ODNZSL / nzsl-online

New Zealand Sign Language Dictionary
GNU General Public License v3.0
40 stars 11 forks source link

chore(deps): update dependency nokogiri to ~> 1.12.0 [security] - autoclosed #1409

Closed renovate[bot] closed 3 years ago

renovate[bot] commented 3 years ago

WhiteSource Renovate

This PR contains the following updates:

Package Update Change
nokogiri minor ~> 1.11.1 -> ~> 1.12.0

GitHub Vulnerability Alerts

CVE-2021-41098

Severity

The Nokogiri maintainers have evaluated this as High Severity 7.5 (CVSS3.0) for JRuby users. (This security advisory does not apply to CRuby users.)

Impact

In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default.

Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected:

Mitigation

JRuby users should upgrade to Nokogiri v1.12.5 or later. There are no workarounds available for v1.12.4 or earlier.

CRuby users are not affected.


Configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR has been generated by WhiteSource Renovate. View repository job log here.