Skip to content
This repository has been archived by the owner on Aug 27, 2019. It is now read-only.

bundle update #12

Merged
merged 1 commit into from
Aug 17, 2019
Merged

bundle update #12

merged 1 commit into from
Aug 17, 2019

Conversation

touhouota
Copy link
Owner

  • nokogiri
    • CHANGELOG

      • Security

        Address CVE-2019-5477 (#1915)

        • A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being passed untrusted user input.

        • This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

        • This CVE's public notice is CVE-2019-5477 - Nokogiri Command Injection Vulnerability sparklemotion/nokogiri#1915

    • Compare URL

  • rubocop-rails
    • CHANGELOG

      New features

      Bug fixes

      • #53: Fix a false positive for Rails/SaveBang when implicitly return using finder method and creation method connected by ||. ([@koic][])
      • #97: Fix two false negatives for Rails/EnumUniqueness. 1. When enum name is not a literal. 2. When enum has multiple definitions. ([@santib][])

      Changes

@touhouota touhouota merged commit b0bf1e0 into develop Aug 17, 2019
@touhouota touhouota deleted the bundle_update branch August 17, 2019 07:55
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant