Merge pull request #818 from nozaq/fix-cve-2025-27221

Fix CVE-2025-27221
licensee · Mar 4, 2025 · dd71f0f · dd71f0f
2 parents bfb7d96 + ac3c85d
commit dd71f0f
Show file tree

Hide file tree

Showing 10 changed files with 44 additions and 44 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -139,7 +139,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        ruby: [ '3.0', '3.1', '3.2' ]
+        ruby: [ '3.1', '3.2', '3.3', '3.4' ]
     steps:
     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     - name: Set up Ruby

diff --git a/.licenses/bundler/dotenv.dep.yml b/.licenses/bundler/dotenv.dep.yml
@@ -1,6 +1,6 @@
 ---
 name: dotenv
-version: 3.1.4
+version: 3.1.7
 type: bundler
 summary: Loads environment variables from `.env`.
 homepage: https://github.com/bkeepers/dotenv

diff --git a/.licenses/bundler/faraday.dep.yml b/.licenses/bundler/faraday.dep.yml
@@ -1,6 +1,6 @@
 ---
 name: faraday
-version: 2.12.1
+version: 2.12.2
 type: bundler
 summary: HTTP/REST API client library.
 homepage: https://lostisland.github.io/faraday

diff --git a/.licenses/bundler/logger.dep.yml b/.licenses/bundler/logger.dep.yml
@@ -1,6 +1,6 @@
 ---
 name: logger
-version: 1.6.1
+version: 1.6.6
 type: bundler
 summary: Provides a simple logging utility for outputting messages.
 homepage: https://github.com/ruby/logger
@@ -64,4 +64,6 @@ licenses:
        IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
        WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
        PURPOSE.
+- sources: README.md
+  text: The gem is available as open source under the terms of the [BSD-2-Clause](BSDL).
 notices: []
diff --git a/.licenses/bundler/net-http.dep.yml b/.licenses/bundler/net-http.dep.yml
@@ -1,6 +1,6 @@
 ---
 name: net-http
-version: 0.5.0
+version: 0.6.0
 type: bundler
 summary: HTTP client api for Ruby.
 homepage: https://github.com/ruby/net-http

