Update the nokogiri dependency?

Question

Update the nokogiri dependency?

abartov opened this issue 5 years ago · 2 comments

Hi!

There's a security vulnerability in nokogiri fixed in version 1.10.4. This gem requires ~>1.8, holding back upgrades of nokogiri. Could you release a version requiring the newer nokogiri, or just >1.8 open-endedly? Thanks!

Answer 1 · 2019-12-02T12:48:49.000Z

Hi @abartov, the specification ~> 1.8 already allows 1.10.4, since it specifies the minor version number must be 8 or heigher.

Answer 2 · 2019-12-30T16:11:51.000Z

Updated the dependency 👍
4628bbd