search

spree / deface

Rails plugin that allows you to customize ERB views in a Rails application without editing the underlying view.
MIT License
520 stars 127 forks source link

Deface requires vulnerable version of nokogiri #170

Closed hxegon closed 7 years ago

hxegon commented 7 years ago

I found this with bundle audit using 1.0.2, but the new versions also require nokogiri ~> 1.6.x, which is vulnerable.

More info here: https://github.com/sparklemotion/nokogiri/issues/1582

domcleal commented 7 years ago

Newer versions (i.e. deface 1.2.0) require ~> 1.6, which permits the very latest version of nokogiri, 1.7.1.