nokogiri is a gem for parsing HTML, XML, SAX, and Reader.
Affected versions of this package are vulnerable to Improper Handling of Unexpected Data Type due to incorrectly checking the types of arguments to various constructors in HTML4::SAX and XML::SAX, which causes a segmentation fault.
What?
What does this PR change, and how does that solve the problem noted above? Call out any related changes, and add before-and-after screenshots for UI updates.
Caveats
Are there downsides or side-effects that should be weighed against this update? Any lingering unknowns or things you can’t test without production data or traffic?
Testing Notes
Is any special setup required to test this change? Non-obvious things that should be checked?
A list of things to test:
[ ] Test item 1
[ ] Test item 2
[ ] Test item 3
Alternatives Considered
Were there other approaches or solutions to this problem which you considered? Why were they not chosen?
Further Reading
Were there articles or StackOverflow answers you found especially eye-opening when working on this? Slack conversation around this? Provide a link to the thread.
https://tractionguest.atlassian.net/browse/SST-19671
Why?
nokogiri is a gem for parsing HTML, XML, SAX, and Reader.
Affected versions of this package are vulnerable to Improper Handling of Unexpected Data Type due to incorrectly checking the types of arguments to various constructors in HTML4::SAX and XML::SAX, which causes a segmentation fault.
What?
What does this PR change, and how does that solve the problem noted above? Call out any related changes, and add before-and-after screenshots for UI updates.
Caveats
Are there downsides or side-effects that should be weighed against this update? Any lingering unknowns or things you can’t test without production data or traffic?
Testing Notes
Is any special setup required to test this change? Non-obvious things that should be checked?
A list of things to test:
Alternatives Considered
Were there other approaches or solutions to this problem which you considered? Why were they not chosen?
Further Reading
Were there articles or StackOverflow answers you found especially eye-opening when working on this? Slack conversation around this? Provide a link to the thread.
Merge Instructions
Please DO NOT squash my commits when merging