not return fee histogram by default")+        assert_no_key('fee_histogram', node.getmempoolinfo())++        self.log.info("Test getmempoolinfo returns empty fee histogram when mempool is empty")+        info = node.getmempoolinfo([1, 2, 3])+        (non_empty_groups, empty_groups, total_fees) = self.histogram_stats(info['fee_histogram'])+        assert_equal(0, non_empty_groups)+        assert_equal(3, empty_groups)+        assert_equal(0, total_fees)++        self.log.info("Test that we have two spendable utxos and lock the second one")+        utxos = node.listunspent()+        assert_equal(2, len(utxos))+        node.lockunspent(False, [{"txid": utxos[1]["txid"], "vout": utxos[1]["vout"]}])++        self.log.info("Send tx1 transaction with 5 sat/vB fee rate")+        node.sendtoaddress(address=node.getnewaddress(), amount=Decimal("50.0"), fee_rate=5, subtractfeefromamount=True)++        self.log.info("Test fee rate histogram when mempool contains 1 transaction (tx1: 5 sat/vB)")+        info = node.getmempoolinfo([1, 3, 5, 10])+        (non_empty_groups, empty_groups, total_fees) = self.histogram_stats(info['fee_histogram'])+        assert_equal(1, non_empty_groups)+        assert_equal(3, empty_groups)+        assert_equal(1, info['fee_histogram']['fee_rate_groups']['5']['count'])+        assert_equal(total_fees, info['fee_histogram']['total_fees'])++        self.log.info("Send tx2 transaction with 14 sat/vB fee rate (spends tx1 utxo)")+        node.sendtoaddress(address=node.getnewaddress(), amount=Decimal("25.0"), fee_rate=14)++        self.log.info("Test fee rate histogram when mempool contains 2 transactions (tx1: 5 sat/vB, tx2: 14 sat/vB)")+        info = node.getmempoolinfo([1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15])++        # Both tx1 and tx2 are supposed to be reported in 8 sat/vB fee rate group+        (non_empty_groups, empty_groups, total_fees) = self.histogram_stats(info['fee_histogram'])+        assert_equal(1, non_empty_groups)+        assert_equal(14, empty_groups)+        assert_equal(2, info['fee_histogram']['fee_rate_groups']['8']['count'])+        assert_equal(total_fees, info['fee_histogram']['total_fees'])++        # Unlock the second UTXO which we locked+        node.lockunspent(True, [{"txid": utxos[1]["txid"], "vout": utxos[1]["vout"]}])++        self.log.info("Send tx3 transaction with 6 sat/vB fee rate (spends all available utxos)")+        node.sendtoaddress(address=node.getnewaddress(), amount=Decimal("99.9"), fee_rate=6)++        self.log.info("Test fee rate histogram when mempool contains 3 transactions (tx1: 5 sat/vB, tx2: 14 sat/vB, tx3: 6 sat/vB)")+        info = node.getmempoolinfo([1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15])++        # Verify that each of 6, 7 and 8 sat/vB fee rate groups contain one transaction+        (non_empty_groups, empty_groups, total_fees) = self.histogram_stats(info['fee_histogram'])+        assert_equal(3, non_empty_groups)+        assert_equal(12, empty_groups)+        assert_equal(1, info['fee_histogram']['fee_rate_groups']['6']['count'])+        assert_equal(1, info['fee_histogram']['fee_rate_groups']['7']['count'])+        assert_equal(1, info['fee_histogram']['fee_rate_groups']['8']['count'])+        assert_equal(total_fees, info['fee_histogram']['total_fees'])+++    def histogram_stats(self, histogram):+        total_fees = 0+        empty_count = 0+        non_empty_count = 0++        for key, bin in histogram['fee_rate_groups'].items():

Is bin reserved in Python?

kiminuo

comment created time in 3 hours

Pull request review commentbitcoin/bitcoin

Add feerate histogram to getmempoolinfo

 static const CRPCConvertParam vRPCConvertParams[] =     { "pruneblockchain", 0, "height" },     { "keypoolrefill", 0, "newsize" },     { "getrawmempool", 0, "verbose" },+    { "getmempoolinfo", 0, "fee_histogram" },

