Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Ruby dependencies to address nokogiri issue #23461

Merged
merged 1 commit into from
Aug 5, 2024
Merged

Update Ruby dependencies to address nokogiri issue #23461

merged 1 commit into from
Aug 5, 2024

Conversation

jkmassel
Copy link
Contributor

@jkmassel jkmassel commented Aug 1, 2024

Nokogiri v1.16.5 upgrades its dependency libxml2 to 2.12.7 from 2.12.6.

libxml2 v2.12.7 addresses CVE-2024-34459:

described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
patched by https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53

Fixes https://github.com/wordpress-mobile/WordPress-iOS/security/dependabot/27

@jkmassel
Update Ruby dependencies to address nokogiri issue
666b15e 
> Nokogiri v1.16.5 upgrades its dependency libxml2 to 2.12.7 from 2.12.6.
>
> libxml2 v2.12.7 addresses CVE-2024-34459:
>
>    described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
>    patched by https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53
@jkmassel jkmassel added the Tooling Build, Release, and Validation Tools label Aug 1, 2024
@jkmassel jkmassel requested a review from a team August 1, 2024 16:59
@jkmassel jkmassel self-assigned this Aug 1, 2024
@jkmassel jkmassel enabled auto-merge August 1, 2024 16:59
@jkmassel jkmassel added this to the Pending milestone Aug 1, 2024
@wpmobilebot
Copy link
Contributor

Jetpack Alpha📲 You can test the changes from this Pull Request in Jetpack Alpha by scanning the QR code below to install the corresponding build.
App NameJetpack Alpha Jetpack Alpha
ConfigurationRelease-Alpha
Build Numberpr23461-666b15e
Version25.2
Bundle IDcom.jetpack.alpha
Commit666b15e
App Center Buildjetpack-installable-builds #9447
 Automatticians: You can use our internal self-serve MC tool to give yourself access to App Center if needed.

@wpmobilebot
Copy link
Contributor

WordPress Alpha📲 You can test the changes from this Pull Request in WordPress Alpha by scanning the QR code below to install the corresponding build.
App NameWordPress Alpha WordPress Alpha
ConfigurationRelease-Alpha
Build Numberpr23461-666b15e
Version25.2
Bundle IDorg.wordpress.alpha
Commit666b15e
App Center BuildWPiOS - One-Offs #10405
 Automatticians: You can use our internal self-serve MC tool to give yourself access to App Center if needed.

AliSoftware
AliSoftware approved these changes Aug 5, 2024
View reviewed changes
Copy link
Contributor

@AliSoftware AliSoftware left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good 👍

💡 💭 @jkmassel You might want to apply a similar update on WordPressAuthenticator-iOS while at it.

I noticed there was a quite old PR created by dependabot for numping nokogiri on that repo already, but it's quite outdated and for an even older version; not sure why dependabot wasn't able to auto-create a PR for this alert in that other repo 🤷

@jkmassel jkmassel added this pull request to the merge queue Aug 5, 2024
Merged via the queue into trunk with commit 3b31548 Aug 5, 2024
26 checks passed
@jkmassel jkmassel deleted the update/nokogiri branch August 5, 2024 13:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AliSoftware AliSoftware AliSoftware approved these changes

Assignees

@jkmassel jkmassel

Labels
Tooling Build, Release, and Validation Tools
Projects
None yet
Milestone
Pending
Development

Successfully merging this pull request may close these issues.
3 participants
@jkmassel @wpmobilebot @AliSoftware