Merge pull request #747 from github/upgrade-nokogiri

Upgrade nokogiri to 1.16.5 to address CVE-2024-34459
licensee · Oct 4, 2024 · 3235541 · 3235541
2 parents 1fb7b24 + 543c491
commit 3235541
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 4 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -138,7 +138,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        ruby: [ '2.7', '3.0', '3.1', '3.2' ]
+        ruby: [ '3.0', '3.1', '3.2' ]
     steps:
     - uses: actions/checkout@v4
     - name: Set up Ruby

diff --git a/.licenses/bundler/nokogiri.dep.yml b/.licenses/bundler/nokogiri.dep.yml
@@ -1,6 +1,6 @@
 ---
 name: nokogiri
-version: 1.15.6
+version: 1.16.5
 type: bundler
 summary: Nokogiri (鋸) makes it easy and painless to work with XML and HTML from Ruby.
 homepage: https://nokogiri.org

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+### Breaking change
+
+- Only supports Ruby 3.0+ due to nokogiri upgrade
+
 ### Changed
 
 - Ensure homepage string is not too long in cabal.rb to avoid DOS attack

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -54,7 +54,7 @@ GEM
     mocha (2.4.5)
       ruby2_keywords (>= 0.0.5)
     mutex_m (0.2.0)
-    nokogiri (1.15.6)
+    nokogiri (1.16.5)
       mini_portile2 (~> 2.8.0)
       racc (~> 1.4)
     octokit (6.1.0)

diff --git a/licensed.gemspec b/licensed.gemspec
@@ -21,7 +21,7 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.required_ruby_version = ">= 2.7.0"
+  spec.required_ruby_version = ">= 3.0.0"
 
   spec.add_dependency "licensee", "~> 9.16"
   spec.add_dependency "thor", "~> 1.2"