This shouldn't interrupt getrawmempool...

kiminuo

comment created time in 3 hours

Pull request review commentbitcoin/bitcoin

Add feerate histogram to getmempoolinfo

 UniValue MempoolInfoToJSON(const CTxMemPool& pool)     ret.pushKV("mempoolminfee", ValueFromAmount(std::max(pool.GetMinFee(maxmempool), ::minRelayTxFee).GetFeePerK()));     ret.pushKV("minrelaytxfee", ValueFromAmount(::minRelayTxFee.GetFeePerK()));     ret.pushKV("unbroadcastcount", uint64_t{pool.GetUnbroadcastTxs().size()});++    if (feeLimits) {+        const MempoolHistogramFeeRates& limits{feeLimits.value()};++        /* Keep histogram per...+         * ... cumulated tx sizes+         * ... txns (count)+         * ... cumulated fees */+        std::vector<uint64_t> sizes(limits.size(), 0);+        std::vector<uint64_t> count(limits.size(), 0);+        std::vector<CAmount> fees(limits.size(), 0);++        for (const CTxMemPoolEntry& e : pool.mapTx) {+            const CAmount fee{e.GetFee()}, afees{e.GetModFeesWithAncestors()}, dfees{e.GetModFeesWithDescendants()};+            const uint32_t size{(uint32_t)e.GetTxSize()}, asize{(uint32_t)e.GetSizeWithAncestors()}, dsize{(uint32_t)e.GetSizeWithDescendants()};

Why are you downgrading these to uint32_t?

kiminuo

comment created time in a day

issue closedtauri-apps/tauri

Frameless window and something like '-webkit-app-region:drag' for tauri

Is your feature request related to a problem? Please describe. When building frameless window I need a way to give user ability to move and resize the window. Electron has style option that you can add to html tag to make it behave like window title bar in a sense that user can grab this element and drag the whole app window. Like so:

<body style="-webkit-app-region: drag">
</body>

Describe the solution you'd like Ideally I would like the same behavior as electron has. Full description available https://www.electronjs.org/docs/api/frameless-window#draggable-region Or at least more control over title bar (make it slimmer or remove buttons)

Describe alternatives you've considered Using electron?)

Additional context Thanks for awesome project.

closed time in 3 hours

ilukinov

issue commenttauri-apps/tauri

Frameless window and something like '-webkit-app-region:drag' for tauri

I did not! Thank you very much, this will do the trick.

ilukinov

comment created time in 3 hours

pull request commentbitcoin/bitcoin

p2p, refactor: performance improvements to ProtectEvictionCandidatesByRatio()

<details><summary>With this 2-line test change</summary><p>

diff --git a/src/test/net_peer_eviction_tests.cpp b/src/test/net_peer_eviction_tests.cpp
index 4bfd487b86..f6ea4ba1af 100644
--- a/src/test/net_peer_eviction_tests.cpp
+++ b/src/test/net_peer_eviction_tests.cpp
@@ -85,6 +85,7 @@ BOOST_AUTO_TEST_CASE(peer_protection_test)
 {
     FastRandomContext random_context{true};
     int num_peers{12};
+    for (int i = 0; i < 500000; ++i) {
 
     // Expect half of the peers with greatest uptime (the lowest nTimeConnected)
     // to be protected from eviction.
@@ -456,6 +457,7 @@ BOOST_AUTO_TEST_CASE(peer_protection_test)
         /* protected_peer_ids */ {0, 1, 2, 3, 4, 5, 7, 8, 11, 12, 16, 17},
         /* unprotected_peer_ids */ {6, 9, 10, 13, 14, 15, 18, 19, 20, 21, 22, 23},
         random_context));
+    }
 }

</p></details>

$ time ./src/test/test_bitcoin -t net_peer_eviction_tests/peer_protection_test

Screenshot from 2021-06-19 23-16-38

Seeing roughly an 8% speedup, Clang 11 non-debug build on Debian testing, run times in seconds on this branch vs on master. So pretty much the same as the comment above.

