Bundle update & drop ruby 2.4 (!84) · Merge requests · schleuder / schleuder-web

Nina requested to merge nina/bundle-update into master Jan 11, 2021

The upgrade of nokogiri fixes the following issue:

Name: nokogiri
Version: 1.10.10
Advisory: CVE-2020-26247
Criticality: Low
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
Title: Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
Solution: upgrade to >= 1.11.0.rc4

The current nokogiri version requires a ruby version > 2.4. Since ruby 2.4 has reached its eol on 2020-03-31, I suggest that we drop the support.

Edited Jan 11, 2021 by Nina

Bundle update & drop ruby 2.4

Merge request reports