Merge pull request #4095 from envato/nokogiri

grosser · web-flow · commit 6e48b681ace9 · 2024-02-12T15:09:20.000-06:00
Bump nokogiri from 1.15.5 to 1.16.2
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -464,16 +464,16 @@ GEM
     netrc (0.11.0)
     newrelic_rpm (6.15.0)
     nio4r (2.7.0)
-    nokogiri (1.15.5)
+    nokogiri (1.16.2)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
-    nokogiri (1.15.5-aarch64-linux)
+    nokogiri (1.16.2-aarch64-linux)
       racc (~> 1.4)
-    nokogiri (1.15.5-arm64-darwin)
+    nokogiri (1.16.2-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.15.5-x86_64-darwin)
+    nokogiri (1.16.2-x86_64-darwin)
       racc (~> 1.4)
-    nokogiri (1.15.5-x86_64-linux)
+    nokogiri (1.16.2-x86_64-linux)
       racc (~> 1.4)
     oauth2 (2.0.9)
       faraday (>= 0.17.3, < 3.0)
diff --git a/Rakefile b/Rakefile
@@ -60,12 +60,7 @@ end
 
 desc 'Scan for gem vulnerabilities'
 task :bundle_audit do
-  # TODO: remove CVE-2015-9284 once https://github.com/omniauth/omniauth/pull/809 is resolved
-  # TODO: remove CVE-2022-0759 once local development works on newer version
-  # TODO: remove GHSA-hjp3-5g2q-7jww will need ruby 3.0
-  # TODO: remove GHSA-xc9x-jj77-9p9j will need ruby 3.0
-  sh "bundle-audit check --update " \
-     "--ignore CVE-2015-9284 CVE-2022-0759 GHSA-hjp3-5g2q-7jww CVE-2023-34246 GHSA-xc9x-jj77-9p9j"
+  sh "bundle-audit check --update"
 end
 
 desc "Run rubocop"
