Update loofah gem

There was one CVE filed against the loofah gem, this bumps the version from 1.8.4 to 1.8.5 [CVE-2018-16468][1] > moderate severity > Vulnerable versions: < 2.2.3 > Patched version: 2.2.3 > > In the Loofah gem for Ruby, through version 2.2.2, unsanitized > JavaScript may occur in sanitized output when a crafted SVG element is > republished. Users are advised to upgrade to version 2.2.3. See flavorjones/loofah#154 for more details. [1]: https://nvd.nist.gov/vuln/detail/CVE-2018-16468
Terrastories · Nov 17, 2018 · 41bbe24 · 41bbe24
1 parent 8426ac0
commit 41bbe24
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/rails/Gemfile.lock b/rails/Gemfile.lock
@@ -134,7 +134,7 @@ GEM
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
       ruby_dep (~> 1.2)
-    loofah (2.2.2)
+    loofah (2.2.3)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.0)
@@ -156,7 +156,7 @@ GEM
     multi_json (1.13.1)
     mysql2 (0.5.2)
     nio4r (2.3.1)
-    nokogiri (1.8.4)
+    nokogiri (1.8.5)
       mini_portile2 (~> 2.3.0)
     orm_adapter (0.5.0)
     plyr-rails (3.3.7)