Nokogiri severe notice #51002
Replies: 4 comments 1 reply
-
The notice you received is likely related to a security vulnerability found in the Nokogiri library used by your three least-used repos. Specifically, the vulnerability is related to an out-of-bounds write issue in the libxml component of Nokogiri. To address this issue, you should update your Nokogiri library to a version that includes a fix for this vulnerability. You can do this by updating the library in your codebase and redeploying the affected repos. If you are unsure about how to update the library or how to redeploy the affected repos, you may want to consult with a developer or security expert for assistance. |
Beta Was this translation helpful? Give feedback.
-
Expanding on @ersaope answer:Since it is a library that another dev wrote, then you don't really have any control whether it gets an update or not (unless you fork it and maintain it yourself).However, there are tools to automate checking if a library has an update, and updating our projects' dependencies accordinglyOne that I use myself is Github's dependabotAnd the way you set it up is (at least for ruby):
# Basic `dependabot.yml` file with
# minimum configuration for ruby bundler package manager
version: 2
updates:
# Enable version updates for ruby gem
- package-ecosystem: "bundler"
directory: "/"
# Check ruby gems for updates every week
schedule:
interval: "weekly" references: |
Beta Was this translation helpful? Give feedback.
-
🕒 Discussion Activity Reminder 🕒 This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions: 1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as 2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own. 3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution. Note: This dormant notification will only apply to Discussions with the Thank you for helping bring this Discussion to a resolution! 💬 |
Beta Was this translation helpful? Give feedback.
-
Sorry, I have little familiarity with GitHub, so I don't know how to resolve this discussion. I don't know if the problem I described has been solved or not, or whether it needs to be solved. It might even be a bug in GitHub. I have no idea. |
Beta Was this translation helpful? Give feedback.
-
Select Topic Area
Question
Body
I received this notice for three of my least-used repos: "Nokogiri contains libxml Out-of-bounds Write vulnerability" I don't understand this and can find no further explanation as to what I'm supposed to do in response.
Beta Was this translation helpful? Give feedback.
All reactions