fix(deps): bump nokogiri to 1.19.2 and activesupport to 7.2.3.1

zkoppert · Copilot · zkoppert · commit 3ff1a26dcfad · 2026-03-31T12:41:23.000-07:00
Update security-impacted dependencies: - nokogiri: >= 1.19.1 → >= 1.19.2 (fixes libxml2 CVEs including CVE-2025-30206, CVE-2025-6021, CVE-2025-6170) - activesupport: ~> 7.1.5 → ~> 7.2.3 (resolves Dependabot alert #57) Updates both the gemspec constraints and Gemfile, along with the resolved Gemfile.lock. Closes: github/vuln-mgmt#192367 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
diff --git a/Gemfile b/Gemfile
@@ -15,4 +15,4 @@ gem "twitter-text", "~> 1.14"
 gem "asciidoctor", "~> 2.0.26"
 gem "rake"
 gem "rexml"
-gem "nokogiri", ">= 1.19.1"
+gem "nokogiri", ">= 1.19.2"
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -15,32 +15,31 @@ GEM
   remote: https://rubygems.org/
   specs:
     RedCloth (4.3.4)
-    activesupport (7.1.5.1)
+    activesupport (7.2.3.1)
       base64
       benchmark (>= 0.3)
       bigdecimal
-      concurrent-ruby (~> 1.0, >= 1.0.2)
+      concurrent-ruby (~> 1.0, >= 1.3.1)
       connection_pool (>= 2.2.5)
       drb
       i18n (>= 1.6, < 2)
       logger (>= 1.4.2)
-      minitest (>= 5.1)
-      mutex_m
+      minitest (>= 5.1, < 6)
       securerandom (>= 0.3)
-      tzinfo (~> 2.0)
+      tzinfo (~> 2.0, >= 2.0.5)
     asciidoctor (2.0.26)
-    base64 (0.2.0)
-    benchmark (0.4.0)
-    bigdecimal (3.1.9)
+    base64 (0.3.0)
+    benchmark (0.5.0)
+    bigdecimal (4.1.0)
     builder (3.3.0)
     cgi (0.5.1)
     charlock_holmes (0.7.9)
-    concurrent-ruby (1.3.5)
-    connection_pool (2.5.0)
+    concurrent-ruby (1.3.6)
+    connection_pool (3.0.2)
     crass (1.0.6)
     creole (0.5.0)
     date (3.4.1)
-    drb (2.2.1)
+    drb (2.2.3)
     expression_parser (0.9.0)
     github-linguist (9.3.0)
       cgi
@@ -51,25 +50,24 @@ GEM
       activesupport (>= 2)
       nokogiri (~> 1.4)
     htmlentities (4.3.4)
-    i18n (1.14.7)
+    i18n (1.14.8)
       concurrent-ruby (~> 1.0)
     logger (1.7.0)
     mini_mime (1.1.5)
     mini_portile2 (2.8.9)
-    minitest (5.25.5)
-    mutex_m (0.3.0)
-    nokogiri (1.19.1)
+    minitest (5.27.0)
+    nokogiri (1.19.2)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
-    nokogiri (1.19.1-aarch64-linux-gnu)
+    nokogiri (1.19.2-aarch64-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.19.1-arm-linux-gnu)
+    nokogiri (1.19.2-arm-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.19.1-arm64-darwin)
+    nokogiri (1.19.2-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.19.1-x86_64-darwin)
+    nokogiri (1.19.2-x86_64-darwin)
       racc (~> 1.4)
-    nokogiri (1.19.1-x86_64-linux-gnu)
+    nokogiri (1.19.2-x86_64-linux-gnu)
       racc (~> 1.4)
     nokogiri-diff (0.3.0)
       nokogiri (~> 1.5)
@@ -92,7 +90,7 @@ GEM
     sanitize (6.1.3)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
-    securerandom (0.3.2)
+    securerandom (0.4.1)
     stringio (3.1.6)
     tdiff (0.4.0)
     twitter-text (1.14.7)
@@ -119,7 +117,7 @@ PLATFORMS
 
 DEPENDENCIES
   RedCloth
-  activesupport (~> 7.1.5)
+  activesupport (~> 7.2.3)
   asciidoctor (~> 2.0.26)
   commonmarker!
   creole (~> 0.5.0)
@@ -128,7 +126,7 @@ DEPENDENCIES
   html-pipeline (~> 1.0)
   kramdown
   minitest (~> 5.4, >= 5.4.3)
-  nokogiri (>= 1.19.1)
+  nokogiri (>= 1.19.2)
   nokogiri-diff (~> 0.3.0)
   org-ruby (= 0.9.12)
   rake
diff --git a/github-markup.gemspec b/github-markup.gemspec
@@ -21,11 +21,11 @@ Gem::Specification.new do |s|
   s.require_paths = %w[lib]
 
   s.add_development_dependency 'rake', '~> 13'
-  s.add_development_dependency 'activesupport', '~> 7.1.5'
+  s.add_development_dependency 'activesupport', '~> 7.2.3'
   s.add_development_dependency 'minitest', '~> 5.4', '>= 5.4.3'
   s.add_development_dependency 'html-pipeline', '~> 1.0'
   s.add_development_dependency 'sanitize', '>= 4.6.3'
-  s.add_development_dependency 'nokogiri', '~> 1.18.4'
+  s.add_development_dependency 'nokogiri', '>= 1.19.2'
   s.add_development_dependency 'nokogiri-diff', '~> 0.3.0'
   s.add_development_dependency "github-linguist", ">= 7.1.3"
 end
