Update nokogiri gem from 1.11.1 to 1.11.5 (!3534) · Merge requests · GitLab.org / gitaly · GitLab

Takuya Noguchi requested to merge update-nokogiri-to-1.11.5 into master May 24, 2021

Updates nokogiri gem from 1.11.1 to 1.11.5 to address CVE-2019-20388, CVE-2020-24977, CVE-2021-3517, CVE-2021-3518, CVE-2021-3537, CVE-2021-3541. See https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64 for details of these vulnerabilities.

nokogiri gem is used through gitlab-gollum-lib gem to render GitLab Wikis.

Upstream update in full diff: https://github.com/sparklemotion/nokogiri/compare/v1.11.1...v1.11.5

Signed-off-by: Takuya Noguchi takninnovationresearch@gmail.com

Edited May 26, 2021 by Takuya Noguchi