Closed AliSoftware closed 2 months ago
wpmobilebot
commented
2 months ago 📲 You can test the changes from this Pull Request in Simplenote Android by scanning the QR code below to install the corresponding build.
 |
App Name | Simplenote Android |
| Build Type | Debug | |
| Commit | 30a35ecc2d8cce1380146a3d8d24ee2f722c0f33 | |
| Direct Download | simplenote-android-prototype-build-pr1677-30a35ec-01914595-0da3-42c9-b2ca-9ffc968fe9e2.apk |
AliSoftware
commented
2 months ago Note that while this PR fixed the rexml-related CVEs, there's currently one remaining CVE about nokogiri still open.
Fixing it will require to update release-toolkit to a newer version, as nokogiri is a dependency of it and that's where the version constraint on it comes from. Since there's already a WIP PR to update release-toolkit in https://github.com/Automattic/simplenote-android/pull/1676, that last CVE should be fixed once that other PR lands.
This should address most of the currently opened Dependabot alerts about Ruby gems—in particular about
rexml