From e59b39b7ed53a2b476e89f11a20dc2a50b7e82d5 Mon Sep 17 00:00:00 2001
From: f <f@sutty.nl>
Date: Wed, 29 Jun 2022 18:23:25 -0300
Subject: [PATCH] nokogiri
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Name: nokogiri
Version: 1.12.5
CVE: CVE-2021-30560
GHSA: GHSA-fq42-c5rg-92c2
Criticality: High
URL:
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2
Title: Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 →
1.1.35)
Solution: upgrade to >= 1.13.2

Name: nokogiri
Version: 1.12.5
CVE: CVE-2022-24836
GHSA: GHSA-crjr-9rc5-ghw8
Criticality: High
URL:
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
Title: Inefficient Regular Expression Complexity in Nokogiri
Solution: upgrade to >= 1.13.4

Name: nokogiri
Version: 1.12.5
CVE: CVE-2022-24839
GHSA: GHSA-gx8x-g87m-h5q6
Criticality: High
URL:
https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
Title: Denial of Service (DoS) in Nokogiri on JRuby
Solution: upgrade to >= 1.13.4

Name: nokogiri
Version: 1.12.5
CVE: CVE-2018-25032
GHSA: GHSA-v6gp-9mmm-c6p5
Criticality: High
URL:
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
Title: Out-of-bounds Write in zlib affects Nokogiri
Solution: upgrade to >= 1.13.4

Name: nokogiri
Version: 1.12.5
CVE: CVE-2022-23437
GHSA: GHSA-xxx9-3xcr-gjj3
Criticality: Medium
URL:
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3
Title: XML Injection in Xerces Java affects Nokogiri
Solution: upgrade to >= 1.13.4

Name: nokogiri
Version: 1.12.5
CVE: CVE-2022-29181
GHSA: GHSA-xh29-r2w5-wx8m
Criticality: High
URL:
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
Title: Improper Handling of Unexpected Data Type in Nokogiri
Solution: upgrade to >= 1.13.6

Name: nokogiri
Version: 1.12.5
GHSA: GHSA-cgx6-hpwq-fhv5
Criticality: High
URL:
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5
Title: Integer Overflow or Wraparound in libxml2 affects Nokogiri
Solution: upgrade to >= 1.13.5
---
 Gemfile.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 6a62710a..f9f1c1ab 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -368,7 +368,7 @@ GEM
     mini_histogram (0.3.1)
     mini_magick (4.11.0)
     mini_mime (1.1.2)
-    mini_portile2 (2.6.1)
+    mini_portile2 (2.8.0)
     minima (2.5.1)
       jekyll (>= 3.5, < 5.0)
       jekyll-feed (~> 0.9)
@@ -381,8 +381,8 @@ GEM
     net-ssh (6.1.0)
     netaddr (2.0.5)
     nio4r (2.5.8-x86_64-linux-musl)
-    nokogiri (1.12.5-x86_64-linux-musl)
-      mini_portile2 (~> 2.6.1)
+    nokogiri (1.13.6-x86_64-linux-musl)
+      mini_portile2 (~> 2.8.0)
       racc (~> 1.4)
     orm_adapter (0.5.0)
     parallel (1.21.0)