jonatack

comment created time in 3 hours

issue commenttauri-apps/tauri

Can not render HTML5 drag & drop

@LambdaMan2K Write your Markdown this way:

```vue 
<component></component>
<script></script>```

you may need to add a line break before the last three backticks.

LambdaMan2K

comment created time in 3 hours

issue commenttauri-apps/tauri

Bug - On dev branch - ubuntu 20 - open / save file modal will freeze and crash app

Oh, great ! I'll try it from dev once the pr is merged, and report here

olup

comment created time in 3 hours

issue commenttauri-apps/tauri

Frameless window and something like '-webkit-app-region:drag' for tauri

Hi, have you checked out https://tauri.studio/en/docs/usage/guides/visual/window-customization#html ?

ilukinov

comment created time in 3 hours

issue openedtauri-apps/tauri

Frameless window and something like '-webkit-app-region:drag' for tauri

Is your feature request related to a problem? Please describe. When building frameless window I need a way to give user ability to move and resize the window. Electron has style option that you can add to html tag to make it behave like window title bar in a sense that user can grab this element and drag the whole app window. Like so:

<body style="-webkit-app-region: drag">
</body>

Describe the solution you'd like Ideally I would like the same behavior as electron has. Full description available https://www.electronjs.org/docs/api/frameless-window#draggable-region Or at least more control over title bar (make it slimmer or remove buttons)

Describe alternatives you've considered Using electron?)

Additional context Thanks for awesome project.

created time in 4 hours

startedvmenond/satoshipay

started time in 4 hours

startedixaxaar/awesome-engineering-management

started time in 4 hours

pull request commentbitcoin/bitcoin

test: refactor: use `FromHex` helper for msg serialization from hex, remove `ToHex` helper

Added another commit to introduce a tx_from_hex helper, as suggested by MarcoFalke (https://github.com/bitcoin/bitcoin/pull/22257#discussion_r654817481). Tempted to squash this with the first commit to minimize reviewing burden, OTOH both replacing code with an existing helper and introducing introducing a new one seems a bit much for a single commit. Opinions?

theStack

comment created time in 4 hours

Pull request review commentbitcoin/bitcoin

test: refactor: use `FromHex` helper for msg serialization from hex, remove `ToHex` helper

 def run_test(self):             inputs=[{"txid": txid_in_block, "vout": 0, "sequence": BIP125_SEQUENCE_NUMBER}],  # RBF is used later             outputs=[{node.getnewaddress(): Decimal('0.3') - fee}],         ))['hex']-        tx = CTransaction()-        tx.deserialize(BytesIO(hex_str_to_bytes(raw_tx_0)))+        tx = FromHex(CTransaction(), raw_tx_0)

Good idea, done.

theStack

comment created time in 4 hours

CommitCommentEvent

PR closed techx/hackmit-dayof

Bump nokogiri from 1.10.1 to 1.11.4 dependencies

Bumps nokogiri from 1.10.1 to 1.11.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/releases">nokogiri's releases</a>.</em></p> <blockquote> <h2>1.11.4 / 2021-05-14</h2> <h3>Security</h3> <p>[CRuby] Vendored libxml2 upgraded to v2.9.12 which addresses:</p> <ul> <li><a href="https://security.archlinux.org/CVE-2019-20388">CVE-2019-20388</a></li> <li><a href="https://security.archlinux.org/CVE-2020-24977">CVE-2020-24977</a></li> <li><a href="https://security.archlinux.org/CVE-2021-3517">CVE-2021-3517</a></li> <li><a href="https://security.archlinux.org/CVE-2021-3518">CVE-2021-3518</a></li> <li><a href="https://security.archlinux.org/CVE-2021-3537">CVE-2021-3537</a></li> <li><a href="https://security.archlinux.org/CVE-2021-3541">CVE-2021-3541</a></li> </ul> <p>Note that two additional CVEs were addressed upstream but are not relevant to this release. <a href="https://security.archlinux.org/CVE-2021-3516">CVE-2021-3516</a> via <code>xmllint</code> is not present in Nokogiri, and <a href="https://security.archlinux.org/CVE-2020-7595">CVE-2020-7595</a> has been patched in Nokogiri since v1.10.8 (see <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1992">#1992</a>).