Skip to content

Commit

Permalink
dep: bump Nokogiri dependency to address the foreign style issue
Browse files Browse the repository at this point in the history
  • Loading branch information
flavorjones committed Nov 30, 2024
1 parent cd18b0e commit b0220b8
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 21 deletions.
4 changes: 0 additions & 4 deletions Gemfile
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,3 @@ group :rubocop do
gem "rubocop-performance", require: false
gem "rubocop-rails", require: false
end

# specify gem versions for old rubies
gem "nokogiri", ">= 1.7"
gem "activesupport", ">= 5"
18 changes: 4 additions & 14 deletions Gemfile.lock
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ PATH
specs:
rails-html-sanitizer (1.6.0)
loofah (~> 2.21)
nokogiri (~> 1.14)
nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)

GEM
remote: https://rubygems.org/
Expand Down Expand Up @@ -34,18 +34,10 @@ GEM
loofah (2.22.0)
crass (~> 1.0.2)
nokogiri (>= 1.12.0)
mini_portile2 (2.8.8)
minitest (5.24.1)
nokogiri (1.16.7-aarch64-linux)
racc (~> 1.4)
nokogiri (1.16.7-arm-linux)
racc (~> 1.4)
nokogiri (1.16.7-arm64-darwin)
racc (~> 1.4)
nokogiri (1.16.7-x86-linux)
racc (~> 1.4)
nokogiri (1.16.7-x86_64-darwin)
racc (~> 1.4)
nokogiri (1.16.7-x86_64-linux)
nokogiri (1.16.8)
mini_portile2 (~> 2.8.2)
racc (~> 1.4)
parallel (1.26.2)
parser (3.3.4.2)
Expand Down Expand Up @@ -98,9 +90,7 @@ PLATFORMS
x86_64-linux

DEPENDENCIES
activesupport (>= 5)
minitest
nokogiri (>= 1.7)
rails-html-sanitizer!
rake
rubocop (>= 1.25.1)
Expand Down
8 changes: 5 additions & 3 deletions rails-html-sanitizer.gemspec
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,10 @@ Gem::Specification.new do |spec|
spec.test_files = Dir["test/**/*"]
spec.require_paths = ["lib"]

# NOTE: There's no need to update dependencies for CVEs in minor releases
# when users can simply run `bundle update loofah`.
spec.add_dependency "loofah", "~> 2.21"
spec.add_dependency "nokogiri", "~> 1.14"

# A fix was shipped in nokogiri v1.15.7 and v1.16.8 without which there is a vulnerability in this gem.
spec.add_dependency "nokogiri", [">=1.15.7",
"!=1.16.0", "!=1.16.0.rc1", "!=1.16.1", "!=1.16.2", "!=1.16.3",
"!=1.16.4", "!=1.16.5", "!=1.16.6", "!=1.16.7"]
end

0 comments on commit b0220b8

Please sign in to comment.