Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency nokogiri to v1.18.3 [security] #2870

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update dependency nokogiri to v1.18.3 [security] #2870

wants to merge 1 commit into from
+3 −3

Conversation

renovate-bot
Copy link
Contributor

@renovate-bot renovate-bot commented Feb 18, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
nokogiri 1.16.5 -> 1.18.3 age adoption passing confidence

GitHub Vulnerability Alerts

GHSA-vvfq-8hwr-qm4m

Summary

Nokogiri v1.18.3 upgrades its dependency libxml2 to v2.13.6.

libxml2 v2.13.6 addresses:

Impact

CVE-2025-24928

Stack-buffer overflow is possible when reporting DTD validation errors if the input contains a long (~3kb) QName prefix.

CVE-2024-56171

Use-after-free is possible during validation against untrusted XML Schemas (.xsd) and, potentially, validation of untrusted documents against trusted Schemas if they make use of xsd:keyref in combination with recursively defined types that have additional identity constraints.

GHSA-5mwf-688x-mr7x

Summary

Nokogiri v1.18.3 upgrades its dependency libxml2 to
v2.13.6.

libxml2 v2.13.6 addresses:

Impact

CVE-2025-24928

Stack-buffer overflow is possible when reporting DTD validation
errors if the input contains a long (~3kb) QName prefix.

CVE-2024-56171

Use-after-free is possible during validation against untrusted
XML Schemas (.xsd) and, potentially, validation of untrusted documents
against trusted Schemas if they make use of xsd:keyref in combination
with recursively defined types that have additional identity constraints.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@dpebot
Copy link
Collaborator

dpebot commented Feb 18, 2025

/gcbrun

@renovate-bot renovate-bot force-pushed the renovate/data-rubygems-nokogiri-vulnerability branch from a2fecb3 to 30706de Compare February 18, 2025 23:34
@dpebot
Copy link
Collaborator

dpebot commented Feb 18, 2025

/gcbrun

@renovate-bot renovate-bot force-pushed the renovate/data-rubygems-nokogiri-vulnerability branch from 30706de to e615c45 Compare February 18, 2025 23:53
@dpebot
Copy link
Collaborator

dpebot commented Feb 18, 2025

/gcbrun

@renovate-bot renovate-bot force-pushed the renovate/data-rubygems-nokogiri-vulnerability branch from e615c45 to 2f83754 Compare February 19, 2025 00:00
@dpebot
Copy link
Collaborator

dpebot commented Feb 19, 2025

/gcbrun

@renovate-bot renovate-bot force-pushed the renovate/data-rubygems-nokogiri-vulnerability branch from 2f83754 to fb2156a Compare February 19, 2025 00:08
@dpebot
Copy link
Collaborator

dpebot commented Feb 19, 2025

/gcbrun

@renovate-bot renovate-bot force-pushed the renovate/data-rubygems-nokogiri-vulnerability branch from fb2156a to c19a58f Compare February 19, 2025 00:51
@dpebot
Copy link
Collaborator

dpebot commented Feb 19, 2025

/gcbrun

@renovate-bot renovate-bot force-pushed the renovate/data-rubygems-nokogiri-vulnerability branch from c19a58f to d14adaa Compare February 19, 2025 18:25
@dpebot
Copy link
Collaborator

dpebot commented Feb 19, 2025

/gcbrun

@renovate-bot renovate-bot force-pushed the renovate/data-rubygems-nokogiri-vulnerability branch from d14adaa to 9713a0f Compare February 19, 2025 18:34
@dpebot
Copy link
Collaborator

dpebot commented Feb 19, 2025

/gcbrun

@renovate-bot renovate-bot force-pushed the renovate/data-rubygems-nokogiri-vulnerability branch from 9713a0f to 4596dc1 Compare February 19, 2025 19:28
@dpebot
Copy link
Collaborator

dpebot commented Feb 19, 2025

/gcbrun

@renovate-bot renovate-bot force-pushed the renovate/data-rubygems-nokogiri-vulnerability branch from 4596dc1 to bb559eb Compare February 19, 2025 20:37
@dpebot
Copy link
Collaborator

dpebot commented Feb 19, 2025

/gcbrun

@renovate-bot renovate-bot force-pushed the renovate/data-rubygems-nokogiri-vulnerability branch from bb559eb to a641270 Compare February 19, 2025 22:33
@dpebot
Copy link
Collaborator

dpebot commented Feb 19, 2025

/gcbrun

@renovate-bot renovate-bot force-pushed the renovate/data-rubygems-nokogiri-vulnerability branch from a641270 to b9deb61 Compare February 19, 2025 22:59
@dpebot
Copy link
Collaborator

dpebot commented Feb 19, 2025

/gcbrun

@renovate-bot renovate-bot force-pushed the renovate/data-rubygems-nokogiri-vulnerability branch from b9deb61 to ab7a5d7 Compare February 20, 2025 02:26
@dpebot
Copy link
Collaborator

dpebot commented Feb 20, 2025

/gcbrun

@renovate-bot renovate-bot force-pushed the renovate/data-rubygems-nokogiri-vulnerability branch from ab7a5d7 to 5de102e Compare February 20, 2025 18:10
@dpebot
Copy link
Collaborator

dpebot commented Feb 20, 2025

/gcbrun

@renovate-bot renovate-bot force-pushed the renovate/data-rubygems-nokogiri-vulnerability branch from 5de102e to 7173d74 Compare February 20, 2025 19:04
@dpebot
Copy link
Collaborator

dpebot commented Feb 20, 2025

/gcbrun

@renovate-bot renovate-bot force-pushed the renovate/data-rubygems-nokogiri-vulnerability branch from 7173d74 to cbf205a Compare February 20, 2025 20:11
@dpebot
Copy link
Collaborator

dpebot commented Feb 20, 2025

/gcbrun

@renovate-bot renovate-bot force-pushed the renovate/data-rubygems-nokogiri-vulnerability branch from cbf205a to 3e6e649 Compare February 20, 2025 20:31
@dpebot
Copy link
Collaborator

dpebot commented Feb 20, 2025

/gcbrun

@renovate-bot renovate-bot force-pushed the renovate/data-rubygems-nokogiri-vulnerability branch from 3e6e649 to 416d1fa Compare February 20, 2025 21:19
@dpebot
Copy link
Collaborator

dpebot commented Feb 20, 2025

/gcbrun

@renovate-bot renovate-bot force-pushed the renovate/data-rubygems-nokogiri-vulnerability branch from 416d1fa to 583700b Compare February 20, 2025 22:03
@dpebot
Copy link
Collaborator

dpebot commented Feb 20, 2025

/gcbrun

@renovate-bot renovate-bot force-pushed the renovate/data-rubygems-nokogiri-vulnerability branch from 583700b to 6251773 Compare February 20, 2025 22:38
@dpebot
Copy link
Collaborator

dpebot commented Feb 20, 2025

/gcbrun

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bharathkkb bharathkkb Awaiting requested review from bharathkkb bharathkkb is a code owner

@g-awmalik g-awmalik Awaiting requested review from g-awmalik g-awmalik is a code owner

@apeabody apeabody Awaiting requested review from apeabody apeabody is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
type:security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@renovate-bot @dpebot