Hello,
I'm using slather (latest released version) and noticed that it pulls in nokogiri 1.18.6 in my environment. That nokogiri version is affected by the advisory GHSA-353f-x4gh-cqq8
$ bundle info nokogiri
Would it be possible to update this dependency on the fixed 1.18.9 version on your side?
Thanks a lot, have a great day.
Hello,
I'm using slather (latest released version) and noticed that it pulls in nokogiri 1.18.6 in my environment. That nokogiri version is affected by the advisory GHSA-353f-x4gh-cqq8
$ bundle info nokogiri
Summary: Nokogiri (鋸) makes it easy and painless to work with XML and HTML from Ruby.
Homepage: https://nokogiri.org
Documentation: https://nokogiri.org/rdoc/index.html
Source Code: https://github.com/sparklemotion/nokogiri
Changelog: https://nokogiri.org/CHANGELOG.html
Bug Tracker: https://github.com/sparklemotion/nokogiri/issues
Path: [REDACTED]/lib/ruby/gems/3.4.0/gems/nokogiri-1.18.6-arm64-darwin
Reverse Dependencies:
slather (2.8.5) depends on nokogiri (>= 1.14.3)
Would it be possible to update this dependency on the fixed 1.18.9 version on your side?
Thanks a lot, have a great day.