Closed AliSoftware closed 2 months ago
📲 You can test the changes from this Pull Request in Simplenote Android by scanning the QR code below to install the corresponding build.
App Name | Simplenote Android | |
Build Type | Debug | |
Commit | 30a35ecc2d8cce1380146a3d8d24ee2f722c0f33 | |
Direct Download | simplenote-android-prototype-build-pr1677-30a35ec-01914595-0da3-42c9-b2ca-9ffc968fe9e2.apk |
Note that while this PR fixed the rexml
-related CVEs, there's currently one remaining CVE about nokogiri
still open.
Fixing it will require to update release-toolkit
to a newer version, as nokogiri
is a dependency of it and that's where the version constraint on it comes from. Since there's already a WIP PR to update release-toolkit
in https://github.com/Automattic/simplenote-android/pull/1676, that last CVE should be fixed once that other PR lands.
This should address most of the currently opened Dependabot alerts about Ruby gems—in particular about
rexml