</p> <p>Please see <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64">nokogiri/GHSA-7rrm-v45f-jp64 </a> or <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2233">#2233</a> for a more complete analysis of these CVEs and patches.</p> <h3>Dependencies</h3> <ul> <li>[CRuby] vendored libxml2 is updated from 2.9.10 to 2.9.12. (Note that 2.9.11 was skipped because it was superseded by 2.9.12 a few hours after its release.)</li> </ul> <h2>1.11.3 / 2021-04-07</h2> <h3>Fixed</h3> <ul> <li>[CRuby] Passing non-<code>Node</code> objects to <code>Document#root=</code> now raises an <code>ArgumentError</code> exception. Previously this likely segfaulted. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1900">#1900</a>]</li> <li>[JRuby] Passing non-<code>Node</code> objects to <code>Document#root=</code> now raises an <code>ArgumentError</code> exception. Previously this raised a <code>TypeError</code> exception.</li> <li>[CRuby] arm64/aarch64 systems (like Apple's M1) can now compile libxml2 and libxslt from source (though we continue to strongly advise users to install the native gems for the best possible experience)</li> </ul> <h2>1.11.2 / 2021-03-11</h2> <h3>Fixed</h3> <ul> <li>[CRuby] <code>NodeSet</code> may now safely contain <code>Node</code> objects from multiple documents. Previously the GC lifecycle of the parent <code>Document</code> objects could lead to nodes being GCed while still in scope. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1952#issuecomment-770856928">#1952</a>]</li> <li>[CRuby] Patch libxml2 to avoid "huge input lookup" errors on large CDATA elements. (See upstream <a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/200">GNOME/libxml2#200</a> and <a href="https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/100">GNOME/libxml2!100</a>.) [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2132">#2132</a>].</li> <li>[CRuby+Windows] Enable Nokogumbo (and other downstream gems) to compile and link against <code>nokogiri.so</code> by including <code>LDFLAGS</code> in <code>Nokogiri::VERSION_INFO</code>. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2167">#2167</a>]</li> <li>[CRuby] <code>{XML,HTML}::Document.parse</code> now invokes <code>#initialize</code> exactly once. Previously <code>#initialize</code> was invoked twice on each object.</li> <li>[JRuby] <code>{XML,HTML}::Document.parse</code> now invokes <code>#initialize</code> exactly once. Previously <code>#initialize</code> was not called, which was a problem for subclassing such as done by <code>Loofah</code>.</li> </ul> <h3>Improved</h3> <ul> <li>Reduce the number of object allocations needed when parsing an HTML::DocumentFragment. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2087">#2087</a>] (Thanks, <a href="https://github.com/ashmaroli"><code>@​ashmaroli</code></a>!)</li> <li>[JRuby] Update the algorithm used to calculate <code>Node#line</code> to be wrong less-often. The underlying parser, Xerces, does not track line numbers, and so we've always used a hacky solution for this method. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1223">#1223</a>, <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2177">#2177</a>]</li> <li>Introduce <code>--enable-system-libraries</code> and <code>--disable-system-libraries</code> flags to <code>extconf.rb</code>. These flags provide the same functionality as <code>--use-system-libraries</code> and the <code>NOKOGIRI_USE_SYSTEM_LIBRARIES</code> environment variable, but are more idiomatic. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2193">#2193</a>] (Thanks, <a href="https://github.com/eregon"><code>@​eregon</code></a>!)</li> <li>[TruffleRuby] <code>--disable-static</code> is now the default on TruffleRuby when the packaged libraries are used. This is more flexible and compiles faster. (Note, though, that the default on TR is still to use system libraries.) [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2191#issuecomment-780724627">#2191</a>, <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2193">#2193</a>] (Thanks, <a href="https://github.com/eregon"><code>@​eregon</code></a>!)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md">nokogiri's changelog</a>.