upgrade loofah to quiet bundle-audit

loofah < 2.2.3 has a cross-site scriting vulnerability reported.[1] [1] flavorjones/loofah#154 Supermarket is not vulnerable to this. The library is being updated out of an abundance of caution and to appease the vulnerability scanner. Signed-off-by: Robb Kidd <rkidd@chef.io>
chef · Oct 31, 2018 · 03100ab · 03100ab
1 parent da2768b
commit 03100ab
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/src/supermarket/Gemfile.lock b/src/supermarket/Gemfile.lock
@@ -278,7 +278,7 @@ GEM
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
       ruby_dep (~> 1.2)
-    loofah (2.2.2)
+    loofah (2.2.3)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     lumberjack (1.0.12)

diff --git a/src/supermarket/engines/fieri/Gemfile.lock b/src/supermarket/engines/fieri/Gemfile.lock
@@ -101,7 +101,7 @@ GEM
     i18n (1.1.1)
       concurrent-ruby (~> 1.0)
     libyajl2 (1.2.0)
-    loofah (2.2.2)
+    loofah (2.2.3)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)