i’ve received email from github with security alerts for two of my repos that user
fastpages. As install was done automatically i am not sure how to handle that remediation action, possibly other users are in the same situation… any help will be appreciated. thanks!
1 nokogiri vulnerability found in Gemfile.lock 11 hours ago
Upgrade nokogiri to version 1.10.8 or later. For example:
gem “nokogiri”, “>= 1.10.8”
Always verify the validity and compatibility of suggestions with your codebase.
Vulnerable versions: < 1.10.8
Patched version: 1.10.8
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
The Nokogiri RubyGem has patched it’s vendored copy of libxml2 in order to prevent this issue from affecting nokogiri.