From 41bbe2461406e62a8ffc2c327d2f115c980811d0 Mon Sep 17 00:00:00 2001
From: Christopher Sexton <csexton@users.noreply.github.com>
Date: Fri, 16 Nov 2018 20:30:52 -0500
Subject: [PATCH] Update loofah gem

There was one CVE filed against the loofah gem, this bumps the version
from 1.8.4 to 1.8.5

[CVE-2018-16468][1]

> moderate severity
> Vulnerable versions: < 2.2.3
> Patched version: 2.2.3
>
> In the Loofah gem for Ruby, through version 2.2.2, unsanitized
> JavaScript may occur in sanitized output when a crafted SVG element is
> republished. Users are advised to upgrade to version 2.2.3.

See flavorjones/loofah#154 for more details.

[1]: https://nvd.nist.gov/vuln/detail/CVE-2018-16468
---
 rails/Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rails/Gemfile.lock b/rails/Gemfile.lock
index 6bf177666..164f66632 100644
--- a/rails/Gemfile.lock
+++ b/rails/Gemfile.lock
@@ -134,7 +134,7 @@ GEM
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
       ruby_dep (~> 1.2)
-    loofah (2.2.2)
+    loofah (2.2.3)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.0)
@@ -156,7 +156,7 @@ GEM
     multi_json (1.13.1)
     mysql2 (0.5.2)
     nio4r (2.3.1)
-    nokogiri (1.8.4)
+    nokogiri (1.8.5)
       mini_portile2 (~> 2.3.0)
     orm_adapter (0.5.0)
     plyr-rails (3.3.7)