Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Nokogiri & Loofah #294

Open
lozette opened this issue Jan 22, 2021 · 1 comment
Open

Update Nokogiri & Loofah #294

lozette opened this issue Jan 22, 2021 · 1 comment

Comments

@lozette
Copy link

lozette commented Jan 22, 2021

Hello,

There are vulnerabilities in Nokogiri GHSA-vr8q-g5c7-m54m and Loofah GHSA-c3gv-9cxf-6f57 which are affecting both ZAS & ZAT. We have forks of both repos which are showing these vulnerabilities.

Are you able to update your gems to address these vulnerabilities? I see you have a dependabot PR for loofah already #290

Thanks!
@robbiepaul
Copy link

Hi,

I've been unable to open a pull request with these changes (I think you have community PRs turned off) but we've fixed the outdated dependencies in our fork and also fixed the broken build status by:

  • Update to Ruby 2.5.8 (required by the new version of Nokogiri)
  • Update Rubocop to 0.52 (this is the first version that supports Ruby 2.5)
  • Add explicit rake dependency (the implicit dependency was lost in the Rubocop update)
  • Fixes a failing test by stripping the whitespace in the style attribute of the SVG (to match behaviour from Loofah)

We'd be grateful if you could open a PR on our behalf or allow us to submit one.

Our fork is: https://github.com/dxw/zendesk_apps_support

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lozette @robbiepaul