Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrading nokogiri gem due to security vulnerability #256

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Commits on Apr 23, 2018

  1. Upgrading nokogiri gem due to security vulnerability

    Note that this upgrade changes minimum required ruby version from
    1.9.3-p551 to 2.1.8.
    
    ```
    $ bundle audit check
    Name: nokogiri
    Version: 1.6.8.1
    Advisory: CVE-2016-4658
    Criticality: Unknown
    URL: sparklemotion/nokogiri#1615
    Title: Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
    Solution: upgrade to >= 1.7.1
    
    Name: nokogiri
    Version: 1.6.8.1
    Advisory: CVE-2017-5029
    Criticality: Unknown
    URL: sparklemotion/nokogiri#1634
    Title: Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
    Solution: upgrade to >= 1.7.2
    
    Name: nokogiri
    Version: 1.6.8.1
    Advisory: CVE-2016-4658
    Criticality: Unknown
    URL: sparklemotion/nokogiri#1615
    Title: Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
    Solution: upgrade to >= 1.7.1
    
    Name: nokogiri
    Version: 1.6.8.1
    Advisory: CVE-2017-5029
    Criticality: Unknown
    URL: sparklemotion/nokogiri#1634
    Title: Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
    Solution: upgrade to >= 1.7.2
    
    Vulnerabilities found!
    ```
    juchem committed Apr 23, 2018
    Configuration menu
    Copy the full SHA
    fa1cb60 View commit details
    Browse the repository at this point in the history
  2. Configuration menu
    Copy the full SHA
    7ba5388 View commit details
    Browse the repository at this point in the history