Update 2 files
closes #284 (closed)
The actual advisory for nokogiri lives at https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/gem/nokogiri/GMS-2023-1115.yml
It hasn't been assigned a CVE, only a GitHub advisory.
It was created to reflect these CVEs associated with its libxml2
dependency:
CVE-2023-29469: Hashing of empty dict strings isn't deterministic CVE-2023-28484: Fix null deref in xmlSchemaFixupComplexType
keep
The actual advisory for nokogiri lives at https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/gem/nokogiri/GMS-2023-1115.yml
should be invalidated
https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/gem/nokogiri/CVE-2023-28484.yml
should be invalidated
https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/gem/nokogiri/CVE-2023-29469.yml