Skip to content

dep: update libxml2 to v2.13.6 (main branch) #3438

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Feb 19, 2025
Merged

dep: update libxml2 to v2.13.6 (main branch) #3438

merged 3 commits into from
Feb 19, 2025

Conversation

flavorjones
Copy link
Member

What problem is this PR intended to solve?

Forward-port #3437 to main.

@flavorjones flavorjones force-pushed the flavorjones-dep-libxml-2.13.6_main branch from fd38270 to 4374b2b Compare February 19, 2025 14:30
@flavorjones flavorjones merged commit 130b173 into main Feb 19, 2025
146 checks passed
@flavorjones flavorjones deleted the flavorjones-dep-libxml-2.13.6_main branch February 19, 2025 17:13
@flavorjones flavorjones mentioned this pull request Feb 24, 2025
Merged
flavorjones added a commit that referenced this pull request Mar 2, 2025
@flavorjones
dep: update libxml2 to v2.13.6 (v1.17.x branch) (#3448)
ee5e835 
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6

See related #3437 and #3438

I'm not making any kind of statement or promises about whether I'll cut
security releases for v1.17.x in the future. I'm doing this because
Mastodon 4.2 still supports Ruby 3.0 and its dependency on ruby-saml
makes it potentially impacted by the underlying libxml2 fixes.

I know somebody out there, somewhere, is going to say "I'll stay on Ruby
3.0 if Mike is going to keep cutting security updates", and hoo boy that
is NOT a bet you should be making. I am the most enthusiastic supporter
of "dropping support for EOL versions of Ruby" that you will ever meet,
and this is NOT going to continue.

I know somebody out there, somewhere, is going to try to convince me
that because I made this one security update, I'm somehow _obligated_ to
continue supporting the v1.17.x branch. If you feel the urge to send me
a message like that, please restrain yourself and do not make me regret
doing this thing.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
vendored/libxml2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@flavorjones