Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible to relax nokogiri dependency? #59

Closed
thebenedict opened this issue Mar 23, 2017 · 3 comments
Closed

Possible to relax nokogiri dependency? #59

thebenedict opened this issue Mar 23, 2017 · 3 comments
Assignees
@jamesmartin
Labels
enhancement
Milestone
0.12.1

Comments

@thebenedict
Copy link

Hi there,

Would you consider allowing nokogiri >= 1.6.0 instead of ~> 1.6.0? Nokogiri was updated to 1.7 because of CVE-2016-4658.

Thank you,
--Michael
@jamesmartin
Copy link
Owner

@thebenedict thanks for suggestion. I think it's reasonable to relax this requirement and allow users to use the version of Nokogiri patched against that CVE. I'll make a new release now.

@jamesmartin jamesmartin added this to the 0.12.1 milestone Mar 23, 2017
@jamesmartin jamesmartin self-assigned this Mar 23, 2017
@thebenedict
Copy link
Author

Much appreciated, and thank you for the quick reply.

@jamesmartin
Copy link
Owner

Fixed in v0.12.1.

@thebenedict thanks again for the suggestion. 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jamesmartin jamesmartin

Labels
enhancement
Projects
None yet
Milestone
0.12.1
Development

No branches or pull requests
2 participants
@jamesmartin @thebenedict