diff --git a/.licenses/bundler/nokogiri.dep.yml b/.licenses/bundler/nokogiri.dep.yml
@@ -1,6 +1,6 @@
 ---
 name: nokogiri
-version: 1.16.7
+version: 1.18.3
 type: bundler
 summary: Nokogiri (鋸) makes it easy and painless to work with XML and HTML from Ruby.
 homepage: https://nokogiri.org
@@ -24,9 +24,9 @@ licenses:
     \"platform release\" of Nokogiri.\n\n<!-- regenerate TOC with `rake format:toc`
     -->\n\n<!-- toc -->\n\n- [Platform Releases](#platform-releases)\n  * [Default
     platform release (\"ruby\")](#default-platform-release-ruby)\n  * [Native LinuxⓇ
-    platform releases (\"x86_64-linux\", \"arm64-linux\", \"aarch64-linux\", and \"arm-linux\")](#native-linux%E2%93%A1-platform-releases-x86_64-linux-arm64-linux-aarch64-linux-and-arm-linux)\n
+    platform releases (\"x86_64-linux\", \"aarch64-linux\", and \"arm-linux\")](#native-linux%E2%93%A1-platform-releases-x86_64-linux-aarch64-linux-and-arm-linux)\n
     \ * [Native Darwin (macOSⓇ) platform releases (\"x86_64-darwin\" and \"arm64-darwin\")](#native-darwin-macos%E2%93%A1-platform-releases-x86_64-darwin-and-arm64-darwin)\n
-    \ * [Native WindowsⓇ platform releases (\"x86-mingw32\" and \"x64-mingw32\")](#native-windows%E2%93%A1-platform-releases-x86-mingw32-and-x64-mingw32)\n
+    \ * [Native WindowsⓇ platform releases (\"x64-mingw-ucrt\")](#native-windows%E2%93%A1-platform-releases-x64-mingw-ucrt)\n
     \ * [JavaⓇ (JRuby) platform release (\"java\")](#java%E2%93%A1-jruby-platform-release-java)\n-
     [Appendix: Dependencies' License Texts](#appendix-dependencies-license-texts)\n
     \ * [libgumbo](#libgumbo)\n  * [libxml2](#libxml2)\n  * [libxslt](#libxslt)\n
@@ -49,27 +49,27 @@ licenses:
     dependencies in source form:\n\n* [libxml2](#libxml2)\n* [libxslt](#libxslt)\n*
     [libgumbo](#libgumbo)\n\nThis distribution can be identified by inspecting the
     included Gem::Specification, which will have the value \"ruby\" for its \"platform\"
-    attribute.\n\n\n### Native LinuxⓇ platform releases (\"x86_64-linux\", \"arm64-linux\",
-    \"aarch64-linux\", and \"arm-linux\")\n\nThe native LinuxⓇ platform release distributes
-    the following dependencies in source form:\n\n* [libxml2](#libxml2)\n* [libxslt](#libxslt)\n*
+    attribute.\n\n\n### Native LinuxⓇ platform releases (\"x86_64-linux\", \"aarch64-linux\",
+    and \"arm-linux\")\n\nThe native LinuxⓇ platform release distributes the following
+    dependencies in source form:\n\n* [libxml2](#libxml2)\n* [libxslt](#libxslt)\n*
     [libgumbo](#libgumbo)\n* [zlib](#zlib)\n\nThis distribution can be identified
     by inspecting the included Gem::Specification, which will have a value similar
-    to \"x86_64-linux\" or \"arm64-linux\" for its \"platform.cpu\" attribute.\n\n\n###
+    to \"x86_64-linux\" or \"aarch64-linux\" for its \"platform.cpu\" attribute.\n\n\n###
     Native Darwin (macOSⓇ) platform releases (\"x86_64-darwin\" and \"arm64-darwin\")\n\nThe
     native Darwin platform release distributes the following dependencies in source
     form:\n\n* [libxml2](#libxml2)\n* [libxslt](#libxslt)\n* [libgumbo](#libgumbo)\n*
     [zlib](#zlib)\n* [libiconv](#libiconv)\n\nThis distribution can be identified
     by inspecting the included Gem::Specification, which will have a value similar
     to \"x86_64-darwin\" or \"arm64-darwin\" for its \"platform.cpu\" attribute. Darwin
     is also known more familiarly as \"OSX\" or \"macOSⓇ\" and is the operating system
-    for many AppleⓇ computers.\n\n\n### Native WindowsⓇ platform releases (\"x86-mingw32\"
-    and \"x64-mingw32\")\n\nThe native WindowsⓇ platform release distributes the following
-    dependencies in source form:\n\n* [libxml2](#libxml2)\n* [libxslt](#libxslt)\n*
-    [libgumbo](#libgumbo)\n* [zlib](#zlib)\n* [libiconv](#libiconv)\n\nThis distribution
-    can be identified by inspecting the included Gem::Specification, which will have
-    a value similar to \"x64-mingw32\" or \"x86-mingw32\" for its \"platform.cpu\"
-    attribute.\n\n\n### JavaⓇ (JRuby) platform release (\"java\")\n\nThe Java platform
-    release distributes the following dependencies as compiled jar files:\n\n* [isorelax:isorelax](#isorelaxisorelax)\n*
+    for many AppleⓇ computers.\n\n\n### Native WindowsⓇ platform releases (\"x64-mingw-ucrt\")\n\nThe
+    native WindowsⓇ platform release distributes the following dependencies in source
+    form:\n\n* [libxml2](#libxml2)\n* [libxslt](#libxslt)\n* [libgumbo](#libgumbo)\n*
+    [zlib](#zlib)\n* [libiconv](#libiconv)\n\nThis distribution can be identified
+    by inspecting the included Gem::Specification, which will have a value similar
+    to \"x64-mingw-ucrt\" for its \"platform.cpu\" attribute.\n\n\n### JavaⓇ (JRuby)
+    platform release (\"java\")\n\nThe Java platform release distributes the following
+    dependencies as compiled jar files:\n\n* [isorelax:isorelax](#isorelaxisorelax)\n*
     [net.sf.saxon:Saxon-HE](#netsfsaxonsaxon-he)\n* [net.sourceforge.htmlunit:neko-htmlunit](#netsourceforgehtmlunitneko-htmlunit)\n*
     [nu.validator:jing](#nuvalidatorjing)\n* [org.nokogiri:nekodtd](#orgnokogirinekodtd)\n*
     [xalan:serializer and xalan:xalan](#xalanserializer-and-xalanxalan)\n* [xerces:xercesImpl](#xercesxercesimpl)\n*

diff --git a/.licenses/bundler/rugged.dep.yml b/.licenses/bundler/rugged.dep.yml
@@ -1,6 +1,6 @@
 ---
 name: rugged
-version: 1.7.2
+version: 1.9.0
 type: bundler
 summary: Rugged is a Ruby binding to the libgit2 linkable library
 homepage: https://github.com/libgit2/rugged

diff --git a/.licenses/bundler/uri.dep.yml b/.licenses/bundler/uri.dep.yml
@@ -1,6 +1,6 @@
 ---
 name: uri
-version: 1.0.2
+version: 1.0.3
 type: bundler
 summary: URI is a module providing classes to handle Uniform Resource Identifiers
 homepage: https://github.com/ruby/uri