</em></p> <blockquote> <h2>1.11.4 / 2021-05-14</h2> <h3>Security</h3> <p>[CRuby] Vendored libxml2 upgraded to v2.9.12 which addresses:</p> <ul> <li><a href="https://security.archlinux.org/CVE-2019-20388">CVE-2019-20388</a></li> <li><a href="https://security.archlinux.org/CVE-2020-24977">CVE-2020-24977</a></li> <li><a href="https://security.archlinux.org/CVE-2021-3517">CVE-2021-3517</a></li> <li><a href="https://security.archlinux.org/CVE-2021-3518">CVE-2021-3518</a></li> <li><a href="https://security.archlinux.org/CVE-2021-3537">CVE-2021-3537</a></li> <li><a href="https://security.archlinux.org/CVE-2021-3541">CVE-2021-3541</a></li> </ul> <p>Note that two additional CVEs were addressed upstream but are not relevant to this release. <a href="https://security.archlinux.org/CVE-2021-3516">CVE-2021-3516</a> via <code>xmllint</code> is not present in Nokogiri, and <a href="https://security.archlinux.org/CVE-2020-7595">CVE-2020-7595</a> has been patched in Nokogiri since v1.10.8 (see <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1992">#1992</a>).</p> <p>Please see <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64">nokogiri/GHSA-7rrm-v45f-jp64 </a> or <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2233">#2233</a> for a more complete analysis of these CVEs and patches.</p> <h3>Dependencies</h3> <ul> <li>[CRuby] vendored libxml2 is updated from 2.9.10 to 2.9.12. (Note that 2.9.11 was skipped because it was superseded by 2.9.12 a few hours after its release.)</li> </ul> <h2>1.11.3 / 2021-04-07</h2> <h3>Fixed</h3> <ul> <li>[CRuby] Passing non-<code>Node</code> objects to <code>Document#root=</code> now raises an <code>ArgumentError</code> exception. Previously this likely segfaulted. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1900">#1900</a>]</li> <li>[JRuby] Passing non-<code>Node</code> objects to <code>Document#root=</code> now raises an <code>ArgumentError</code> exception. Previously this raised a <code>TypeError</code> exception.</li> <li>[CRuby] arm64/aarch64 systems (like Apple's M1) can now compile libxml2 and libxslt from source (though we continue to strongly advise users to install the native gems for the best possible experience)</li> </ul> <h2>1.11.2 / 2021-03-11</h2> <h3>Fixed</h3> <ul> <li>[CRuby] <code>NodeSet</code> may now safely contain <code>Node</code> objects from multiple documents. Previously the GC lifecycle of the parent <code>Document</code> objects could lead to nodes being GCed while still in scope. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1952#issuecomment-770856928">#1952</a>]</li> <li>[CRuby] Patch libxml2 to avoid "huge input lookup" errors on large CDATA elements. (See upstream <a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/200">GNOME/libxml2#200</a> and <a href="https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/100">GNOME/libxml2!100</a>.) [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2132">#2132</a>].</li> <li>[CRuby+Windows] Enable Nokogumbo (and other downstream gems) to compile and link against <code>nokogiri.so</code> by including <code>LDFLAGS</code> in <code>Nokogiri::VERSION_INFO</code>. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2167">#2167</a>]</li> <li>[CRuby] <code>{XML,HTML}::Document.parse</code> now invokes <code>#initialize</code> exactly once. Previously <code>#initialize</code> was invoked twice on each object.</li> <li>[JRuby] <code>{XML,HTML}::Document.parse</code> now invokes <code>#initialize</code> exactly once. Previously <code>#initialize</code> was not called, which was a problem for subclassing such as done by <code>Loofah</code>.</li> </ul> <h3>Improved</h3> <ul> <li>Reduce the number of object allocations needed when parsing an <code>HTML::DocumentFragment</code>. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2087">#2087</a>] (Thanks, <a href="https://github.com/ashmaroli"><code>@​ashmaroli</code></a>!)</li> <li>[JRuby] Update the algorithm used to calculate <code>Node#line</code> to be wrong less-often. The underlying parser, Xerces, does not track line numbers, and so we've always used a hacky solution for this method. