dep: update libxml2 to v2.12.5

flavorjones · flavorjones · commit 0d4018dc7009 · 2024-02-04T10:38:55.000-05:00
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5 This addresses CVE-2024-25062, for more information see: GHSA-xc9x-jj77-9p9j
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,18 @@ Nokogiri follows [Semantic Versioning](https://semver.org/), please see the [REA
 
 ---
 
+## v1.16.next / unreleased
+
+### Security
+
+* [CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See [GHSA-xc9x-jj77-9p9j](https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j) for more information.
+
+
+### Dependencies
+
+* [CRuby] Vendored libxml2 is updated to [v2.12.5](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5) from v2.12.4. (@flavorjones)
+
+
 ## v1.16.1 / 2024-02-03
 
 ### Dependencies
diff --git a/dependencies.yml b/dependencies.yml
@@ -1,8 +1,8 @@
 
 libxml2:
-  version: "2.12.4"
-  sha256: "497360e423cf0bd99eacdb7c6215dea92e6d6e89ee940393c2bae0e77cb9b7d0"
-  # sha-256 hash provided in https://download.gnome.org/sources/libxml2/2.12/libxml2-2.12.4.sha256sum
+  version: "2.12.5"
+  sha256: "a972796696afd38073e0f59c283c3a2f5a560b5268b4babc391b286166526b21"
+  # sha-256 hash provided in https://download.gnome.org/sources/libxml2/2.12/libxml2-2.12.5.sha256sum
 
 libxslt:
   version: "1.1.39"
