Project

General

Profile

Actions
Copy link

Patch #43841

closed

Update nokogiri to v1.19.1 or later

Added by Katsuya HIDAKA about 4 hours ago. Updated about 4 hours ago.

Status:
Closed
Priority:
Normal
Assignee:
Go MAEDA
Category:
Gems support
Target version:
-

Description

CI lint is failing because bundle-audit reports a vulnerability in nokogiri 1.18.x (GHSA-wx95-c6cv-8532).
This patch updates the dependency requirement to nokogiri v1.19.1 or later to address it.

Verified that tests pass after the update: https://github.com/farend-biz/redmine-dev/actions/runs/22343849608

diff --git a/Gemfile b/Gemfile
index ca99c15a5..6a8ad4ecf 100644
--- a/Gemfile
+++ b/Gemfile
@@ -9,7 +9,7 @@ gem "actionpack-xml_parser" 
 gem 'roadie-rails', '~> 3.4.0'
 gem 'marcel'
 gem 'mail', '~> 2.9.0'
-gem 'nokogiri', '~> 1.18.3'
+gem 'nokogiri', '~> 1.19.1'
 gem 'i18n', '~> 1.14.1'
 gem 'rbpdf', '~> 1.21.4'
 gem 'addressable'
Actions
Copy link
 #1

Updated by Go MAEDA about 4 hours ago

  • Status changed from New to Closed
  • Assignee set to Go MAEDA

I have updated Gemfile in r24456,r24457, and r24458. Thank you.

Actions
Copy link

Also available in: Atom PDF