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1223">#1223</a>, <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2177">#2177</a>]</li> <li>Introduce <code>--enable-system-libraries</code> and <code>--disable-system-libraries</code> flags to <code>extconf.rb</code>. These flags provide the same functionality as <code>--use-system-libraries</code> and the <code>NOKOGIRI_USE_SYSTEM_LIBRARIES</code> environment variable, but are more idiomatic. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2193">#2193</a>] (Thanks, <a href="https://github.com/eregon"><code>@​eregon</code></a>!)</li> <li>[TruffleRuby] <code>--disable-static</code> is now the default on TruffleRuby when the packaged libraries are used. This is more flexible and compiles faster. (Note, though, that the default on TR is still to use system libraries.) [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2191#issuecomment-780724627">#2191</a>, <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2193">#2193</a>] (Thanks, <a href="https://github.com/eregon"><code>@​eregon</code></a>!)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sparklemotion/nokogiri/commit/9d69b44ed3357b8069856083d39ee418cd10109b"><code>9d69b44</code></a> version bump to v1.11.4</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/058e87fdfda2cc2f309df098d18fe8856e785fcc"><code>058e87f</code></a> update CHANGELOG with complete CVE information</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/92852514a0d4621961deb6ce249441ff5140358f"><code>9285251</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2234">#2234</a> from sparklemotion/2233-upgrade-to-libxml-2-9-12</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/5436f6120f883e9f185d48b992f39118a4897760"><code>5436f61</code></a> update CHANGELOG</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/761d320af2872c61b91f7b147cf57481566e3c67"><code>761d320</code></a> patch: renumber libxml2 patches</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/889ee2a9cb1e190bfa664cbf3552585f4d0a09a7"><code>889ee2a</code></a> test: update behavior of namespaces in HTML</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/9751d852c005606447dac7bb17f1a56593014583"><code>9751d85</code></a> test: remove low-value HTML::SAX::PushParser encoding test</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/9fcb7d25eabfab5e701d882e72ecab3b2ea6b13c"><code>9fcb7d2</code></a> test: adjust xpath gc test to libxml2's max recursion depth</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/1c99019f5f1bee23e4bff6cf72871f470097f7b2"><code>1c99019</code></a> patch: backport libxslt configure.ac change for libxml2 config</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/82a253fe7c5bdfab5fbe4c1b0c536b5ce4c72ac3"><code>82a253f</code></a> patch: fix isnan/isinf patch to apply cleanly to libxml 2.9.12</li> <li>Additional commits viewable in <a href="https://github.com/sparklemotion/nokogiri/compare/v1.10.1...v1.11.4">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+7 -5

1 comment

1 changed file

dependabot[bot]

pr closed time in 5 hours

delete branch techx/hackmit-dayof

delete branch : dependabot/bundler/nokogiri-1.11.4

delete time in 5 hours

pull request commenttechx/hackmit-dayof

Bump nokogiri from 1.10.1 to 1.11.4

Superseded by #12.

dependabot[bot]

comment created time in 5 hours

PR opened techx/hackmit-dayof

Bump nokogiri from 1.10.1 to 1.11.7

Bumps nokogiri from 1.10.1 to 1.11.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/releases">nokogiri's releases</a>.</em></p> <blockquote> <h2>1.11.7 / 2021-06-02</h2> <ul> <li>[CRuby] Backporting an upstream fix to XPath recursion depth limits which impacted some users of complex XPath queries. This issue is present in libxml 2.9.11 and 2.9.12. