Patch #43841: Update nokogiri to v1.19.1 or later - Redmine

Actions

Copy link

Patch #43841

closed

Update nokogiri to v1.19.1 or later

Added by Katsuya HIDAKA about 4 hours ago. Updated about 4 hours ago.

Status:

Closed

Priority:

Normal

Assignee:

Go MAEDA

Category:

Gems support

Target version:

Description

CI lint is failing because bundle-audit reports a vulnerability in nokogiri 1.18.x (GHSA-wx95-c6cv-8532).
This patch updates the dependency requirement to nokogiri v1.19.1 or later to address it.

Verified that tests pass after the update: https://github.com/farend-biz/redmine-dev/actions/runs/22343849608

diff --git a/Gemfile b/Gemfile
index ca99c15a5..6a8ad4ecf 100644
--- a/Gemfile
+++ b/Gemfile
@@ -9,7 +9,7 @@ gem "actionpack-xml_parser" 
 gem 'roadie-rails', '~> 3.4.0'
 gem 'marcel'
 gem 'mail', '~> 2.9.0'
-gem 'nokogiri', '~> 1.18.3'
+gem 'nokogiri', '~> 1.19.1'
 gem 'i18n', '~> 1.14.1'
 gem 'rbpdf', '~> 1.21.4'
 gem 'addressable'

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Redmine

Custom queries

Patch #43841

Update nokogiri to v1.19.1 or later

Updated by Go MAEDA about 4 hours ago