[CRuby] Address CVE-2022-29181, improper handling of unexpected data types, related to untrusted inputs to the SAX parsers. See GHSA-xh29-r2w5-wx8m for more information.
[CRuby] Vendored libxml2 is updated to address CVE-2022-29824. See GHSA-cgx6-hpwq-fhv5 for more information.
Note this gem uses nokogiri only for running the tests and it is never used in the gem itself. These security advisors should not pose a risk to users of the gem.
hsanson
commented
2 years ago
Security advisor on nokogiri 1.13.4:
Note this gem uses nokogiri only for running the tests and it is never used in the gem itself. These security advisors should not pose a risk to users of the gem.