Update Nokogiri to v1.12.5 (!77631) · Merge requests · GitLab.org / GitLab

Stan Hu requested to merge sh-update-nokogiri into master Jan 06, 2022

What does this MR do and why?

This addresses a CVE that is only relevant to JRuby users (https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md#1125--2021-09-27), but this gem is still flagged by security scanners.

Full diff: https://my.diffend.io/gems/nokogiri/1.11.4/1.12.5

Some other dependency updates:

ruby-magic https://my.diffend.io/gems/ruby-magic/0.4.0/0.5.3
racc diff: https://my.diffend.io/gems/racc/1.5.2/1.6.0
mini_portile2: https://my.diffend.io/gems/mini_portile2/2.5.0/2.6.1

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Jan 06, 2022 by Stan Hu

Update Nokogiri to v1.12.5

What does this MR do and why?

MR acceptance checklist

Merge request reports