Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade nokogiri to 1.10.5 #12735

Merged
merged 2 commits into from Nov 18, 2019
Merged

Upgrade nokogiri to 1.10.5 #12735

merged 2 commits into from Nov 18, 2019

Conversation

ferristseng
Copy link
Contributor

Resolves a security warning:

Name: nokogiri
Version: 1.10.4
Advisory: CVE-2019-13117
Criticality: Unknown
URL: https://github.com/sparklemotion/nokogiri/issues/1943
Title: Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
Solution: upgrade to >= 1.10.5

Description

Upgrades nokogiri to 1.10.5, which updates the included libxml dependency that contained a couple of vulnerabilities. I wouldn't expect any breakages

See: sparklemotion/nokogiri#1943

@pkarman pkarman added the Ready-to-Merge This PR is ready to be merged and will be picked up by va-bot to automatically merge to master label Nov 18, 2019
pkarman
pkarman approved these changes Nov 18, 2019
View reviewed changes
Copy link
Contributor

@pkarman pkarman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@codeclimate
Copy link

codeclimate bot commented Nov 18, 2019
edited

Code Climate has analyzed commit 89025bb and detected 0 issues on this pull request.

View more on Code Climate.

@va-bot va-bot merged commit aa0f1f7 into master Nov 18, 2019
@va-bot va-bot deleted the ftseng-nokogiri-1.10.5 branch November 18, 2019 16:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pkarman pkarman pkarman approved these changes

Assignees
No one assigned
Labels
Ready-to-Merge This PR is ready to be merged and will be picked up by va-bot to automatically merge to master
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ferristseng @pkarman @va-bot