Open Janell-Huyck opened 8 months ago
I do not see a specific 1.x version pinned anywhere, though we are currently pinned to <2.x.
Bundler-audit error messages:
Name: nokogiri Version: 1.13.8 GHSA: GHSA-2qc6-mcvw-92cw Criticality: Unknown URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw Title: Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Solution: upgrade to '>= 1.13.9'
Name: nokogiri Version: 1.13.8 GHSA: GHSA-pxvg-2qj5-37jq Criticality: Unknown URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-pxvg-2qj5-37jq Title: Update packaged libxml2 to v2.10.4 to resolve multiple CVEs Solution: upgrade to '>= 1.14.3'
Name: nokogiri Version: 1.13.8 CVE: CVE-2022-23476 GHSA: GHSA-qv4q-mr5r-qprj Criticality: High URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj Title: Unchecked return value from xmlTextReaderExpand Solution: upgrade to '>= 1.13.10'
I do not see a specific 1.x version pinned anywhere, though we are currently pinned to <2.x.
Bundler-audit error messages:
Name: nokogiri Version: 1.13.8 GHSA: GHSA-2qc6-mcvw-92cw Criticality: Unknown URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw Title: Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Solution: upgrade to '>= 1.13.9'
Name: nokogiri Version: 1.13.8 GHSA: GHSA-pxvg-2qj5-37jq Criticality: Unknown URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-pxvg-2qj5-37jq Title: Update packaged libxml2 to v2.10.4 to resolve multiple CVEs Solution: upgrade to '>= 1.14.3'
Name: nokogiri Version: 1.13.8 CVE: CVE-2022-23476 GHSA: GHSA-qv4q-mr5r-qprj Criticality: High URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj Title: Unchecked return value from xmlTextReaderExpand Solution: upgrade to '>= 1.13.10'