Update nokogiri to 1.8.5 ~ CVE-2018-14404

[nickshatilo]

The current version of nokogiri (1.5) is vulnerable for CVE-2018-14404 and CVE-2018-14567.
A solution for that is update the nokogiri version to 1.8.5 where this fix was already implemented.

References:
sparklemotion/nokogiri#1785
https://rubysec.com/advisories/nokogiri-CVE-2018-14404

UPD: Ruby with versions 2.1 and 2.2 are not supported by bundle version 2+, so I specified the exact version in the travis.ci for the build to be working. Also, gem update --system seems not be needed anymore for ruby version 2.5.0.

cc @Mange

[codecov-io]

Codecov Report

Merging #161 into master will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master     #161   +/-   ##
=======================================
  Coverage   97.96%   97.96%           
=======================================
  Files          57       57           
  Lines        1963     1963           
=======================================
  Hits         1923     1923           
  Misses         40       40

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 326c5e9...63961b1. Read the comment docs.

[Mange]

This shouldn't be needed as I specify that all 1.x versions after and including 1.5.0 are allowed. It's still nice to modernize a bit, but it shouldn't really be needed to force everyone to abandon 1.5-1.7 if they have a patched version in those minor releases.

On the other hand, those versions are from 2013, which means they are ancient from a Ruby perspective. I have a hard time imagining any users of this still locked on 1.5 so most users should be on 1.11 at least.

I you'd mind fixing my comment below, I'll merge this.

[Mange]

Version 3.5.0 was just released with this included.