From 0a194dcbf93bff4f2fa3c481779e5c4614691ab7 Mon Sep 17 00:00:00 2001 From: Ian Maia Date: Wed, 1 Jul 2026 14:41:26 +0200 Subject: [PATCH] Update vulnerable Ruby gems --- CHANGELOG.md | 2 +- Gemfile | 6 ++++-- Gemfile.lock | 8 ++++---- fastlane-plugin-wpmreleasetoolkit.gemspec | 2 +- 4 files changed, 10 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4ff7765bc..9d77356cd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,7 +14,7 @@ _None_ ### Bug Fixes -_None_ +- Bump `faraday` and `nokogiri` to address security vulnerabilities. [#749] ### Internal Changes diff --git a/Gemfile b/Gemfile index b38013f18..426cb96e8 100644 --- a/Gemfile +++ b/Gemfile @@ -10,6 +10,8 @@ gem 'danger-dangermattic', '~> 1.0' gem 'webmock', require: false gem 'yard' -# Security: https://github.com/lostisland/faraday/pull/1665 +# Security: +# - https://github.com/lostisland/faraday/pull/1665 +# - https://github.com/lostisland/faraday/pull/1681 # Faraday 2.0 is not compatible with Fastlane -gem 'faraday', '~> 1.10', '>= 1.10.5' +gem 'faraday', '~> 1.10', '>= 1.10.6' diff --git a/Gemfile.lock b/Gemfile.lock index 220b537c6..9b37967ee 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -11,7 +11,7 @@ PATH git (~> 1.3) google-cloud-storage (~> 1.31) java-properties (~> 0.3.0) - nokogiri (~> 1.19, >= 1.19.3) + nokogiri (~> 1.19, >= 1.19.4) octokit (~> 6.1) parallel (~> 1.14) plist (~> 3.1) @@ -127,7 +127,7 @@ GEM emoji_regex (3.2.3) erubi (1.13.1) excon (0.112.0) - faraday (1.10.5) + faraday (1.10.6) faraday-em_http (~> 1.0) faraday-em_synchrony (~> 1.0) faraday-excon (~> 1.1) @@ -298,7 +298,7 @@ GEM nap (1.1.0) naturally (2.3.0) nkf (0.2.0) - nokogiri (1.19.3) + nokogiri (1.19.4) mini_portile2 (~> 2.8.2) racc (~> 1.4) observer (0.1.2) @@ -439,7 +439,7 @@ DEPENDENCIES bundler (~> 2.0) codecov danger-dangermattic (~> 1.0) - faraday (~> 1.10, >= 1.10.5) + faraday (~> 1.10, >= 1.10.6) fastlane (~> 2.210) fastlane-plugin-wpmreleasetoolkit! pry (~> 0.12.2) diff --git a/fastlane-plugin-wpmreleasetoolkit.gemspec b/fastlane-plugin-wpmreleasetoolkit.gemspec index a0adb7a6a..e64ef38f7 100644 --- a/fastlane-plugin-wpmreleasetoolkit.gemspec +++ b/fastlane-plugin-wpmreleasetoolkit.gemspec @@ -34,7 +34,7 @@ Gem::Specification.new do |spec| spec.add_dependency 'gettext', '~> 3.5' spec.add_dependency 'git', '~> 1.3' spec.add_dependency 'java-properties', '~> 0.3.0' - spec.add_dependency 'nokogiri', '~> 1.19', '>= 1.19.3' + spec.add_dependency 'nokogiri', '~> 1.19', '>= 1.19.4' spec.add_dependency 'octokit', '~> 6.1' spec.add_dependency 'parallel', '~> 1.14' spec.add_dependency 'plist', '~> 3.1'