Update Nokogiri to version >= 1.14.3 - Githubissues

SlatherOrg / slather

Generate test coverage reports for Xcode projects & hook it into CI.

MIT License

1.55k stars 233 forks source link

Update Nokogiri to version >= 1.14.3 #538

Closed alfredocadiz-oviva closed 9 months ago

alfredocadiz-oviva commented 1 year ago

Hi!

There are some libxml2 vulnerabilities that are resolved in the latest Nokogiri release:

CVE-2023-29469: Hashing of empty dict strings isn't deterministic
CVE-2023-28484: Fix null deref in xmlSchemaFixupComplexType
Schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK

The proposed mitigation action is updating Nokogiri dependency to >= 1.14.3. Is it possible to this for Slather?