From 83a25716917a0ad82b0a9316358c95964e76822f Mon Sep 17 00:00:00 2001
From: Mike Dalessio <mike.dalessio@gmail.com>
Date: Fri, 15 Mar 2024 18:28:19 -0400
Subject: [PATCH] dep: bump libxml to v2.11.7

Addresses CVE-2024-25062

See related https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j
---
 CHANGELOG.md     | 13 +++++++++++++
 dependencies.yml |  7 +++----
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index cf86d0e330a..ab8561b6a24 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,19 @@ Nokogiri follows [Semantic Versioning](https://semver.org/), please see the [REA
 
 ---
 
+## 1.15.next / unreleased
+
+### Security
+
+* [CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See [GHSA-xc9x-jj77-9p9j](https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j) for more information.
+
+
+### Dependencies
+
+* [CRuby] Vendored libxml2 is updated to v2.11.7 from v2.11.6. For details please see https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.7
+
+
+
 ## 1.15.5 / 2023-11-17
 
 ### Dependencies
diff --git a/dependencies.yml b/dependencies.yml
index 8b1760f21cf..1e8cbcae74e 100644
--- a/dependencies.yml
+++ b/dependencies.yml
@@ -1,8 +1,7 @@
-
 libxml2:
-  version: "2.11.6"
-  sha256: "c90eee7506764abbe07bb616b82da452529609815aefef423d66ef080eb0c300"
-  # sha-256 hash provided in https://download.gnome.org/sources/libxml2/2.11/libxml2-2.11.6.sha256sum
+  version: "2.11.7"
+  sha256: "fb27720e25eaf457f94fd3d7189bcf2626c6dccf4201553bc8874d50e3560162"
+  # sha-256 hash provided in https://download.gnome.org/sources/libxml2/2.11/libxml2-2.11.7.sha256sum
 
 libxslt:
   version: "1.1.39"