Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update nokogiri #3910

Merged
merged 2 commits into from
Sep 27, 2017
Merged

Update nokogiri #3910

merged 2 commits into from
Sep 27, 2017

Conversation

Ana06
Copy link
Member

@Ana06 Ana06 commented Sep 27, 2017

There is a security issue with libxml2 which is used by nokogiri. (CVE-2017-0663).

Supersedes #3902 In this Pr the Rubocop fix is added. :bowtie:

@evanrolfe
[webui][api] Update nokogiri gem.
db66bde 
There is a security issue with libxml2 which is used by nokogiri.
(CVE-2017-0663).
@Ana06 Ana06 added 2.8 Frontend Things related to the OBS RoR app labels Sep 27, 2017
@Ana06 Ana06 requested review from evanrolfe and bgeuken September 27, 2017 07:21
@Ana06 Ana06 mentioned this pull request Sep 27, 2017
Closed
eduardoj
eduardoj requested changes Sep 27, 2017
View reviewed changes
src/api/test/unit/schema_test.rb Outdated
@@ -19,7 +19,6 @@ class SchemaTest < ActiveSupport::TestCase
if io
testresult = io.read
io.close
# rubocop:disable Style/NumericPredicate
assert $? == 0, "#{testfile} does not validate against #{f} -> #{testresult}"
# rubocop:enable Style/NumericPredicate
end
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This rubocop:enable line can also be deleted.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this was automatically corrected by rubocop, but yes 👍

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I sent an issue to Rubocop regarding this 😉

DavidKang
DavidKang suggested changes Sep 27, 2017
View reviewed changes
Copy link
Contributor

@DavidKang DavidKang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add the respective tag in the last commit.

@DavidKang
Copy link
Contributor

Apart from my comment, LGTM

@Ana06
[ci] Fix Rubocop
881dd89 
We need to set the Ruby target version in Rubocop to 2.4 due to a bug
in the parser that makes our test suite fail. Changing the Ruby version
introduced new offenses that had been automatically added to the todo
file. After that, a `Lint/UnneededDisable` offense appeared, due to
having added that file to the todo file. It was automatically
corrected.
@Ana06
Copy link
Member Author

Ana06 commented Sep 27, 2017

@eduardoj @DavidKang please re-review it!

evanrolfe
evanrolfe approved these changes Sep 27, 2017
View reviewed changes
Copy link

@evanrolfe evanrolfe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, Thanks!!!

@Ana06 Ana06 merged commit 71c7f13 into openSUSE:2.8 Sep 27, 2017
@coolo
Copy link
Member

coolo commented Sep 27, 2017

note that there is no security problem fixed by this as our nokogiri gem does not bundle libxml but uses the system's libxml and the fix for that cve is out since july

@Ana06 Ana06 deleted the update_nokogiri branch October 6, 2018 09:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DavidKang DavidKang DavidKang approved these changes

@bgeuken bgeuken bgeuken approved these changes

@eduardoj eduardoj eduardoj approved these changes

@evanrolfe evanrolfe evanrolfe approved these changes

Assignees
No one assigned
Labels
Frontend Things related to the OBS RoR app
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@Ana06 @DavidKang @coolo @evanrolfe @eduardoj @bgeuken