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2257">#2257</a>]</li> </ul> <h3>Checksums</h3> <p>SHA256:</p> <pre><code>4976a9c9e796527d51dc6c311b9bd93a0233f6a7962a0f569aa5c782461836ef nokogiri-1.11.7.gem 9d69f57f6c024d86e358a8aef7a273f574721e48a6b2e1426cca007827325413 nokogiri-1.11.7-java.gem 6017dee25feb80292b04554cc1bf8a0a2ede3b6c3daeac811902157bbc6a3bdc nokogiri-1.11.7-x64-mingw32.gem 38892350c1e695eab9bd77483300d681c32a22714d0e2d04d10a4c343b424bdd nokogiri-1.11.7-x86-mingw32.gem 1d15603cd878fa2b710a3ba3028a99d9dd0c14b75711faebf9fb6ff40bac3880 nokogiri-1.11.7-x86-linux.gem 7ad9741e7a2fee1ffb4a4b2e20b00e87992c9efd969f557ca3b83fb2653b9bfc nokogiri-1.11.7-x86_64-linux.gem c93d66d9413ea7c37d30f95e2c54606fec638e556d454e08124d9a33b7fa82c8 nokogiri-1.11.7-arm64-darwin.gem 8761d9c7baacb26546869ed56dbc78d3eb3cabf49b85d91b1cd827cd6e94fb25 nokogiri-1.11.7-x86_64-darwin.gem </code></pre> <h2>1.11.6 / 2021-05-26</h2> <h3>Fixed</h3> <ul> <li>[CRuby] <code>DocumentFragment#path</code> now does proper error-checking to handle behavior introduced in libxml > 2.9.10. In v1.11.4 and v1.11.5, calling <code>DocumentFragment#path</code> could result in a segfault.</li> </ul> <h2>1.11.5 / 2021-05-19</h2> <h3>Fixed</h3> <p>[Windows CRuby] Work around segfault at process exit on Windows when using libxml2 system DLLs.</p> <p>libxml 2.9.12 introduced new behavior to avoid memory leaks when unloading libxml2 shared libraries (see <a href="https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/66">libxml/!66</a>). Early testing caught this segfault on non-Windows platforms (see <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2059">#2059</a> and <a href="https://gitlab.gnome.org/GNOME/libxml2/-/commit/956534e02ef280795a187c16f6ac04e107f23c5d">libxml@956534e</a>) but it was incompletely fixed and is still an issue on Windows platforms that are using system DLLs.</p> <p>We work around this by configuring libxml2 in this situation to use its default memory management functions. Note that if Nokogiri is not on Windows, or is not using shared system libraries, it will will continue to configure libxml2 to use Ruby's memory management functions. <code>Nokogiri::VERSION_INFO["libxml"]["memory_management"]</code> will allow you to verify when the default memory management functions are being used. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2241">#2241</a>]</p> <h3>Added</h3> <p><code>Nokogiri::VERSION_INFO["libxml"]</code> now contains the key <code>"memory_management"</code> to declare whether libxml2 is using its <code>default</code> memory management functions, or whether it uses the memory management functions from <code>ruby</code>. See above for more details.</p> <h2>1.11.4 / 2021-05-14</h2> <h3>Security</h3> <p>[CRuby] Vendored libxml2 upgraded to v2.9.12 which addresses:</p> <ul> <li><a href="https://security.archlinux.org/CVE-2019-20388">CVE-2019-20388</a></li> <li><a href="https://security.archlinux.org/CVE-2020-24977">CVE-2020-24977</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md">nokogiri's changelog</a>.</em></p> <blockquote> <h2>1.11.7 / 2021-06-02</h2> <ul> <li>[CRuby] Backporting an upstream fix to XPath recursion depth limits which impacted some users of complex XPath queries. This issue is present in libxml 2.9.11 and 2.9.12. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2257">#2257</a>]</li> </ul> <h2>1.11.6 / 2021-05-26</h2> <h3>Fixed</h3> <ul> <li>[CRuby] <code>DocumentFragment#path</code> now does proper error-checking to handle behavior introduced in libxml > 2.9.10. In v1.11.4 and v1.11.5, calling <code>DocumentFragment#path</code> could result in a segfault.</li> </ul> <h2>1.11.5 / 2021-05-19</h2> <h3>Fixed</h3> <p>[Windows CRuby] Work around segfault at process exit on Windows when using libxml2 system DLLs.</p> <p>libxml 2.9.12 introduced new behavior to avoid memory leaks when unloading libxml2 shared libraries (see <a href="https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/66">libxml/!66</a>). Early testing caught this segfault on non-Windows platforms (see <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2059">#2059</a> and <a href="https://gitlab.gnome.org/GNOME/libxml2/-/commit/956534e02ef280795a187c16f6ac04e107f23c5d">libxml@956534e</a>) but it was incompletely fixed and is still an issue on Windows platforms that are using system DLLs.