Bump nokogiri from 1.18.2 to 1.18.3 in the bundler group

[dependabot]

Bumps the bundler group with 1 update: nokogiri.

Updates nokogiri from 1.18.2 to 1.18.3

Release notes

Sourced from nokogiri's releases.

v1.18.3 / 2025-02-18

Security

• [CRuby] Vendored libxml2 is updated to v2.13.6 to address CVE-2025-24928 and CVE-2024-56171. See GHSA-vvfq-8hwr-qm4m for more information.

cab20305133078a8f6b60cf96311b48319175038cc7772e5ec586ff624cb7838  nokogiri-1.18.3-aarch64-linux-gnu.gem
acb256bb3213a180b1ed84a49c06d5d4c6c1da26f33bc9681f1fece4dab09a79  nokogiri-1.18.3-aarch64-linux-musl.gem
ce088965cd424b8e752d82087dcf017069d55791f157098ed1f671d966857610  nokogiri-1.18.3-arm64-darwin.gem
37b73a55e0d1e8a058a24abb16868903e81cb4773049739c532b864f87236b1b  nokogiri-1.18.3-arm-linux-gnu.gem
09407970cd13736cf87e975fae69c13e1178bab0313d07b35580ee4dd3650793  nokogiri-1.18.3-arm-linux-musl.gem
6b9fc3b14fd0cedd21f6cad8cf565123ba7401e56b5d0aec180c23cdca28fd5a  nokogiri-1.18.3.gem
236078c5f80ffc3d49c223fa98933d970543455403f9d672ca0aa5a6178a84fe  nokogiri-1.18.3-java.gem
216be1cb454c4657fc64747e5ae32b2ab4015843183766f238e4f4a62fb1f6be  nokogiri-1.18.3-x64-mingw-ucrt.gem
d729406bb5a7b1bbe7ed3c0922336dd2c46085ed444d6de2a0a4c33950a4edea  nokogiri-1.18.3-x86_64-darwin.gem
3c7ad5cee39855ed9c746065f39b584b9fd2aaff61df02d0f85ba8d671bbe497  nokogiri-1.18.3-x86_64-linux-gnu.gem
8aaecc22c0e5f12dac613e15f9a04059c3ec859d6f98f493cc831bd88fe8e731  nokogiri-1.18.3-x86_64-linux-musl.gem

Changelog

Sourced from nokogiri's changelog.

v1.18.3 / 2025-02-18

Security

• [CRuby] Vendored libxml2 is updated v2.13.6 to address CVE-2025-24928 and CVE-2024-56171. Nokogiri's maintainers believe these vulnerabilities do not affect users of Nokogiri, but we advise upgrading at your earliest convenience anyway.

Commits

• fd3ca2e version bump to v1.18.3
• a8c526a dep: update libxml2 to v2.13.6 (#3437)
• 0847cf8 ci: tired of waiting for gnome mirrors
• 11945c8 dep: update libxml2 to v2.13.6
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.