This repository has been archived by the owner on Jun 30, 2021. It is now read-only.
🚨 [security] [ruby] Update nokogiri: 1.10.3 → 1.10.4 (patch) #317
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🚨 Your version of nokogiri has known security vulnerabilities 🚨
Advisory: CVE-2019-5477
Disclosed: August 11, 2019
URL: https://github.com/sparklemotion/nokogiri/issues/1915
Nokogiri Command Injection Vulnerability
🚨 We recommend to merge and deploy this update as soon as possible! 🚨
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
Commits
See the full diff on Github. The new version differs by 9 commits:
version bump to v1.10.4
Merge branch '1915-css-tokenizer-load-file-vulnerability_v1.10.x' into v1.10.x
update CHANGELOG
regenerate lexical scanner using rexical 1.0.7
eliminate `eval` from Builder#initialize
rufo formatting
rubocop security scan is run as part of the `test` rake target
add rubocop as a dev dependency
adding a temporary pipeline for v1.10.x
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase
.All Depfu comment commands