</p> <p>We work around this by configuring libxml2 in this situation to use its default memory management functions. Note that if Nokogiri is not on Windows, or is not using shared system libraries, it will will continue to configure libxml2 to use Ruby's memory management functions. <code>Nokogiri::VERSION_INFO["libxml"]["memory_management"]</code> will allow you to verify when the default memory management functions are being used. [<a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2241">#2241</a>]</p> <h3>Added</h3> <p><code>Nokogiri::VERSION_INFO["libxml"]</code> now contains the key <code>"memory_management"</code> to declare whether libxml2 is using its <code>default</code> memory management functions, or whether it uses the memory management functions from <code>ruby</code>. See above for more details.</p> <h2>1.11.4 / 2021-05-14</h2> <h3>Security</h3> <p>[CRuby] Vendored libxml2 upgraded to v2.9.12 which addresses:</p> <ul> <li><a href="https://security.archlinux.org/CVE-2019-20388">CVE-2019-20388</a></li> <li><a href="https://security.archlinux.org/CVE-2020-24977">CVE-2020-24977</a></li> <li><a href="https://security.archlinux.org/CVE-2021-3517">CVE-2021-3517</a></li> <li><a href="https://security.archlinux.org/CVE-2021-3518">CVE-2021-3518</a></li> <li><a href="https://security.archlinux.org/CVE-2021-3537">CVE-2021-3537</a></li> <li><a href="https://security.archlinux.org/CVE-2021-3541">CVE-2021-3541</a></li> </ul> <p>Note that two additional CVEs were addressed upstream but are not relevant to this release. <a href="https://security.archlinux.org/CVE-2021-3516">CVE-2021-3516</a> via <code>xmllint</code> is not present in Nokogiri, and <a href="https://security.archlinux.org/CVE-2020-7595">CVE-2020-7595</a> has been patched in Nokogiri since v1.10.8 (see <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/1992">#1992</a>).</p> <p>Please see <a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64">nokogiri/GHSA-7rrm-v45f-jp64 </a> or <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2233">#2233</a> for a more complete analysis of these CVEs and patches.</p> <h3>Dependencies</h3> <ul> <li>[CRuby] vendored libxml2 is updated from 2.9.10 to 2.9.12. (Note that 2.9.11 was skipped because it was superseded by 2.9.12 a few hours after its release.)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sparklemotion/nokogiri/commit/0a6681e5de17c2f03b5c7f473e3356dc7490c080"><code>0a6681e</code></a> version bump to v1.11.7</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/de0844c4b346d92dfa022cceeaf53ee9cb3d0712"><code>de0844c</code></a> test: add coverage for xpath recursion depth fix</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/ed38feabcdd8eb48f9f73c82901a3964dc96992e"><code>ed38fea</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2258">#2258</a> from sparklemotion/2257-libxml2-xpath-recursion-limi...</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/1f6c66186e9e197d2acee25137cb4c7af37499f6"><code>1f6c661</code></a> fix: upstream libxml2 bug in calculating xpath query recursion depth</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/a48c305b7cb2bf1c7dc3f5881db23052428342ec"><code>a48c305</code></a> version bump to v1.11.6</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/d7b58c3a2a357b5fcdf10062f526959863c85f8b"><code>d7b58c3</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2252">#2252</a> from sparklemotion/2250-doc-frag-path-v1_11_x</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/a1b0e6b617f0333cea7d9b9e4b24749a52cea14b"><code>a1b0e6b</code></a> update CHANGELOG</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/d0f14d1b58f814b61162f8aee393ff1c77bf551e"><code>d0f14d1</code></a> fix: DocumentFragment#path checks for error case in libxml 2.9.11+</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/e43f521caa4b29deba4089bd83ae2709c19c5942"><code>e43f521</code></a> version bump to v1.11.5</li> <li><a href="https://github.com/sparklemotion/nokogiri/commit/42354e479ae5702faa8aaa0e46a771f99fd676e6"><code>42354e4</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/sparklemotion/nokogiri/issues/2243">#2243</a> from sparklemotion/flavorjones-v1_11_x-update-tests-...</li> <li>Additional commits viewable in <a href="https://github.com/sparklemotion/nokogiri/compare/v1.10.1...v1.11.7">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+7 -5

0 comment

1 changed file

pr created time in 5 hours