Update nokogiri to 1.11

SlatherOrg / slather

Generate test coverage reports for Xcode projects & hook it into CI.

MIT License

1.55k stars 236 forks source link

Update nokogiri to 1.11 #473

Closed ashin-omg closed 3 years ago

ashin-omg commented 3 years ago

Nokogiri < 1.11 is vulnerable to XML External Entity (XXE) Injection https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-1055008

coveralls commented 3 years ago

Coverage remained the same at 95.558% when pulling da077e500abe1d57187bbf8c06413b59412ce531 on ashin-omg:patch-1 into 2c336ee821caa6ecdebcd5f67cb86124f752f154 on SlatherOrg:master.

matcartmill commented 3 years ago

@ksuther can this get reviewed when you have a moment? My security team gets a digest of all issues reported and this one is flagged. Would love to tell them it's in progress.

Thanks.

danl3v commented 3 years ago

This would be great to have in. Thanks!

matcartmill commented 3 years ago

@ksuther can we get an update please?

ksuther commented 3 years ago

Thanks for the PR! I'll make a new release in the next week or so as well.