search

sadovnik / reader

A simple feed reader app https://reader-app.herokuapp.com
2 stars 0 forks source link

🚨 [security] Update nokogiri: 1.10.2 → 1.10.4 (patch) #212

Closed depfu[bot] closed 5 years ago

depfu[bot] commented 5 years ago

🚨 Your version of nokogiri has known security vulnerabilities 🚨

Advisory: CVE-2019-5477 Disclosed: August 11, 2019 URL: https://github.com/sparklemotion/nokogiri/issues/1915

Nokogiri Command Injection Vulnerability


🚨 We recommend to merge and deploy this update as soon as possible! 🚨

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ nokogiri (1.10.2 → 1.10.4) · Repo · Changelog

Release Notes

1.10.3

1.10.3 / 2019-04-22

Security Notes

[MRI] Pulled in upstream patch from libxslt that addresses CVE-2019-11068. Full details are available in #1892. Note that this patch is not yet (as of 2019-04-22) in an upstream release of libxslt.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 14 commits:

Depfu Status

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands
@​depfu rebase
Rebases against your default branch and redoes this update
@​depfu merge
Merges this PR once your tests are passing and conflicts are resolved
@​depfu close
Closes this PR and deletes the branch
@​depfu reopen
Restores the branch and reopens this PR (if it's closed)
@​depfu pause
Ignores all future updates for this dependency and closes this PR
@​depfu pause [minor|major]
Ignores all future minor/major updates for this dependency and closes this PR
@​depfu resume
Future versions of this dependency will create PRs again (leaves this PR as is)
depfu[bot] commented 5 years ago

Closed in favor of #220.