GHSA SYNC: 10 brand new advisories

[sudoremo]

Summary

Add 10 brand new security advisories from GitHub Advisory Database.

Advisories Added

Nokogiri (4 advisories)

• GHSA-fq42-c5rg-92c2 - Vulnerable dependencies in Nokogiri
• GHSA-gx8x-g87m-h5q6 - Denial of Service (DoS) in Nokogiri on JRuby (CVSS: 7.5)
• GHSA-v6gp-9mmm-c6p5 - Out-of-bounds Write in zlib affects Nokogiri (CVSS: 7.5)
• GHSA-xxx9-3xcr-gjj3 - XML Injection in Xerces Java affects Nokogiri (CVSS: 6.5)

Other Gems (6 advisories)

• Autolab/CVE-2024-49376 - Autolab Misconfigured Reset Password Permissions (CVSS: 8.8)
• omniauth-saml/GHSA-cvp8-5r8g-fhvq - Improper Verification of Cryptographic Signature (CVSS: 10.0)
• rails/CVE-2024-26143 - Possible XSS Vulnerability in Action Controller (CVSS: 6.1)
• ruby-saml/CVE-2025-66567 - SAML authentication bypass due to namespace handling
• ruby-saml/CVE-2025-66568 - Libxml2 Canonicalization error to bypass Digest/Signature validation
• user_agent_parser/GHSA-pcqq-5962-hvcw - Denial of Service in uap-core when processing crafted User-Agent strings

Changes Made

• Verified and confirmed 'patched_versions' and 'unaffected_versions'
• Filled in 'cvss_v3' scores where available
• Removed GitHub advisory data as per sync manual
• All rspec tests passing (50,988 examples, 0 failures)