🚨 [security] Update nokogiri: 1.10.7 → 1.10.8 (patch) #67
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🚨 Your version of nokogiri has known security vulnerabilities 🚨
Advisory: CVE-2020-7595
Disclosed: February 10, 2020
URL: https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7595.html
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
🚨 We recommend to merge and deploy this update as soon as possible! 🚨
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ nokogiri (1.10.7 → 1.10.8) · Repo · Changelog
Release Notes
1.10.8
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 5 commits:
version bump to v1.10.8
update CHANGELOG for v1.10.8
remove patches from the hoe Manifest
update to use rake-compiler ~1.1.0
backport libxml2 patch for CVE-2020-7595
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase
.All Depfu comment commands