Upgrade github_api dependency to 0.16.0 to relax dependency on nokogiri

technicalpickles / jeweler

Opinionated tool for creating and managing Rubygem projects

MIT License

1.48k stars 164 forks source link

Upgrade github_api dependency to 0.16.0 to relax dependency on nokogiri #300

Closed cbliard closed 7 years ago

cbliard commented 7 years ago

Wanting to upgrade nokogiri to 1.7.1 to fix latest libxml2 vulnerabilities, this was not possible due to dependency to github_api 0.11.0 which depends on nokogiri ~> 1.6.0.

Upgrading to github_api 0.16.0 fixes this issue as nokogiri dependency was removed in 0.13.1.

coveralls commented 7 years ago

Coverage remained the same at 88.538% when pulling 3793d7f7065c8f84cd20b297e72b5a5a64e4cd65 on hiptest:use_github_api_16 into 20ae6a869ac588d479774cb60df896cd6138a6bb on technicalpickles:master.

flajann2 commented 7 years ago

Thanks.

grrrisu commented 7 years ago

any plan to release this security fix

flajann2 commented 7 years ago

Released.