Fix CVE-2025-27221#818
Conversation
|
Ruby 3.0 was removed from the CI test matrix alongside the required_ruby_version update. It appears that core (3.0) must also be removed from the required status checks for this PR to be merged. I can update the status check settings myself, but I’d like to have this PR reviewed first 😉 |
MikeMcQuaid
left a comment
There was a problem hiding this comment.
Thanks @nozaq! Feel free to update the CI configuration. I don't feel strongly about whether this needs a major release or not; if we think it does it may be worth considering if there's any other functionality we want/need to remove before doing that.
|
@MikeMcQuaid Thank you! I've just updated the required status checks: I removed I also don't have a strong opinion on whether we should make this a major release, so simply including it in the next minor release should be sufficient.
Regardless of this PR, I agree that summarizing what to include in the next major release is a great idea. Even if it won’t happen immediately, creating a milestone and linking issues would be a good place to start? |
Works for me, great idea! |
|
Just created a milestone and link some existing issues to it: https://github.com/licensee/licensed/milestone/1 Please feel free to add issues🙂
|
Note
This PR requires a major release sinceMaybe not 😁required_ruby_versionhas been updated.This PR updates
nokogirito version 1.18.3 to address CVE-2025-27221.As
nokogiriv1.18.3 no longer supports Ruby 3.0.x, the minimum required Ruby version has been upgraded to 3.1.0.Additionally, Ruby 3.3 and 3.4 have been added to the CI test matrix.