request to upgrade jruby

[masonlu2014]

Name and Version

bitnami/logstash/7/debian-12

What architecture are you using?

amd64

What steps will reproduce the bug?

/opt/bitnami/logstash/vendor/jruby/bin/jruby -J-Xmx1024M -S gem install nokogiri -v 1.13.6

I am plant to using above cmd to upgrade nokogiri in the docker file to address vuln, however it will be requeire jruby=2.6.0
and this image jruby version is 2.5.8

ERROR:  Error installing nokogiri:
	There are no versions of nokogiri (= 1.13.6) compatible with your Ruby & RubyGems. Maybe try installing an older version of the gem you're looking for?
	nokogiri requires Ruby version >= 2.6.0. The current ruby version is 2.5.8.0.
Error: building at STEP "RUN /opt/bitnami/logstash/vendor/jruby/bin/jruby -S gem install public_suffix -v 4.0.7 && /opt/bitnami/logstash/vendor/jruby/bin/jruby -S gem install git -v 1.14.0 && /opt/bitnami/logstash/vendor/jruby/bin/jruby -S gem install nokogiri -v 1.13.6 && /opt/bitnami/logstash/vendor/jruby/bin/jruby -S gem install rdoc -v 6.4.0 && /opt/bitnami/logstash/vendor/jruby/bin/jruby -S gem install sinatra -v 2.2.4": while running runtime: exit status 1

What is the expected behavior?

need help to upgrade jruby to 2.6.0

What do you see instead?

this is to fix the vuln issue for the nokogiri in the image

vulnerabilities	package	HIGH Vulnerability found in non-os package type (gem) - /opt/bitnami/logstash/vendor/bundle/jruby/2.5.0/specifications/nokogiri-1.12.5-java.gemspec (fixed in: 1.13.5)(GHSA-cgx6-hpwq-fhv5 - GHSA-cgx6-hpwq-fhv5)	warn
vulnerabilities	package	HIGH Vulnerability found in non-os package type (gem) - /opt/bitnami/logstash/vendor/bundle/jruby/2.5.0/specifications/nokogiri-1.12.5-java.gemspec (fixed in: 1.13.4)(GHSA-v6gp-9mmm-c6p5 - GHSA-v6gp-9mmm-c6p5)
vulnerabilities	package	HIGH Vulnerability found in non-os package type (gem) - /opt/bitnami/logstash/vendor/bundle/jruby/2.5.0/specifications/nokogiri-1.12.5-java.gemspec (fixed in: 1.13.6)(GHSA-xh29-r2w5-wx8m - GHSA-xh29-r2w5-wx8m)

[carrodher]

We are using the jruby binary bundled by logstash itself. For this kind of use case, we highly recommend that you refer to the forums and user guides provided by the project responsible for the application or technology.

[masonlu2014]

got it, thanks for reply

[github-actions]

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

[github-actions]

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.