From d298f755eae6d179daba6067456987905f5c8008 Mon Sep 17 00:00:00 2001
From: Olivier Halligon <olivier.halligon@automattic.com>
Date: Mon, 23 Feb 2026 19:33:38 +0100
Subject: [PATCH 1/2] Update nokogiri to fix CWE-252

Closes https://github.com/wordpress-mobile/release-toolkit/security/dependabot/47
---
 Gemfile.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 131f00e5f..e18727b7b 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -337,7 +337,7 @@ GEM
     naturally (2.2.1)
     netrc (0.11.0)
     nkf (0.2.0)
-    nokogiri (1.18.9)
+    nokogiri (1.19.1)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
     observer (0.1.2)

From ea397736b36f8e817663df0a91adccac0b620b00 Mon Sep 17 00:00:00 2001
From: Olivier Halligon <olivier.halligon@automattic.com>
Date: Mon, 23 Feb 2026 19:35:35 +0100
Subject: [PATCH 2/2] Add CHANGELOG entry

---
 CHANGELOG.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f7e88e62b..f7bda92d9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,7 +18,8 @@ _None_
 
 ### Internal Changes
 
-- Bumped `faraday` to address security vulnerability [#689]
+- Bumped `faraday` to address security vulnerability. [#689]
+- Bumped `nokogiri` to address security vulnerability. [#693]
 
 ## 14.0.0