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -15,19 +15,18 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (7.1.5.1)
+    activesupport (7.2.2.1)
       base64
       benchmark (>= 0.3)
       bigdecimal
-      concurrent-ruby (~> 1.0, >= 1.0.2)
+      concurrent-ruby (~> 1.0, >= 1.3.1)
       connection_pool (>= 2.2.5)
       drb
       i18n (>= 1.6, < 2)
       logger (>= 1.4.2)
       minitest (>= 5.1)
-      mutex_m
       securerandom (>= 0.3)
-      tzinfo (~> 2.0)
+      tzinfo (~> 2.0, >= 2.0.5)
     addressable (2.8.7)
       public_suffix (>= 2.0.2, < 7.0)
     ast (2.4.2)
@@ -38,9 +37,9 @@ GEM
     concurrent-ruby (1.3.5)
     connection_pool (2.5.0)
     csv (3.3.2)
-    dotenv (3.1.4)
+    dotenv (3.1.7)
     drb (2.2.1)
-    faraday (2.12.1)
+    faraday (2.12.2)
       faraday-net_http (>= 2.0, < 3.5)
       json
       logger
@@ -57,17 +56,16 @@ GEM
       rugged (>= 0.24, < 2.0)
       thor (>= 0.19, < 2.0)
     lint_roller (1.1.0)
-    logger (1.6.1)
+    logger (1.6.6)
     mini_portile2 (2.8.8)
     minitest (5.25.4)
     minitest-hooks (1.5.2)
       minitest (> 5.3)
     mocha (2.7.1)
       ruby2_keywords (>= 0.0.5)
-    mutex_m (0.3.0)
-    net-http (0.5.0)
+    net-http (0.6.0)
       uri
-    nokogiri (1.16.7)
+    nokogiri (1.18.3)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
     octokit (9.2.0)
@@ -80,13 +78,13 @@ GEM
     pathname-common_prefix (0.0.2)
     public_suffix (6.0.1)
     racc (1.8.1)
-    rack (3.1.10)
+    rack (3.1.11)
     rainbow (3.1.1)
     rake (13.2.1)
     regexp_parser (2.10.0)
     reverse_markdown (3.0.0)
       nokogiri
-    rubocop (1.72.2)
+    rubocop (1.73.2)
       json (~> 2.3)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.1.0)
@@ -97,17 +95,17 @@ GEM
       rubocop-ast (>= 1.38.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 4.0)
-    rubocop-ast (1.38.0)
+    rubocop-ast (1.38.1)
       parser (>= 3.3.1.0)
-    rubocop-github (0.22.0)
-      rubocop (>= 1.37)
-      rubocop-performance (>= 1.15)
-      rubocop-rails (>= 2.17)
+    rubocop-github (0.23.0)
+      rubocop (>= 1.72)
+      rubocop-performance (>= 1.24)
+      rubocop-rails (>= 2.23)
     rubocop-performance (1.24.0)
       lint_roller (~> 1.1)
       rubocop (>= 1.72.1, < 2.0)
       rubocop-ast (>= 1.38.0, < 2.0)
-    rubocop-rails (2.30.2)
+    rubocop-rails (2.30.3)
       activesupport (>= 4.2.0)
       lint_roller (~> 1.1)
       rack (>= 1.1)
@@ -116,19 +114,19 @@ GEM
     ruby-progressbar (1.13.0)
     ruby-xxHash (0.4.0.2)
     ruby2_keywords (0.0.5)
-    rugged (1.7.2)
+    rugged (1.9.0)
     sawyer (0.9.2)
       addressable (>= 2.3.5)
       faraday (>= 0.17.3, < 3)
-    securerandom (0.3.2)
+    securerandom (0.4.1)
     thor (1.3.2)
     tomlrb (2.0.3)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     unicode-display_width (3.1.4)
       unicode-emoji (~> 4.0, >= 4.0.4)
     unicode-emoji (4.0.4)
-    uri (1.0.2)
+    uri (1.0.3)
 
 PLATFORMS
   ruby

diff --git a/licensed.gemspec b/licensed.gemspec
@@ -21,7 +21,7 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.required_ruby_version = ">= 3.0.0"
+  spec.required_ruby_version = ">= 3.1.0"
 
   spec.add_dependency "csv", "~> 3.3"
   spec.add_dependency "licensee", "~> 9.16"